Old Papers

This is a collection of papers that I have written. Most of these are written under the pen name of Coretez Giovanni, a name I used prior to my years of Government research.

Bypassing Secure Web Transactions via DNS Corruption

Long before Dan Kaminsky, DNS was known to be flawed.  This paper presents the issue of DNS poisoning back in 2000.

Passive Mapping: An Offensive Use of IDS

This paper spurred a number of passive mapping programs and papers.  Though not related to p0f, this paper was its spark.

Passive Mapping: The Importance of Stimuli

A paper written after some of the passive mappers came out.  It was released to provide a larger insight into passive mapping, as many of the projects were focused on guessing the OS and ignoring applications and application versions.  Nowadays, application determination is all the rage, since ports no longer represent the application (i.e. many applications use port 80).

Topology of Denial-of-Service

This paper was written to help clarify the issue around denial of service.  At the time, most people thought of DoS as the same as a SYN-flood, which is only a type of DoS.

writing detection signatures

The general belief by many is to write signatures around vulnerabilities.  The problem is that many signatures focused on a mixture of elements.

Undetectable Web Reconnaissance (To Be Released)

One of my security hobbies is passive mapping. This paper describes a technique of interacting with web pages by communicating to the web server via pages that are announced (appear in search engines).  These links already have noise, and so communication to these pages are not an anomaly.  This “normal” communication can be analyzed to determine the version and setup of a web server, even when the server is attempting to hide this by sanitizing the http header.  This paper was written five years ago for a conference, but at the time a decided to pull the paper from publication.

Fun with Packets: Designing a Stick

This was the paper that was released a couple days after providing versions of Stick to IDS vendors.  Snort community was not happy with this, but they were unaware that all major IDS vendors already had the code to address weaknesses in their systems.  The version that was released to the public had a small glitch (around TCP packets).  That being said, any descent programmer could fix it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: