Whitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
9eeb90330cfbccc1cd8f8478aef2e4c16a609d57f5f1172310f841fe03112f37
This is a whitepaper called Bypassing Spam Filter Using Homographs. Some generation code is also included.
53ce87d77ad354d381340e51d46995bbf63257ebb4dd4ce48fd728ce00168df1
Whitepaper called Reverse Engineering Malware Part 1.
36dd2e02c332eee7ad1b0a13487a9cc66d5bcca061c99f0a07d0ec1b39863a5f
Whitepaper called Actuality of SMBRelay in Modern Windows Networks.
f87fc888c4e56b21d8c099e4f1faceacf01f9e809547979686a603d553e4449e
Whitepaper called Intro to SQL Injection and Countermeasures.
23c1a4f9df055f7ced98f3bad083e6f1881e9336751efcd55ecb930ac7852e99
This is a whitepaper called Exploring Windows Backdoors - Bypassing Firewalls on Webhosting Providers.
38f11023e9d479f3a8474437778cd503766c4e12137a5484b98856546e803504
Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.
2a07f7ba8590b6f096b40e0241279121aa6cb6cc3400db03bb9062a53afd7af0
Whitepaper called JavaScript Deobfuscation - A Manual Approach.
f62eacd0b6de91f97b5724b5c6970f9e9ca83dcf56688802e7c335036028d5a8
This is a whitepaper called Blind Date With Your Girlfriend. It is a brief tutorial that explains how to use Metasploit to hack a Windows box.
157492120226df24ef2e8aea4490de261f57ae418be5905de19a8dfc3264fd9e
Whitepaper called Anatomy of a Credit Card.
4183b3b6ecb49370ab7d97d6e702fd712537ba32242f6fe8c7435726e88e78bf
Whitepaper called DNS Spoofing. Written in Portuguese.
1a706d22a376215952da0e4ba8f07c9da32585075efe562a34786039c130ca44
Whitepaper called Basic Pentesting Steps. Written in Portuguese.
cf62acb113548b7962de04575bfaad6edc9c7585dea71db2927ffc03e60a2f51
Whitepaper called Exploring and Patching Remote File Disclosure Vulnerabilities. Written in Arabic.
b3464630fe63b4411821de351e79f101e7ed02d8035f0a8b51796e260fc6fb70
Whitepaper called Using UPX as a Security Packer. It goes into detail on how to use this tool and how to bring obfuscation into it.
fb92011966919c8736a7d2cdb3031ca76789896634cbf940310ad240e43e48b2
This is a whitepaper called Pentest: Information Gathering. Written in Spanish.
0a120fb44dd61a5a363336664fa11eb9a02a30c416dd768a578b7a9619ceca1f
Whitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
705cb8163275671c27c510a5c5b8844bcd41d0a76937766a605fd5ca273a0a7a
Whitepaper called Metasploit: Low Level View. It touches on topics such as code injection and malware detection evasion / Metasploit encoders.
07e3eb3f9a8a6d81bd3f80976de99d9b360b6c9b90ddb4432b6343a6f12cc0c2
Whitepaper called Return-Oriented Programming Na Unha! Written in Portuguese.
e6b54ef5474c0dde40ebf73da35e14b105441360e400162136a7f59ae1fc1f07
Whitepaper called Wi-Fi Security with Wi-Fi Protection Plus. Wi-Fi P+ is a new security architecture proposed by the authors.
a1796ef5991f37e305255cca3db5c7cb382fdf8cc9c174e0f73caebf4c6d9270
Whitepaper called Shell Code Injection To Process. Written in Turkish.
fba9caeb2eb8c95ed9608a1aff5cf93b1e8a07d62825f455dea832f94471570d
Whitepaper called DNS Service Oriented Denial of Service / Distributed Denial of Service Attacks. Written in Turkish.
493ad9e6e104e2d2161841c38de46e0ed488cc2b36141db458386aa4c11820ec
This is a brief whitepaper called A Backdoor in the Next Generation Active Directory.
dd040be0d2bdc00e6d0cbeedaaf496611de0e99e0335d67ebeebc9aaca01a674
Whitepaper called SafeSEH+SEHOP all-at-once bypass exploitation method principles.
209ec6ec9584ba32640f53ad2c68e710468e453169d11ebbd3a1605912e0684a
Whitepaper called Buffer Overflows: Anatomy of an Exploit. A look at how systems are exploited and why these exploits exist.
d5a0653a937271a349afae80c0cfe39ae9f07b8b49348b5380f6d83a8f5fe510
Whitepaper called Linux Kernel Hooking, Data Manipulations and Making Root Exploits. Written in Turkish.
1a5539ddd930fc4dd551c4e0af67794c3d2813565f6acd29073cd082e1056454
Whitepaper called Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. Unlike other theoretical studies, this paper lays down the steps involved in implementing these attacks in real time networks. These real time attacks are measured and analyzed using network traffic monitors. In addition to that, this project also details various defense strategies that could be enabled on Cisco routers in order to mitigate these attacks. The detection and mitigation mechanisms designed here are effective for small network topologies and can also be extended to analogous large domains.
f1811013d7d890533de92c4b33eb002cc4aea6e5e46e851c9ffe27c39fa5f389