SANS InfoSec Reading Room - Threats/Vulnerabilities
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 62 papers as of Aug 30, 2008
Closing Internal User Visibility and Data Governance Gaps with PacketMotion
PacketMotion - April 2008
JavaScript Hijacking
Fortify Software - August 2007
- Threat Analysis of Allowing Employee Internet Access
- Mason Pokladnik
- March 28, 2008
- - download paper

- Attack vs. Defense on an Organizational Scale
- Omar Fink
- December 11, 2007
- - download paper

- ANI vulnerability: History repeats
- Shashank Gonchigar
- October 24, 2007
- - download paper

- A System of Persistent Baseline Automated Vulnerability Scanning and Response in a Distributed University Environment
- Chet Langin
- September 18, 2007
- - download paper

- Malware Analysis: Environment Design and Artitecture
- Adrian Sanabria
- August 2, 2007
- - download paper

- Visually Assessing Possible Courses of Action for a Computer Network Incursion
- Grant Vandenberghe
- June 15, 2007
- - download paper

- A Survey of Wireless Mesh Networking Security Technology and Threats
- Anthony Gerkis
- October 18, 2006
- - download paper

- Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks
- Robert Wagner
- August 11, 2006
- - download paper

- Exploiting BlackICE When a Security Product has a Security Flaw
- Peter Gara
- July 9, 2005
- - download paper

- A Spyware Survival Toolkit
- Peter McGranaghan
- May 17, 2005
- - download paper

- What is Santy bringing you this year?
- Pieter Danhieux
- May 5, 2005
- - download paper

- Electronic Toll Collection
- Don Flint
- July 25, 2004
- - download paper

- Phishing: An Analysis of a Growing Problem
- Anthony Elledge
- July 25, 2004
- - download paper

- Risk-Eye for the IT Security Guy
- Thomas Siu
- May 2, 2004
- - download paper

- Skimming and Its Side Effects
- Nobie Cleaver
- March 9, 2004
- - download paper

- Vulnerability Management: Tools, Challenges and Best Practices
- Cathleen Brackin
- December 13, 2003
- - download paper

- Corporate Anti-Virus Protection - A Layered Approach
- Elizabeth Peyton
- November 6, 2003
- - download paper

- Managing vulnerabilities exposed by Windows services.
- James Williams
- November 6, 2003
- - download paper

- Spoofing: An Overview of Some the Current Spoofing Threats
- Neil B. Riser
- October 31, 2003
- - download paper

- Big Brother is Watching: An Update on Web Bugs
- Steve Nichols
- October 31, 2003
- - download paper

- Aspects of Biological Evolution and Their Implications for Unix Computer Security
- Michael Folsom
- October 31, 2003
- - download paper

- Kernel Rootkits
- Dino Dai Zovi
- October 31, 2003
- - download paper

- Vulnerability Assessments: The Pro-active Steps to Secure Your Organization
- Robert Boyce
- October 31, 2003
- - download paper

- An Overview of Gnutella
- Brenda L. Batkins
- October 31, 2003
- - download paper

- Cyber-stalking, Privacy Intrusion at It's Scariest
- Pamela Valentine
- October 31, 2003
- - download paper

- Unicode Vulnerability - How & Why?
- Andrew Brannan
- October 31, 2003
- - download paper

- Electromagnetic Attack: Is Your Infrastructure and Data at Risk?
- Michael B. Hayden
- October 31, 2003
- - download paper

- Defending Against Code Red II Using Symantec NetProwler and Intruder Alert, ddos
- Kenneth Donze
- October 31, 2003
- - download paper

- The Changing Face of Distributed Denial of Service Mitigation
- Justin Stephen
- October 31, 2003
- - download paper

- Instant Messaging: How Secure Is It?
- Susan Willner
- October 31, 2003
- - download paper

- Peer-to-Peer Security and Intel's Peer-to-Peer Trusted Library
- Chris McKean
- October 31, 2003
- - download paper

- Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth
- Steven H. Bass
- October 31, 2003
- - download paper

- Outsourcing and the Increased Dangers of 'Dial Up' Access
- Paul Jenkinson
- October 31, 2003
- - download paper

- Analysis of FTP Hijack
- Phong Huynh
- October 31, 2003
- - download paper

- Free InfoSec Training, Compliments of History
- Chris Bachmann
- October 31, 2003
- - download paper

- Internal Threat - Risks and Countermeasures
- Jarvis Robinson
- October 31, 2003
- - download paper

- Remote Access White Paper
- Ken Stasiak
- October 31, 2003
- - download paper

- ICMP Attacks Illustrated
- Christopher Low
- October 31, 2003
- - download paper

- Cross-Sight Scripting Vulnerabilities
- Mark Shiarla
- October 31, 2003
- - download paper

- The Instant Messaging Menace: Security Problems in the Enterprise and Some Solutions
- Dan Frase
- October 31, 2003
- - download paper

- SSL Man-in-the-Middle Attacks
- Peter Burkholder
- October 31, 2003
- - download paper

- Buffer Overflows for Dummies
- Josef Nelißen
- October 31, 2003
- - download paper

- Cyber Scam Artists: A New Kind of .con
- Robert Fried
- October 31, 2003
- - download paper

- Potential Vulnerabilities of Timbuktu Remote Control Software
- David Batz
- October 31, 2003
- - download paper

- A New Generation of File Sharing Tools
- Dan Klinedinst
- October 31, 2003
- - download paper

- Security for Online Transaction Processing in a White Label Financial Switch
- Fabian Soler
- October 31, 2003
- - download paper

- Large Scale Network Incidents - What Can We Do?
- Jay Garden
- October 31, 2003
- - download paper

- Worms as Attack Vectors: Theory, Threats, and Defenses
- Matthew Todd
- October 31, 2003
- - download paper

- Beyond Conventional Terrorism...The Cyber Assault
- Rajeev Puran
- October 31, 2003
- - download paper

- How do we define Responsible Disclosure?
- Stephen Shepherd
- October 31, 2003
- - download paper

- Introduction to IP Spoofing
- Victor Velasco
- October 31, 2003
- - download paper

- FTP and the Warez Scene
- Shelli Crocker
- October 31, 2003
- - download paper

- Vulnerability naming schemes and description languages: CVE, Bugtraq, AVDL and VulnXML
- Michael Rohse
- October 31, 2003
- - download paper

- Anatomy of an IP Fragmentation Vulnerability in Linux IPChains: Investigating Common Vulnerabilities and Exposures (CVE) Candidate Vulnerability CAN-1
- Karim Sobhi
- October 31, 2003
- - download paper

- Assessing Threats To Information Security In Financial Institutions
- Cynthia Bonnette
- October 31, 2003
- - download paper

- Printer Insecurity: Is it Really an Issue?
- Vernon Vail
- October 31, 2003
- - download paper

- Vulnerabilities &; Vulnerability Scanning
- Ken Houghton
- October 31, 2003
- - download paper

- Examining the RPC DCOM Vulnerability: Developing a Vulnerability-Exploit Cycle
- Kevin OShea
- October 31, 2003
- - download paper

- 10 Vulnerabilities a Scanner Might Not Find
- Jeffrey King
- May 12, 2003
- - download paper

- Why Bother About BIOS Security?
- Robert Allgeuer
- - download paper

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC