Aditya K Sood's (0kn0ck) Blog

Security at Stake

Me-Myself-I

Aditya K Sood
Senior Security Researcher
Vulnerability Research Labs (VRL) COSEINC

Founder, SecNiche Security

Search

Projects-

CERA- Web Research.

MLabs : Digital Intelligence.

TrioSec : Penetration Testing.

EvilFingers.

WAZ :Anti Zomb Tool.

Email Contacts.

0kn0ck Email.

Linkedin Network..

My Linkedin Profile.

IS Research Author

Elsevier Network Journal

Elsevier Computer Fraud and Security Journal

British Computer Society

Conferences.

EuSecWest
Troopers
XFocus Xcon
Xfocus XKungfoo
Owasp
Clubhack
CERT-IN

MAC Adapters Curb on SLIP/PPP : Tools Sanitization

The adapter connection over SLIP/PPP shows a problematic behavior when certain tools are used. The problem most of the tools found is getting the right adapter
info. As a result of this number of tools does not respond well. For Example :
TCP based traceroute for windows platform i.e. tracetcp. Tcptraceroute is tool
that uses TCP functionality to trace the destination on Linux. The similar
implementation is tracetcp on windows. The problem arise when this tool fails to
respond with SLIP/PPP.

Read:
http://triosec.secniche.org/concepts/slip_ppp.txt

zknk

Posted on 12/13/2007 09:04:00 AM by 0kn0ck | 0 Comments

[Whitepaper] Information Prone LDAP Garbage Dumps

The LDAP garbage dump that remains on web server results in information disclosure. Security of LDAP may be compromised, if for instance a search engine crawls through untamed directories on the web server and finds information through the ldap.xml file. This type of harvesting attack is also termed static information leveraging attack.This article provides methods for dealing with this type of attack and clarifying how to secure LDAP.The ldap.xml file, often remains on the server due to either misconfiguration or improper server administration.

More:http://secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
zknk

Posted on 12/03/2007 07:42:00 AM by 0kn0ck | 0 Comments