Whitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.
3377a9e7607686a8415eb224532b12bc436eda19656f6192d4f244d9c631a003Whitepaper called Hardware Involved Software Attacks. Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.
c7725f5f5155ccae730b5464c6855db0d3283f354981f52fcebb60c92127731aWhitepaper called Construindo Shellcodes. It discusses how to build shellcodes and use them. Written in Portuguese.
8a69b4c29cd9e658b54a12c337266f622bc5a9644d51ae9a62cf454b59fa26b1This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.
c69a3b2da9530405c3ed93af845dd91cd134b73575ef841656393f8c04acc185This is a whitepaper called Armitage - Hacking Made Easy Part 1. It covers using the Armitage GUI for Metasploit when performing pentesting.
5777c81d10c96a98fcf57d7f4affd16f8b29fa2e3121f0c628c6d44d023e0fafWhitepaper called Active Directory Offline Hash Dump and Forensic Analysis. The author participated in a project where it was required to extract the password hashes from an offline NTDS.DIT file. After searching the Internet for an available tool, the author found that there was no open source tool. Because of that the author decided to research the internals of password encryption and storage of Active Directory and create a tool for the forensic community.
7c27ab31e6a03839ed661d3fb678d3b2d06e9a0aa037df4e3967246d0c184a28Whitepaper called Overview to HTML5 web security. This article is an extract of the master thesis written by Michael Schmidt. It needs to be considered that the content of this document was released in May 2011.
80db6816d328e2047d44c3b598a2a9756e6a4f2de1f01ef7af19901983063af3Whitepaper called Unprotecting the Crypter, a Generic Approach. It discusses how crypters work and unpacking malware.
937196e8fab2e4560c58ff7b754f08781822ad6da74fc0f1e72386234ca1d6efWhitepaper called The Tor Project: Authority "No Check" Weakness. It discusses the fact that exit nodes can be leveraged easily to commit man-in-the-middle attacks.
f523fe3bebb9e922cf2b46d51e4e0f5b2dd213f250650097026f0a157421c7b5Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.
a67e9dfc2edc6ef44c9c82a4132902d3b4329e23e0b4c682cc1ef2191fb41ee3Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18Whitepaper called Post Exploitation using Meterpreter. It goes into detail on how to leverage Metasploit during a penetration test.
89a7620f8ae1ed536363950d30f77b17cc62b653bd630305609749e496b2a9d7Whitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.
69fe6147bbfce7aa1f1fda7be05564726198e6a7762c9a4c617c46545fd0da39Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.
b1a5cd53ac0ba93fa6ae8a95e647a33652ee817065946819d8fc813efa6fdce6Whitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.
84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21Whitepaper called A Bit Away From Kernel Execution. A 'write-what-where' kernel memory overwrite tale.
7601ea3c472cfea1df7ebc3821a36b138a1ac133463034a30345aab1a6ead3d2Whitepaper called Systematic Detection of Capability Leaks in Stock Android Smartphones. It discusses a weakness in the Android operating system that allows attackers to secretly record phone conversations.
5a42058e6ef874923ffe286bf518d8fd4920e14deee4daf20d620cad043d476bWhitepaper called Certificate Authority Transparency and Auditability. The goal of this paper is to make it impossible (or at least very difficult) for a Certificate Authority (CA) to issue a certificate for a domain without the knowledge of the owner of that domain. A secondary goal is to protect users as much as possible from mis-issued certificates.
baa285ffbc1c0f086a22438517cd8c203c13124a4eb655414ea8a04b440b3651Whitepaper called Enumerating and Breaking VoIP. It discusses various enumeration techniques followed by a demonstration of a few VoIP attacks.
5915b289644f1e037253a04414a137d01faffd8f590ab4c59e271cdc1509e4fdWhitepaper called Social Engineering - The Human Factor. It documents suggested phases of the social engineering lifecycle and associated techniques for implementation.
461544be2738e4d8abf609851dadb8d3da3588cb53e8c180e81e7d7b8e0989c9Whitepaper called iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections. The authors investigate the implications of the ubiquity of personal mobile devices and reveal new techniques for compromising the privacy of users typing on virtual keyboards.
60b7681fb94a33a6c412266114a942f9cd9a18a4b3db0a3554e8c4298fb91873Whitepaper called Heap, Overflows and Exploitation. Written in Turkish.
7b494d3844c65ed44831e4a8623b0ae9168a5432d8b05e09295782c967294133Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.
b0175858820b9e6438b1ec0ef4a41eeaa2957167c87f13ca78bade3f36b4401aWhitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
59aae9b502f6267802e5e03c5acbbc8cc5b2055211508a758f0223c1089883beThis is a whitepaper called Security Issues in Android Custom ROMs. This paper keeps a special focus on custom ROMs by checking for security misconfigurations that can lead to device compromise.
148ace3cc6281b063c2d9749eb5299c07d5dcef0fc282520771e9cf01ffe759cWhitepaper called Buffer Overflow Exploitation - SEH.
d4773945a03214e61e08b72d1a503fffdf07e12cac2dba7b7d716c937d990401
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed