Techniques for hacking systems.
|
A Beginners Guide to Hacking Un*x |
|
A Glossary of Computer Security Terms |
|
A NAP/PA file about VAX/VMS machines |
|
A Strict Anomoly Detection Model for Intrusion Detection Systems |
by sasha / beetle |
| The base-rate fallacy is one of the cornerstones of Bayesian statistics, stemming from Bayes theorem that describes the relationship between a conditional probability and its opposite, i.e. with the condition transposed. |
|
A Un*x tutorial part 1 |
|
A Un*x tutorial part 2 |
|
A beginning guide to help you hack unix systems. E |
|
A companion to VaxBuster's phile in Phrack 41 |
|
A few Unix password hackers |
|
A hint for the 555 account on AOL |
|
A letter from the national computer systems laboratory |
|
A text file for newbies... |
|
Advanced Host Detection: Techniques To Validate Host-Connectivity |
by dethy |
| Security Engineers spend a tireless amount of effort to block and filter packet anomalies in an internetwork connected environment. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown firewalled hosts. |
|
Advanced VMS hacking |
|
All about VAX/VMS |
|
An Architectural Overview of UNIX Network Security |
|
An in- depth guide to hacking UNIX and the concept |
|
An introduction to UNIX - Kernighan |
|
Analysis Techniques for Detecting Coordinated Attacks and Probes |
by John Green , David Marchette and Stephen Northcutt |
| Coordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are provided. |
|
Analysis of SSH crc32 Compensation Attack Detector Exploit |
by David A. Dittrich |
| Once in the system, a series of operating system commands were replaced with trojan horses to provide back doors for later entry and to conceal the presence of the intruders in the system. A second SSH server was run on a high numbered port (39999/tcp). |
|
Another vulnerability of early ATM's |
|
Audio Distribution System Hacking |
|
Backdooring Binary Objects |
by klog |
| Weakening a system in order to keep control over it (or simply to alter some of its functionality) has been detailed in many other papers. From userland code modification to trojan kernel code, most of the common backdooring techniques are either too dirty, or just not portable enough. |
|
Beginner's guide to hacking VAX Systems |
|
Best guide to hacking by neophyte |
|
Bibliography Computer Security Reports |
|
Bibliography of Computer Security Articles |
|
Bibliography of Computer Security Manuals |
|
Bibliography of Computer Security Periodicals |
|
Bibliography of Guidelines |
|
Bibliography of Technical Papers on Computer Security |
|
Bibliography of computer security documents |
|
Biliography of computer security articles |
|
Bill Wall's List of Computer Hacker Incidents |
by Bill Wall |
| Hacker incidents from 1961 - 2001! |
|
Bugs for Windows NT |
|
Cards and the Networks - Very helpful |
|
Changing Your Grades |
by Aaron Winters |
| How to hack your school and change your grades quickly, quietly, and without a trace. Sometimes. |
|
Common Gateway Interface (CGI) Security, Part 1 |
|
Common Gateway Interface (CGI) Security, Part 2 |
|
Common Gateway Interface (CGI) Security, Part 3 |
|
Common Gateway Interface (CGI) Security, Part 4 |
|
Common Gateway Interface (CGI) Security, Part 5 |
|
Common Gateway Interface (CGI) Security, Part 6 |
|
Common UNIX System Configurations That Can Be Expl |
|
Computer Security Organizations |
|
Computer Security by E.A.Bedwell |
|
Computer Users's Guide to the Protection of Information |
|
Computer jargon |
|
Computer security planning |
|
Computer system ID and password security alert |
|
Custom Local Area Signalling Services |
|
Default Logins & P/W's for VAX |
|
Default Un*x account |
|
Default Unix passwords |
|
Defeating Forensic Analysis on Unix |
by the grugq |
| To facilitate a useful discussion of anti-forensic strategies it is
important that the reader possess certain background information. In
particular, the understanding of anti-forensic file system sanitization
requires the comprehension of basic Unix file system organisation. And, of
course, the understanding of any anti-forensic theory demands at least a
rudimentary grasp of digital forensic methodology and practise. |
|
Defeating Sniffers and Intrusion Detection Systems |
by horizon |
| The purpose of this article is to demonstrate some techniques that can be used to defeat sniffers and intrusion detection systems. This article focuses
mainly on confusing your average "hacker" sniffer, with some rough coverage of Intrusion Detection Systems (IDS). |
|
Defeating Solaris/SPARC Non-Executable Stack Protection |
by Horizon |
| I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexec_user_stack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described previously on this list. Specifically, I have had success in adapting the return into libc methods introduced by Solar Designer and Nergal to Solaris/SPARC. |
|
Defense Information Infrastructure Common Operatin |
|
Denial Of Service Attacks |
by Hans Husman |
| Denial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. |
|
DoD Common Messaging System |
|
DoD Information Security Program, Jan 1997 |
|
DoD Password Management Guideline (CSC- STD- 002- 85: The Green B |
|
DoD Required Operational Messaging Characteristics |
|
DoD SEIWG- 012 Mag- Stripe Encoding, A Plain Languag |
|
DoD Secure Data Network System's Message Security |
|
Evading Intrusion Detection |
by Seclabs |
| There are many different ways in which network traffic can be obtained by a network intrusion detection system (IDS). This document demonstrates that one class of network IDS, which relies on passive network packet capture (commonly referred to as ?sniffing?), is fundamentally flawed. We show that sniffer-based IDS is, as a technology, immature, and thus cannot be relied upon for network security. |
|
Examples of Computer Intrusion at the Naval Surfac |
|
Explanation of ENA and computer conferencing |
|
FORTEZZA File Protection (National Security Agency |
|
File on hacking Unix System V's |
|
Franken Gibe's Unix Command Bible |
|
General TRW Information |
|
Generally Accepted System Security Principles (GASSP) |
|
Getting Admin |
by Cra58cker |
| This guide will list all the possible ways there is to get Admin access when you have physical access to a Windows NT Machine! A must Read to all the Hackers\Crackers\Administrators. |
|
Getting better access on any UNIX system |
|
Goverment Open Systems Interconnection Profile (GOSIP) |
|
Guidance to Federal Agencies on the use of Trusted |
|
Guide to RSTS |
|
HP- UX Trusted Operating System Random Man page |
|
Hacker Journeys Through NASA's Secret World |
| While tripping through NASAs most sensitive computer files, Ricky Wittman suddenly realized he was in trouble. Big trouble. |
|
Hackers handbook |
|
Hacking ATM's |
|
Hacking Chilton Corporation Credit |
|
Hacking Directories #1 |
|
Hacking Directories #2 |
|
Hacking Directories #3 |
|
Hacking Directories #4 |
|
Hacking Rite Aid Healthnotes Computers |
by Omega Red |
| Wanna learn about health? Or shutdown Rite Aid computers? You can do both on a little trip to Rite Aid and with this tiny article. |
|
Hacking UNIX - Jester Sluggo |
|
Hacking UNIX and VAX |
|
Hacking UNIX on a VAX |
|
Hacking VAX's & Unix |
|
Hacking Webpages |
by Scrocklez Kilor |
| How to get into a webpages with a guiding methode and one of the easiest ways of getting superuser access through anonymous ftp access into a webpage. First you need learn a little about the password file. |
|
Hacking Windows Users |
by protonigger |
| A comprehensive guide to remotely exploiting Windows home users. |
|
Hacking credit card codes |
|
Hacking passwords |
|
Hacking techniques - from Out Of The Inner Circle |
|
Hacking the vax - commands & default pws |
|
Hacking tutorial |
|
Hacking with Windows |
by OzScarecrow |
| This is a very easy method to hack using Windows. |
|
Hacking your school |
by Timmeh |
| Have you ever dreamed of gaining total control of your school's computers? Now you can. I have tested this out so don't worry - it WILL work. I thought I should share this with all of you. All I can say is - HAVE FUN!!! |
|
Hardening Windows NT Workstation |
| Edit your registry and make it much harder for hackers to crack into your Windows NT Workstation system. |
|
Holding On To Root |
by Anonymous |
| This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike. |
|
Holding onto Root Access Once You Get It |
|
How Hackers Do What They Do (DoD) |
|
How Mitnick Hacked Tsutomu Shimomura with an IP Sequence Attack |
by Tsutomu Shimomura |
| Two different attack mechanisms were used. IP source address spoofing and
TCP sequence number prediction were used to gain initial access to a
diskless workstation being used mostly as an X terminal. After root access
had been obtained, an existing connection to another system was hijacked by
means of a loadable kernel STREAMS module. |
|
How to Break Into Email Accounts |
by protonigger |
| A comprehensive guide to an all-to-commonly asked question. |
|
How to Hack a Hotmail Account |
by Richard "Terminalkillah" Evans |
| To hack a hotmail account (well it isnt really hacking) download the trojan Sub7 send your victim (preferably your buddy's) the sub7 server with some lame exuse that it's porn or something. Make sure they install it. |
|
How to Hack into VAX |
|
How to Make alt. Newsgroups and Get Sysadmins to Carry Them |
|
How to defeat security |
|
How to dial out on the modem of a Unix system |
|
How useful ARE longer passwords? |
|
Info about pagers |
|
Info on /dev/nit |
|
Info on Dynamic Password Cards (Smartcards) |
|
Internet FAQ: WWW, MUDs, Gophers, FTP, Finger, Etc |
|
Interpreting Network Traffic: A Network Intrusion Detector's Look |
by Richard Bejtlich |
| While the interpretation techniques explained here are pertinent to activity logged by a NIDS or firewall, I approach the subject from the NIDS angle. This my favorite subject, and I present this data with a warning: know the inner workings of your NIDS, or suffer frequent false positives and false conclusions. |
|
Introduction to VMS |
|
Intrustion Detection Project (DoD) |
|
List of all unix commands from Unix System V |
|
Loads of great technical information on ATM cards |
|
Local Area Detection of Incoming War Dial Activity |
by Dan Powell, Steve Schuster |
| Cracker attack plans often include attempts to gain access to target local computing and networking resources via war dialed entry around firewall-protected gateways. This paper describes two methods for organizations to reduce this risk in environments where removal of unknown modems is not feasible. |
|
Magnetic Stripe Technology and Beyond |
|
Mail Server Attack |
by Explicit |
| This is a little theory i have devloped and started to test but never followed through with attacking e-mail servers. |
|
Management Guide to the Protection of Information |
|
Management Guide to the Protection of Information Resources |
|
Microsoft Passport Account Hijack Attack |
by Obscure |
| To steal the session cookie, there are three methods. In this paper I discuss the third option: Fooling the System. |
|
Much information on ATMs and PIN security |
|
Multilevel Security in the Department of the Defen |
|
NARC's guide to UNIX |
|
NCSA Draft Security Policy |
|
NCSA Policy Concerning Secuity Product Reviews |
|
NCSL Bulletin: Bibliography of computer security glossaries |
|
NCSL Bulletin: Review of Federal Agency computer security |
|
NFS Tracing by Passive Network Monitoring, 1992 |
|
NSA's ORANGE book on trusted computer systems |
|
NTIS catalog of computer security products |
|
Naval Surface Warfare Center AIS FAQ |
|
Naval Surface Warfare Center AIS Security Domain E |
|
Naval Surface Warfare Center's Risk Assesment Form |
|
Naval Surface Warfare Center's Risk Assesment Form |
|
Navy's Computer Incident Response Guidebook for In |
|
NeXT Security Bugs |
|
NetBIOS Hacking |
by XeNobiTe |
| This tutorial will explain how to connect to a remote computer which has file and print sharing on. (Windows 9x/ME) |
|
Operations Security (OPSEC): The Basics |
|
Packet Stealing with bind |
|
Paper on Internet Security Attacks (Spoofing), 199 |
|
Password Cracking Using Focused Dictionaries |
by Paul Bobby |
| Can the chances of cracking an individual?s password be improved by using a more focused dictionary? This dictionary would contain words and information that have a specific relationship to the owner of the targeted password. |
|
Playing Hide and Seek, Unix style |
by Phreak Accident |
| A "how-to" in successfully hiding and removing your electronic footprints
while gaining unauthorized access to someone else's computer system (Unix in this case). |
|
Professor Falken's Guide to Code Hacking |
|
Psycho- Social Factors in the Implementation of Inf |
|
RSTS Basic information |
|
RSTS Hacking |
|
RSTS Programming |
|
RSTS commands |
|
RSTS hacking |
|
RSTSE Hacking (DEC) |
|
Recovering from a UNIX Root Compromise |
|
Reduce Net Zero to Zero |
by Anonymous |
| How to get rid of that annoying Net Z banner and gain a couple kb/s. |
|
Remotely snarf yppasswd files |
|
Security Guidelines for Goverment Employees |
|
Signs That Your System Might Have Been Compromised |
|
Simple Active Attack Against TCP |
by Laurent Joncheray |
| Passive attacks using sniffers are becoming more and more frequent on the Internet. The attacker obtains a user id and password that allows him to logon as that user. In order to prevent such attacks people have been using identification schemes such as one-time password [skey] or ticketing identification [kerberos]. |
|
Site Security Handbook |
|
Sniffin' the Ether |
by Alaric |
| A sniffer is a program that puts a NIC (Network Interface Card), also known as an Ethernet card, (one of the necessary pieces of hardware to physically connect computers together) into what is known as promiscuous mode. Once the network card is set to this mode, it will give the sniffer program the ability to capture packets being transmitted over the network. |
|
So you want to be a UNIX wizard? |
|
Still MORE info on TRW |
|
TCP/UDP Logfile Analysis: Overview of the Scripts |
|
TRW Code Information |
|
TRW Definiftions |
|
TRW Info |
|
Tactical Radio Frequency Communication Requirments |
|
Take your laptop on the road - portable hacking |
|
Technical Hacking |
|
Technical Hacking Manual |
|
Technical Hacking: Part One |
|
Techniques Adopted by 'System Crackers' |
by FIST |
| Usually corporate networks are not designed and implemented with security in mind, merely functionality and efficiency, although this is good from a business standpoint in the short-term, security problems usually arise later, which can cost millions to solve in larger environments. |
|
The #HACK FAQ |
|
The Art of Rootkits |
by Cra58cker |
| This T-file will teach you about Application and Kernel based rootkits. Highly recommended for the beginners are advance *nix users. Have Phun! |
|
The Basics of Hacking 3: Data |
|
The Best beginners guide VMS |
|
The Escapades of Captain Midnight |
| It started out as just another Saturday. April 26, 1986. John R.
MacDougall, 25, spent the day alone at his satellite TV dealership in Ocala,
Florida, waiting for customers who never came. "It was," he says, "a normal
day in the doldrums of the satellite TV industry." But that night, MacDougall,
5 feet 11, 225 pounds, and prone to nervously running his fingers through his
reddish blond hair and adjusting his glasses, would transform into Captain
Midnight and set the world of satellite television spinning.
|
|
The Ethics of Hacking |
|
The Ethics of Information Warfare and Statecraft |
by Dan Kuehl |
| What constitutes an "act of war" in the "information age. This is a question that most members of the "IW community" have wrestled with, and it's a question that places one squarely on the horns of a dilemma: if you cannot easily answer whether an act belongs to the legal codes of war or peace, how can you make a determination of the act's ethical status? |
|
The Hacker's League |
|
The NCSA Draft Security Policy for Organizations |
|
The Navy's Fleet Network Operating System (NOS) |
|
The Social Organization of the Computer Undergroun |
|
The Strange Tale of the Attacks Against GRC.COM |
by Steve Gibson |
| Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet. I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers. |
|
The Wonderful World of Pagers |
by Erik Bloodaxe |
| Screaming through the electromagnet swamp we live in are hundreds of thousands of messages of varying degrees of importance. Doctors, police, corporate executives, housewives and drug dealers all find themselves constantly trapped at the mercy of a teeny little box: the pager. |
|
The basics of CBI |
|
UNIX IP Stack Tuning Guide v2.7 |
by Rob Thomas |
| The purpose of this document is to strengthen the UNIX IP stack against a variety of attack types prevalent on the Internet today. This document details the settings recommended for UNIX servers designed to provide network intensive services such as HTTP or routing (firewall services). |
|
UNIX Security by David A. Curry, SRI International |
|
UNIX System Administrator Responsibilities (Navy R |
|
UNIX Trojan Horses |
|
US Military to Target APC in "Netwar"? |
by Chris Bailey |
| A study prepared for the US military on what they call "Netwar" concludes that they must center attention on countering the activities of NGOs using Internet communication. |
|
Unix Myths |
|
Unix Security Holes |
|
Unix System Security Issues |
|
ZZZ |
|
ZZZZZ |