References

  • "Buffer Underruns, DEP, ASLR and Improving the Exploitation Prevention Mechanisms (XPMs) on the Windows Platform." September 30, 2005. http://www.ngssoftware.com/papers/xpms.pdf

  • "CERT Advisory CA-2001-19 'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL." http://www.cert.org/advisories/CA-2001-19.html

  • "Exploiting Format String Vulnerabilities." scut@teso.org. http://doc.bughunter.net/format-string/exploit-fs.html

  • "Format String Attack." Web Application Security Consortium. http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml

  • "Format String Problem." OWASP. http://www.owasp.org/index.php/Format_string_problem

  • Bishop, Matt and David Bailey. "A Critical Analysis of Vulnerability Taxonomies." CSE-96-11, September 1996. http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-11.pdf

  • blexim. " Basic Integer Overflows ." Phrack . Issue 60, Chapter 10. http://www.phrack.org/archives/60/p60-0x0a.txt

  • Christey, Steve. "Off-by-One Errors: A Brief Explanation." Secprog and SC-L mailing list posts, May 5, 2004

  • Flake, Halvar. "Third Generation Exploits." Presentation at Black Hat Europe 2001. http://www.blackhat.com/presentations/bh-europe-01/halvar-flake/bh-europe-01-halvarfl ake.ppt

  • Franz, Matt. "Fuzzing wiki." http://www.scadasec.net/secwiki/FuzzingTools

  • Howard, Michael. "Reviewing Code for Integer Manipulation Vulnerabilities." http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure04102003.asp

  • Howard, Michael. "When Scrubbing Secrets in Memory Doesn't Work." Bugtraq, November 5, 2002. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp

  • McGraw, Gary and Greg Hoglund. Exploiting Software: How to Break Code . Boston: Addison Wesley, 2004

  • Newsham, Tim. "Format String Attacks." Guardent. September 2000. http://www.lava.net/~newsham/format-string-attacks.pdf

  • PLOVER. Mitre. http://www.cve.mitre.org/docs/plover/

  • Wagner, Joseph. "GNU GCC: Optimizer Removes Code Necessary for Security." Bugtraq, November 16, 2002. http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-11/0257.html



Hacking Exposed VoIP. Voice Over IP Security Secrets & Solutions
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
ISBN: 0072263644
EAN: 2147483647
Year: 2004
Pages: 158

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net