devast.com

Technology

FreeBSD / Unix
Network Security
Programming
TCP/IP
VoIP

Art / Entertainment

Guitar
Blackjack
Travel

Science

Physics

Business

Books

Stuff

Tools
Weblog
About

home

security

Currently researching:

• Remote ICMP fingerprinting techniques. I've found most fingerprinting signature libraries, in particular the largest being NMAP are light on ICMP signatures. This is mostly likely due to the fact that you have a limited set a variables with ICMP and can get much more detail from TCP traffic. The problem I am addressing is that protected devices are usually difficult to get TCP traffic from, but sometimes will give you a bit of ICMP traffic by observing TTLs, etc.
• Have some vague ideas on Snort/Nessus/Ettercap/Squid correlation. But who doesn't, and who cares.

Random Thoughts:

• DEFCON CTF - I've always thought it a drag that they couldn't add wireless hacking into the game. Basic problem is you can't physically restrict the non-players from interfering with the wireless network. Then I thought about it. Shared coaxial segment. Everyone brings their dongles for their favorite WiFi cards. Simulated air!

Format string hacking, buffer overflows & related

• The art of building format strings - FMTBUILDER-Howto version 0.3
• Introduction to Reverse Engineering Software in Linux
• uncc - C Decompiler
• Format String Attacks - by Tim Newsham < tim.newsham@guardent.com >, Guardent Inc.
• linux x86 shellcode setreuid(0,0); execve /bin/sh; exit;
• The Mystery of Format String Exploitation
• REC - Reverse Engineering Compiler
• Some notes from prequal
• Format String Attacks PDF
• Root Fu 2004 Qualifications summary - and Spoonm's commentary

Web hacking & related

• Penetration Testing for Web Applications (Part One) - From SF
• Penetration Testing for Web Applications (Part Two) - From SF
• How to spoof HTTP_Referer
• Akamai's Network Defense Strategy, postgame
• Secure Login by MD5 Hashing in JavaScript

Cool software etc to checkout:

• The Spinning Cube of Potential Doom - And /. article
• Rootwars
• NGSEC Games - And solutions for game 1
• SoftICE

Links:

• Ghetto Hackers Root Fu
• Ryanspc.com - Exploit list
• Phrack - Good readin' mmm yup
• Foundstone
• LayerOne - Dan the man is talking this year
• WEP Strong Key Generator - For those who can't convert ASCII into HEX in their heads
• Pics from Cyperpunk Wargames
• /. Packetto Keiretsu 1.0 Article
• Linkcat 1.0 Demo
• thebroken, hacking videozine - I have yet to check this out, looks kinda weak
• The Spinning Cube of Potential Doom
• Bro: A System for Detecting Network Intruders in Real-Time
• Massive list of default passwords