|
|
Call for papers SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: editor@securityfocus.com 
Evading NIDS, revisitedThis article looks at some of the most popular IDS evasion attack techniques, based on fragmentation or using the TTL field. Snort's configuration and response to these attacks will also be discussed. 2005-12-06 http://www.securityfocus.com/infocus/1852
Cisco SNMP configuration attack with a GRE tunnel2005-09-16 http://www.securityfocus.com/infocus/1847
WEP: Dead Again, Part 2Part two of the WEP cracking series shows how active attacks can dramatically increase the rate of packet collection and speed up statistical attacks. 2005-03-08 http://www.securityfocus.com/infocus/1824
Penetration Testing IPsec VPNsThis article discusses a methodology to assess the security posture of an organization's IPsec based VPN architecture. 2005-02-09 http://www.securityfocus.com/infocus/1821
Blind Buffer Overflows In ISAPI ExtensionsThis paper will outline the risks ISAPI Extensions pose and how they can be exploited by third parties without any binary exposure or knowledge using blind stack overflows. This method can enable remote code execution in proprietary and third party applications. 2005-01-25 http://www.securityfocus.com/infocus/1819
WEP: Dead Again, Part 1This article is the first of a two-part series that looks at the new generation of WEP cracking tools for WiFi networks, which offer dramatically faster speeds for penetration testers over the previous generation of tools. In many cases, a WEP key can be determined in seconds or minutes. 2004-12-14 http://www.securityfocus.com/infocus/1814
Metasploit Framework, Part 3This third and final article in the Metasploit series covers the msfcli scripting interface as well as the intuitive web interface to the Framework. The article also discusses what's new with version 2.2, and then introduces the exploit development process through an example. 2004-09-14 http://www.securityfocus.com/infocus/1800
Using LibwhiskerThis article discusses the use of Libwhisker, a PERL module which allows for the creation of custom HTTP packets and can be used for penetration testing various web applications. 2004-08-24 http://www.securityfocus.com/infocus/1798
Data Driven Attacks Using HTTP TunnelingIn this article we will look at a means to bypass the access control restrictions of a company's router or firewall. This information is intended to provide help for those who are legitimately testing the security of a network (whether they are in-house expertise or outside consultants). 2004-08-02 http://www.securityfocus.com/infocus/1793
Wireless Attacks and Penetration Testing (part 3 of 3)This third and final part of the wireless pen-test series looks at how to mitigate the security risks outlined in the previous articles, and then looks at some proposed solutions currently in front of the IETF. 2004-07-26 http://www.securityfocus.com/infocus/1792 |
|
Privacy Statement |