ANTICHAT - A collection of security books and tutorials.

ANTICHAT (https://forum.antichat.xyz/index.php)

- Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)

- - A collection of security books and tutorials. (https://forum.antichat.xyz/showthread.php?t=17377)

Mark D. Spivey, CISSP - Practical hacking techniques and countermeasures

http://i008.radikal.ru/0711/4d/0a731beeb830.jpg

Released: 2007
By: Mark D. Spivey, CISSP
Genre: Hacking/Defence
Published by: Auerbach Publications
Format: PDF
Quality: eBook (initially PC-quality)
Quantity of pages: 752
Language: English

Description: Recommended for network administrators.
Contents:
Preparation
Banner Identification
Target Enumeration
Scanning
Sniffng Traffc
Spoofing
Brute Force
Vulnerability Scanning
Wireless
Redirection
Denial-of-Service (DoS)
Appendix A: References
Appendix B: Tool Syntax
Index
--------------------------
Size: 72 МБ

Download:
http://v3n.0x7.net/books/ENG/hacking/practical_hacking_techniques_and_countermeasures.r ar

or from Deposit
http://depositfiles.com/files/2270756

Attacking the Windows Kernel

Цитата:

Contents
1 Introduction 1
2 Attack vectors 2
2.1 Directly from user mode 2
2.2 Public APIs 3
2.3 Undocumented APIs 3
2.4 Architectural flaws 4
2.5 Bugs and their exploitation 4
2.6 Subverting operating system initialization 6
2.7 Modifying kernel modules on disk 6
2.8 Hardware 6
3 Tools for the job 8
3.1 Static analysis 8
3.2 Dynamic analysis 9
4 Defensive measures 12
5 Further work 13
5.1 Fuzzing 13
5.2 Automated bug finding 14
5.3 Virtualization 14
6 Conclusion 15
7 References 16
Appendices
A NT kernel architecture 18
A.1 Terminology 18
A.2 Hardware based protection 18
A.3 Operating system memory layout and management 20
A.4 Public kernel interfaces 21
B CDFS driver disassembly 27
C Real world examples 32
4.1 The NT kernel compression library 32
4.2 Unvalidated structure initialization 34
4.3 An architectural flaw 35
4.4 Trusting user input 37

An NGSSoftware Insight Security Research (NISR) Publication
©2007 Next Generation Security Software Ltd

Download:

http://rapidshare.com/files/75646723...ernel.pdf.html

Advanced JavaScript, 3rd Edition

http://www.wordware.com/Merchant2/gr...-033-0-001.jpg

Цитата:

Publisher: Wordware Publishing, Inc. | 2007-11-25 | ISBN 1598220330 | Pages: 616 | PDF | 3.4 MB

Advanced JavaScript 3rd Edition is an in-depth examination of the most important features of JavaScript. The book assumes readers have a basic understanding of web development, but includes a review of JavaScript fundamentals in Chapters 1 through 3. This book gives the reader a comprehensive look at the fundamentals of JavaScript by examining objects, arrays, date and time functions, math, and all the essentials that are needed for complex yet robust JavaScript scripts. Topics are thoroughly examined with several complete examples.

Download:

http://rapidshare.com/files/76375488...cript.rar.html

Hacker's Black Book

Цитата:

This unique hacker report is NOT available in any bookstore. And you’ll find nothing similiar Easy to understand with many examples. Every day you hear in the daily news about hackers, virus, worms and trojans, SUB7, TCP, IP, PING, spoofing, sniffing, DDOS attacks, …? And you don’t know exactly what it is and how hackers do that. Don’t rest a “lamer”, Hacker’s Blackbook let’s you know and discovers many secrets.

Incredible how easy hacking and cracking is! The book shows how simple you can use these programs. Scary? Sure, you must be carefull. The ONLINE READERS AREA and the CD-ROM helps and provides “clean” files.
Tipp: Never download files from sites you don’t know. Hiding adware, spyware and trojans in free download files is actually a big problem.

- Trick of the internet gurus.
- Hackers survival guide
- Hacking for dummies 2
- Hacking into computer systems
- Maximum security - A hacker's guide

http://pixhost.eu/avaxhome/share/img...lackbook_1.jpg

Download:

http://rapidshare.com/files/76376155..._Book.rar.html

Electronic Crime Scene Investigation

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

This Guide can be found here:

http://www.ncjrs.gov/pdffiles1/nij/219941.pdf

A Low-cost Attack on a Microsoft CAPTCHA

A Low-cost Attack on a Microsoft CAPTCHA

Цитата:

1. Introduction
A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans
Apart) is a program that generates and grades tests that are human solvable, but intends to be
beyond the capabilities of current computer programs [1]. This technology is now almost a
standard security mechanism for defending against undesirable or malicious Internet bot
programs, such as those spreading junk emails and those grabbing thousands of free email
accounts instantly. It has found widespread application on numerous commercial web sites
including Google, Yahoo, and Microsoft’s MSN.
The most widely used CAPTCHAs are the so-called text-based schemes, which rely on
sophisticated distortion of text images aimed at rendering them unrecognisable to the state of
the art of pattern recognition programs. The popularity of such schemes is due to the fact that
they have many advantages [ 4], for example, being intuitive to users world-wide (the user
task performed being just character recognition), having little localization issues (people in
different countries all recognise Roman characters), and of good potential to provide strong
security (e.g. the space a brute force attack has to search can be huge, if the scheme is
properly designed).
A good CAPTCHA must be not only human friendly, but also robust enough to resist to
computer programs that attackers write to automatically pass CAPTCHA tests (or challenges).
Early research suggested that computers are very good at recognising single characters, even
if these characters are highly distorted [6]. Table 1 shows characters under typical distortions,.

And this one can be found here:

http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.pdf

Here are also a good source of ebooks called :

h__p://w*w.b213.net/index.php?num=0
h__p://flazx.com
h__p://freebooksource.com/

Extended HTML Form Attack

Extended HTML Form Attack

Summary of the attack

A new Cross Site Scripting attack which effects (at least) major browsers Internet Explorer and Opera. This one makes use of forms targeted at non-HTTP services. This paper covers the following points:

- A short description of the original HTML Form Attack paper
- An introduction to Cross site scripting
- Displaying HTML content from non-HTML supporting services (echo, smtp etc)
- How attackers can exploit this issue - finding vulnerable servers
- Solutions to the problem described.

Download Paper:

http://eyeonsecurity.org/papers/extendedform.pdf

Microsoft SQL Server Black Book

Microsoft SQL Server Black Book: The Database Designer’s and Administrator’s Essential Guide to Setting Up Efficient Client-Server Tasks with SQL Server

http://i.biblio.com/z/490/101/9781576101490.jpg

Download:

http://rapidshare.com/files/13043168...Black_Book.rar

Lateral SQL Injection

Lateral SQL Injection:A New Class of Vulnerability in Oracle

Цитата:

Essentially the paper details a way in which the attacker can manipulate the
environment to trick an Oracle database into using arbitrary SQL in DATE
functions and data.

The paper can be found here:

http://www.databasesecurity.com/dbse...-injection.pdf