‘The short whitepaper below is intended to highlight security issues of devices that exist in the path between the client browser and the web server, namely: Cache servers, Load balancer, IDSs, Web Application Firewall, etc.’

‘The whitepaper explaines a technique to perform web based attacks by ‘smuggling’ HTTP requests.
HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices are between the user and the web server. This technique enables various attacks, such as web cache poisoning and bypassing web application firewall protection.‘

‘The short whitepaper below describes a technique to encode binary assembly code to printable characters. The technique described here is applicable for the x86 platform.’

‘Hacking UNIX – Second Edition is a hacking guide for absolute beginners in UNIX hacking. In total it took 3 years to write. It is meant to provide a solid introduction to the matter, and also act as a reliable reference.’

‘The article linked at this advisory presents a method to protect from SQL injection attack. The method involves using a virtual database connectivity drive as well as a special method named variable normalization to extract the basic structure of a SQL statement so that we could use that information to determine if a SQL statement is allowed to be executed. The method can be used in most scenarios and does not require changing the source code of database applications (i.e. the CGI web application). The presented method can also be used for auto-learning the allowable list of SQL statements, which makes the system very easy to setup. And since the decision of whether a SQL statement is allowed is to check if the normalized statement exists in our ready-sorted allowable list, the overhead of the system is very minimal.’

‘This paper will attempt to explain usual problems encountered when trying to exploit buffer overflows in particular contexts of the stack, and propose a method to easily solve those problems.

What do you have to know before reading?
You have to know assembly language, C language and Linux/Unix. Of course, you have to know what a buffer overflow is (we highly recommend reading [1]).’

‘The essence of HTTP Response Splitting is an attacker’s ability to send a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response. This type of vulnerability can be exploited to perform several web application based attacks.’

‘This article describes possible back-doors through different firewall architectures. However, the material can also be applied to other environments to describe how hackers cover their access to a system.’

‘The paper linked below will demonstrate methods that may be used by malware to execute code, simply by being loaded into a debugging session. This code execution occurs before the debugger passes control back to the user and therefore cannot be prevented.’

‘Operating Systems and Databases are quite similar in the architecture. Both have: Users, Processes, Jobs, Executables, Symbolic Links, etc. Therefore a database can be considered to be a kind of an operating system. If a database is a kind of operating system it should be possible to migrate operating system malware (like rootkits or viruses) to the database world. The following linked paper will try to explain how this migration can be done.’

‘This paper describes a new CS block cipher that is an extension of the original CS-Cipher. The new design inherits the efficiency of the original design while being upgraded to support a larger block size as well as use a slightly improved substitution box.’

‘Information and data transmission system security holds a place of ever-growing importance in today’s world. The expansion of the Web has provided businesses with an ideal platform for introducing and promoting their products and services.’

‘Users authenticate themselves on a Domain Controller (DC) using NTLM/NTLMv2. However the DC sometimes goes offline or the network cable is unplugged; in this situation, the Local Security Authority System Service (LSASS) uses password cache entries from the registry to perform offline logon.

This whitepaper explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft. This paper aims at:

 * Helping pentesters or security bso retrieving the password cache entries (hash value) for auditing purposes;

 * Providing more compatibility for programs that may require access to these entries without using the LSA API.’

‘This network oriented advisory explains how to fingerprint network services on a remote host. After reading this paper you will be able to circumvent the illusion given by IP masquerading that network services are hosted by a single computer.’

‘This paper describes the SDL ( Security Development Lifecycle) and discusses experience with its implementation across Microsoft software.’

‘The below linked whitepaper discusses how resource metering on the client-side, i.e. making him work to make brute forcing computationally feasible, works and the security advantages it can bring.’

‘The whitepaper linked here provides a few examples for antidebugging techniques that can be used under the Windows operating system.’

‘Over eight years have passed and almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has yet to be touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena.’

‘MySQL is not an easy database for Blind SQL Injection: it displays no errors when an UNION occurs between two columns of different type and there isn’t a way to make a query displaying errors from parameters passed inside the query itself. Many times happens that auditing the code of a PHP/MySQL application, we find an injection vulnerability that is not exploitable, because we cannot see the output or we see always an error cause the value retrieved is passed to multiple queries with a different numbers of columns before the script ends.

In those cases where we cannot see the result of the SELECT…UNION statement it would appear that the vulnerability cannot be exploit. Or is it?‘

‘A serious security flaw in Microsoft Word and Excel allows an attacker to easily decrypt a Microsoft encrypted document.

The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. However, when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is used to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered.’