Tuesday, 29 May 2012

Final Year and Links

I know it has been ages since I wrote the last time but finishing university kept me extremely busy. Speaking of which, I should soon publish my dissertation and then I will post a link to it.

While still on the topic of university, I have published some of the essays/reports that I wrote while studying at University of Derby. One can probably notice that with time they started improving therefore if you are going to read anything, I highly recommend you start from the latest ones. The details of each of them are available on my LinkedIn profile.

This is a list of them:

I have also came across two fascinating articles that I would like to share.

The first one is regarding creation of a "stealth web shell". The idea is to use some of the features provided by Apache, particularly '.htaccess' file, and by redirecting seemingly innocent queries to an image file, the server will process them as if they were shell commands without leaving any trace in the logs. I have to admit, it is very neat!

The second article discusses poorly known feature of Windows 2008, namely Group Policy Preferences, which under certain conditions lets any authenticated user to recover plain-text passwords of some other users;  potentially leading to privilege escalation. I particularly cherish the wide view on the problem, that is, introduction for people unfamiliar with GPP, use of third party tools like WireShark and APIMonitor, and development of scripts in Python, which take advantage of this weakness. Definitely a great read!

No comments:

Post a Comment