|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Litchfield (david
nextgenss.com)Date: Tue Mar 05 2002 - 12:18:16 CST
Howdy,
I've written two white papers for anyone interested.
One discusses non-stack based buffer overflow exploitation on the
Windows platform. These are easier to write than traditional stack based
exploits that require the writer to know at least a bit of assembly -
non-stack exploits don't. I reckon that as time goes on and as more
products become available to prevent stack based exploits on the Windows
platform their non-stack alternatives will become considerably more
common.
The second paper pertains to remotely assessing the configuration of
Microsoft's IIS web service. Show's how to "read" server responses and
interpret what they mean and what can be inferred about the remote
system's configuration.
These papers and more are available from the NGSSoftware website
research section:
http://www.ngssoftware.com/research.html
Cheers,
David Litchfield
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]