Computer Security

Exploits: Summaries

• Rootshell
  Related derived collections
  • s ee kur it-ee: Largely derived, but as single list, poor-to-mediocre formating. Great list of vulnerabilities and exploits
• Fyodor's Exploit world
• Infilsec Find (Vulnerability Database
• ISS SafeSuite ^TM list (aka AppenA)
• Computer Security - Hacking and Hackers - AntiOnline
• Ulf's List

Hacking Guides

• User's Guide: Intro: Hacking step by step
  The Neophyte's Guide to Hacking, 1993 Edition, Completed on 08/28/93
• The Ultimate Beginner's Guide to Hacking and Phreaking, Volume 1, date 8/4/96 by Revelation LOA--ASH
  • HTML Version (with modified title tag): The How To Hack Manual
    Hacking Kit v2.0.b (March/97)
  • TXT Version, alt site: The Ultimate Beginner's Guide to Hacking and Phreaking by Revelation LOA--ASH
• Guide To (mostly) Harmless Hacking. Sites:
  • www.jubukie.com
  • base.kinetik.org
  • www.anet-chi.com/~dsweir
  • www.tacd.com/zines/gtmhh/
  • ra.nilenet.com/~mjl/hacks/codez.htm
  • www.ilf.net/brotherhood/index2.html
• How to hack unix from Naval Surface Warfare Center
• Good Collection of Links, especially to cracking tutorials
• Winnuke info!
• SystemExperts Corporation: Reference Material: Literature
• Network Security Profiles What Every Hacker Already Knows About You, and How They Do

Exploits: Individual

• http://www.nvg.unit.no/~asparges/HAU/System/rootkit/
• CERT Incident Notes and Vulnerability Notes
• http://www.nvg.unit.no/~asparges/HAU/System/rootkit/rootkit.README
• DNS name stealing (different from spoofing) (eg AlterNIC)
• DoS: SMURF (forged ICMP echo requests with forged requestor being broadcast address)
  • CERT Advisory CA-98-01
  • The Latest in Denial of Service Attacks: 'Smurfing': Description and Information to Minimize Effects" by Craig Huegen
  • cio.cisco.com/warp/public/707/
  • Packet Storm Security - New Files & Info
• DoS: TCP SYN Flooding
  • Defining Strategies to Protect Against TCP SYN Denial of Service Attacks (Cisco)
• DoS: UDP Diagnostic Port
  • Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks (Cisco)
• Solaris root socket descriptor bug
• Soaris lp and lpsched symlink vulnerabilities
• Solaris admintool and /usr/openwin/bin/kfcs_* tmpfile vulnerabilities
• Security problems in the lpd protocol
• A perl eval error in majordomo allows remote execution of arbitrary commands
• http://newdata.box.sk/neworder/expl/ipd_probe.txt (check)
• ftp://info.cert.org/pub/cert_advisories/CA-94:01.network.monitoring.attacks (FTP)
• CERT* Advisory CA-94.01 Ongoing Network Monitoring Attacks (html)

Recovery

• Recovering from an Incident (CERT)
• Intruder Detection Checklist (CERT)
• Root Compromise (CERT)
• UNIX configuration guidelines (CERT)

Computer Security Incident Response Teams (CSIRTs)

• Expectations for Computer Security Incident Response RFC 2350 (June 1998), Network Working Group (Category: Best Current Practice)
• NRL Incident News, esp the NRL Incident Response Manual.
• Operational Framework of CERT-NL (the CSIRT of SURFnet = network provider in the Netherlands).
• Forum of Incident Response and Security Teams (FIRST)
  • Team Info
  • European Teams: Many of the European teams, regardless of whether or not they are members of FIRST, are listed by countries on a page maintained by the German CSIRT.
  • Operational Framework
  • Guidelines for teams which want to become members of FIRST
• CERT (US)
  • Advisories
  • Reporting Form (example)
  • FAQ
• CERT-Germany
  • Annotated Bibliography and collection of links
  • Collection of docs on response from German CERT Refer to file 01-README for further information

Policy

• IETF RFC 2504: Users' Security Handbook

Tools

• Archive
• COAST Tools Archive
• Security Software index from NIH
• SATAN (FTP)
• SPI (Security Profile Inspector) of CSTC@LLNL
• Directory of CERT:/pub/tools/cops
• InterMapper FAQ's
• SunWorld Online - October - Security: Re-Tooling
• MCI's DoSTracker Program (press release) commercial product
• Internet Security Scanner v2.0
  Local cache
  • Announcement: PS (2+pp)
  • Overview: PS (1+pp)
• Deception ToolKit (DTK) Fred Cohen

Tutorials

• SystemExperts: Technical Tutorials
• CERT
  • Tech Tips (FTP dir)

Research Groups

• DARPA
  • Survivability of Large Scale Systems (LSS)
  • DARPA ITO Project Summary Collection
  • Intrusion Detection Presentations July 1997
  • Director, Defense Research and Engineering was DoD S&T FY97-FY98 Program Forum
• SRI/CSL's: Intrusion Detection Page
• CIDF
  • CISL Draft 0.7
• CRISIS project (Brian Tung): Critical Resource allocation and Intrusion response for Survivable Information Systems
• COAST (Spafford)
• UC Davis
• Index at Dartmouth
• Survivability and Vulnerability (DARPA Pgm)
• UCSD Crypto link page
• Project ASAX: Efficent Universal Audit Trail Analysis (Institut d'Informatique, Nottre-Dame de la Paix, Namur, Belgium
• UNM: A Computer Immune System

News Groups

Manufacturers

• Sun Microsystems
  Security Products Selector Guide - Solutions Tree

Companies

• Internet Security Systems, Inc.
• Sneaker World, Inc
• Consultants (and info sources)
  • Shake Communications - Experts in Information and Internet Security.

Security: by Application/Protocol

• CGI
  • CGI Security FAQ (Paul Philips)
  • CGI Security Documentation (NCSA)
• Java
  • Java Security (princeton page)
  • Java Security: Frequently Asked Questions
  • Frequently Asked Questions - Applet Security
• UNIX
  • Matt's Unix Security Page
  • UNIX System Security Preface (David Curry)
• WWW: general
  • WWW Security FAQ
  • The WWW Security FAQ
  • NCSA HTTPd: Security Concerns on the Web

News Groups and Sites

• Cipher - Newsletter of the IEEE CS TC on Security and Privacy
• NETWORK SECURITY
• alex2html of /alex/edu/cmu/cs/sp/alex/links/security
• Phrack Webpage
• PHRACK MAGAZINE UNDERGROUND ARCHIVES
• Security APL Quote Server
• Forbidden Fire
• The 2600 Magazine Home Page
• The alt.2600/#hack FAQ Introduction
• The Happy Hacker
• http://www.sun.com:80/sunworldonline/ftp/security/admin-guide-to-cracking.101
• http://www.usenix.org/events/security/index.html
• Winn Schwartau's InfoWar.Com (information warfare and INFOSEC)
  Producer of Infowar Con: Conference on Information Assurance and Information Operations for the Enterprise and the Infrastructure
• SANS HomePage (System Administration, Networking and Security) Institute/Conference series
• 8lgm
• Sneakers archive: First then enter either
  • search -> info-sec gopher server
  • browse -> info-sec gopher server -> Sneakers
• Underground Computer Society
• Computer underground Digest WWW Site (http://www.soci.niu.edu/~cudigest)
• Internet Hoaxes from CIAC
• 1996 Symposium on Security and Privacy
• Kerberos
• Kerberos Users' Frequently Asked Questions 1.12
• Internet Holes - Incident at All.Net
• Phoenix Systems Synectics Inc. Consultants on Network Design and Security, have had some interesting publications available from their Web page
• Microsoft security problems
• Dr Matrix's Underground Information Archives
• SunWorld Online - Security
• Padgett's Home Page
• CR/Hackers' Manifesto
• Article on DoD Tiger Teams (as yet unreachable)
• Directory of /pub/unix at Cyber.COM.AU - had some things that were not indexed at US sites
• Abstract of article by Dan Farmer on survey of security on 2200 computing system done in Nov-Dec 1996
• **Security FAQ template

Various

• AIS Security: collection of links from Naval Surface Warfare Center, Dahlgren Division
• An Analysis of Security Incidents on the Internet 1989-1995, John Howard, Ph.D. Thesis
• Information Warfare - Defense
• How to hack unix
• | ON Technology ONLine |
• Index of /Docs/HACK
  http://security.nswc.navy.mil/Docs/HACK/sndmail-sh/sample-session.txt

  Vorsicht, Falle!!

  Hacking Section

  Writing Safe Setuid Programs by Matt Bishop, UCDavis

  SunWorld Topical Index: Network Security

  SunWorld - Back Issues - Columns - Security

Papers: Phil

• Things that Go Bump in the Net
• A Weakness in the 4.2 BSD Unix TCP/IP Software, by Robert T. Morris (Bell Labs Paper)
• Security Problems in the TCP/IP Protocol Suite, by S. M. Bellovin (Bell Labs paper)
• Internet Security (IBM view)

Papers: Systems

• NetKuang: D. Zerkle and K. Levitt, 6th USENIX Security Symposium, San Jose, CA 1996.
• Katherine Price Thesis (COAST)

Papers: Policy

• Providing for Responsibility : Managing Network Security: 50 ways to beat your intrusion detection system by Fred Cohen
• Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, GAO Report T-AIMD-96-84, May 22, 1996 (44 pages)
  Comment: number of good quotes on problem (esp lack of training) and good open lit source for percentages of intrusions detected and reported
• Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, GAO Report T-AIMD-96-92, May 22,1996 (7 pages)
• Information Security: Computer Hacker Information Available on the Internet, GAO Report T-AIMD-96-108, June 5, 1996 (8 pages)
• Information Security: Opportunities for Improved OMB Oversight of Agency Practices, GAO Report AIMD-96-110, September 24, 1996 (48 pages)

Phreaking

• none now

Phreaking

• .Computer Virus Help Information by Henri Delger

Other hacking sites

• Rainbow moved
• no desc yet
• no desc yet
• no desc yet
• Hacker's Layer
• Hacker's Hideout
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• lOpht
• no desc yet
• underground.org
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• no desc yet
• Virus FAQ
• Wired Magazine
• Zines from ETEXT.ORG
• MGM-UA Hackers
• *****
• The Hawk's security links
• NEWORDER
• Misc.Hacking Filez
• [THC] - The Hacker's Choice - Backdoors/Rootkits
• [THC] - The Hacker's Choice - Flood/Nuke/Spoof
• THE ELITE KREW HACK PAGE
• Hacking Files
• j0lt files : hacking
• Feee Filez from the Hackerz Hideout

• agl.gatech.edu/pub
• asylum.sf.ca.us
• clark.net/pub/jcase
• ftp.armory.com/pub/user/kmartind
• ftp.armory.com/pub/user/swallow
• ftp.fc.net/pub/defcon/BBEEP
• ftp.fc.net/pub/phrack
• ftp.giga.or.at/pub/hacker
• ftp.lava.net/users/oracle
• ftp.microserve.net/ppp-pop/strata/mac
• ftp.near.net/security/archives/phrack
• ftp.netcom.com/pub/br/bradelym
• ftp.netcom.com/pub/daemon9
• ftp.netcom.com/pub/zz/zzyzx
• ftp.primenet.com/users/k/kludge

• Balkanization Working Group Presentation Notes
• Network Intrusion Detection Systems Frequently Asked Questions
• Creating a basic padded cell - SunWorld - January 1999
• Finding Evidence of Your Cracker LG #36
• Phrack
• Bugtraq archives for 1st quarter (Jan-Mar) 1999: really silly ff.core exploit for Solaris
• I-4 Home Page
• Common Criteria Project -- HomePage
• Securing Java
• Common Criteria Scheme
• COMMON CRITERIA version 2.0 -- The Full-Use Version!!
• Threats & Countermeasures
• Workshop on DB of Threats and Countermeasures
• Information Exploration Shootout
• Directory of /
• Getting Started Guide
• cDc
• NAP Reading Room
• San Diego Supercomputer Center
• Projects
• LBNL's Network Research Group
• Shake Communications - Information Security Centre
• http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt
• Finjan Software - Finjan in the Wall Street Journal
• http://www.ns2.co.uk/archive/cracker.txt
• http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt
• LBL Network Research Group Papers
• COAST Hotlist: Computer Security, Law and Privacy
• Nmap -- Stealth Port Scanner For Network Security Auditing, General Internet Exploration & Hacking
• Nmap -- Stealth Port Scanner For Network Security Auditing, General Internet Exploration & Hacking
• ftp://ftp.win.tue.nl/pub/security/index.html
• CRISIS: Work in the CIDF
• Bokler's Guide to "CRACKER" Software
• The United Council
• Issues in S and T, Fall 1998, An Electronic Pearl Harbor? Not Likely
• Microsoft Security Advisor Program
• Bugtraq archives for 2nd quarter (Apr-Jun) 1998: NFS shell
• The Unix Secure Programming FAQ - SunWorld - August 1998
• Law of Armed Conflict and Information Warfare--How Does the Rule Regarding Reprisals Apply to an Information Warfare Attack?
• Immunix: Survivability Concepts
• 1998 DARPA ITO Project Summary Collection Login
• IA PI Investigator Meeting 28 - 30 July 1998
• Open Market Software Products
• HP JetAdmin software for Solaris 2.3, 2.4, 2.5 and 2.5.1
• Jamie Andrews: Some Recent Publications
• Information Survivability Workshop 1998
• Yahoo! News Technology ZDNet Story Page
• High Technology Crime Investigation
• Title Search Results
• http://www.verisign.com/whitepaper_6/
• http://www.nswc.navy.mil/ISSEC/Docs/alt_2600.txt