White papers - the latest thinking from NGS

The NGSSoftware Insight Security Research team (NISR) have distilled their extensive experience in the field of software security into a catalogue of detailed papers exploring technical skills development and threat dissection.

The papers listed below are provided free of charge and we always welcome intelligent feedback on their contents. The following papers are divided into the following categories: NISR papers, Business Whitepapers and Papers written by NISR team members prior to joining NGSSoftware.

Please note that you will need the latest version of Adobe Reader to view these papers.

NISR papers

16/08/07 Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle
Recycle Bin
10/08/07 Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
06/08/07 Attacking the Windows Kernel (Black Hat Las Vegas 2007)
06/08/07 Hacking the Extensible Firmware Interface (Black Hat Las Vegas 2007)
06/08/07 VoIP Security: Methodology and Results (Black Hat Las Vegas 2007)
10/07/07 DNS Pinning and Web Proxies
19/06/07 A Simple and Practical Approach to Input Validation
20/04/07 Oracle Forensics Part 4: Live Response
27/03/07 Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication
Mechanism
24/03/07 Oracle Forensics Part 2: Locating Dropped Objects
21/03/07 Oracle Forensics Part 1: Dissecting the Redo Logs
05/03/07 Inter-Protocol Exploitation
28/02/07 Advanced Exploitation of Oracle PL/SQL Flaws (Black Hat Washington 2007)
28/02/07 Firmware Rootkits: The Threat to the Enterprise (Black Hat Washington 2007)
06/02/07 Weak Randomness
15/01/07 Oracle Passwords and OraBrute
23/11/06 Dangling Cursor Snarfing - A new class of attack in Oracle
21/11/06 Microsoft's SQL Server vs. Oracle's RDBMS
15/11/06 Implementing and Detecting a PCI Rootkit
13/09/06 Inter-Protocol Communication
12/09/06 Low Cost Attacks on Smart Cards - The Electromagnetic Side-Channel
16/11/05 Database Servers on Windows XP and the Unintended Consequences of Simple
File Sharing
08/11/05 Securing PL/SQL Applications with DBMS_ASSERT
30/09/05 Buffer Underruns, DEP, ASLR and Improving the Exploitation Prevention
Mechanisms (XPMs) on the Windows Platform
30/09/05 Data-Mining With SQL Injection and Inference
19/09/05 Writing Small Shellcode
25/08/05 An Introduction to Heap overflows on AIX 5.3L
22/08/05 The Pharming Guide: Understanding & Preventing DNS Related Attacks by Phishers
26/04/05 Stopping Automated Attack Tools
21/03/05 Anti Brute Force Resource Metering
28/01/05 Security Best Practice: Host Naming & URL Conventions
22/12/04 Blind Exploitation of Stack Overflow Vulnerabilities
01/11/04 Second-Order Code Injection Attacks
22/09/04 The Phishing Guide: Understanding & Preventing Phishing Attacks
05/07/04 Hackproofing MySQL
05/04/04 Mail Non-Delivery Notice Attacks
04/02/04 Passive Information Gathering - The Analysis of Leaked Network Security Information
08/09/03 Defeating the Stack Based Buffer Overflow Prevention Mechanism of
Microsoft Windows 2003 Server
10/07/03 Variations in Exploit methods between Linux and Windows
09/05/03 Writing Secure ASP Scripts
21/03/03 New Attack Vectors and a Vulnerability Dissection of MS03-007
14/01/03 Quantum Cryptography - A Study Into Present Technologies and Future Applications
(Appendix)
03/09/02 Threat Profiling Microsoft SQL Server (A Guide to Security Auditing)
08/07/02 Microsoft SQL Server Passwords (Cracking the password hashes)
24/06/02 Violating Database Security Measures
18/06/02 (more) Advanced SQL Injection
05/06/02 Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on
Windows NT/2000/XP
28/02/02 Assessing IIS Configuration Remotely (Low Level IIS Application Assessment)
06/02/02 Hackproofing Oracle Application Server (A Guide to Securing Oracle 9)
31/01/02 Advanced SQL Injection in SQL Server Applications
09/01/02 Email spoofing and CDONTS.NEWMAIL
(Protecting Microsoft Active Server Pages Applications)
08/01/02 Creating Arbitrary Shellcode in Unicode Expanded Strings
(The "Venetian" Exploit)
20/12/01 Hackproofing Lotus Domino Web Server

Business white papers

14/06/04 Slotting Security into Corporate Development

Section Navigation


Customer Testimonials

Read what some of our satisfied customers are saying about us.

Speaking Events

We regularly present and speak at international security conferences throughout the world.

Informática 2009, Havana

OWASP AppSec Europe 2008

AusCERT 2008

NGS Publications

Web Application Hacker's Handbook

Oracle Hacker's Handbook

Database Hacker's Handbook

The Shellcoder's Handbook

SQL Server Security

Configuring IPCop Firewalls


Red Herring 100

Red Herring 100

NGSSoftware named as winners in the Red Herring 100.

SLBA 2008

South London Business Awards 2008

David Litchfield named as 'Entrepreneur of the Year' at the South London Business Awards 2008.

Queen's Award 2007

Queens Award 2007

NGSSoftware are delighted to announce that we are winners of the Queen's Award for Enterprise: International Trade 2007.

SC Awards 2008

SC Magazine Awards 2008

NGSSoftware wins 'Best Security Company'.

ITA 2008

International Trade Awards 2008

NGSSoftware South-East England Regional Winners at 2008 International Trade Awards.