Two new white papers

From: David Litchfield (david@NEXTGENSS.COM)
Date: 03/05/02


Date:         Tue, 5 Mar 2002 18:18:16 -0000
From: David Litchfield <david@NEXTGENSS.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Howdy,
I've written two white papers for anyone interested.

One discusses non-stack based buffer overflow exploitation on the
Windows platform. These are easier to write than traditional stack based
exploits that require the writer to know at least a bit of assembly -
non-stack exploits don't. I reckon that as time goes on and as more
products become available to prevent stack based exploits on the Windows
platform their non-stack alternatives will become considerably more
common.

The second paper pertains to remotely assessing the configuration of
Microsoft's IIS web service. Show's how to "read" server responses and
interpret what they mean and what can be inferred about the remote
system's configuration.

These papers and more are available from the NGSSoftware website
research section:

http://www.ngssoftware.com/research.html

Cheers,
David Litchfield