Howdy, I've written two white papers for anyone interested. One discusses non-stack based buffer overflow exploitation on the Windows platform. These are easier to write than traditional stack based exploits that require the writer to know at least a bit of assembly - non-stack exploits don't. I reckon that as time goes on and as more products become available to prevent stack based exploits on the Windows platform their non-stack alternatives will become considerably more common. The second paper pertains to remotely assessing the configuration of Microsoft's IIS web service. Show's how to "read" server responses and interpret what they mean and what can be inferred about the remote system's configuration. These papers and more are available from the NGSSoftware website research section: http://www.ngssoftware.com/research.html Cheers, David Litchfield
