Here are a number of good resources I found:
- http://en.wikipedia.org/wiki/Shatter_attack
- http://www.thehackademy.net/madchat/vxdevl/papers/winsys/shatter.html
- http://web.archive.org/web/20060830211709/http://security.tombom.co.uk/moreshatter.html
- http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-moore/bh-us-04-moore-whitepaper.pdf
- http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-moore/bh-us-04-moore-up.ppt (see slide 'parenting problems' for the mention of the technique I used to get the two IBM AppScan TreeViews to show side-by-side in a separate process)
- http://www.rootsecure.net/content/downloads/pdf/shatter_attack_redux.pdf
- http://anautonomouszone.com/blog/archives/21
- http://archives.neohapsis.com/archives/ntbugtraq/2004-q4/0066.html
- http://pen-testing.sans.org/resources/papers/gcih/enemy-within-handling-insider-threat-posed-shatter-attacks-105884
- http://www.codeproject.com/Articles/599/Windows-Message-Handling-Part-3
I always find amazing how the security-focused research papers are a great source of 'how it REALY works' material, specially when compared with the normal/official content which describes 'how it works' , which is usually: 'how it should work' :)
This is one of the added-values that the 'Application Security' space should bring to the table. Instead of being a TAX on devs (and companies), Application Security should have the responsibility to describe and document WHAT is really happening, how it really WORKS, and what are the implications/interconnections of the code created/published (with security-vulns being one of the areas analysed/reported).
