Two new white papersFrom: David Litchfield (david@NEXTGENSS.COM)
- Previous message: David Litchfield: "Considerations for IIS Authentication (#NISR05032002C)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Mar 2002 18:18:16 -0000 From: David Litchfield <david@NEXTGENSS.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I've written two white papers for anyone interested.
One discusses non-stack based buffer overflow exploitation on the
Windows platform. These are easier to write than traditional stack based
exploits that require the writer to know at least a bit of assembly -
non-stack exploits don't. I reckon that as time goes on and as more
products become available to prevent stack based exploits on the Windows
platform their non-stack alternatives will become considerably more
The second paper pertains to remotely assessing the configuration of
Microsoft's IIS web service. Show's how to "read" server responses and
interpret what they mean and what can be inferred about the remote
These papers and more are available from the NGSSoftware website