This document is version 1.0, as adopted by the CA/Browser Forum on 22 Nov. 2011 with an Effective Date of 1 July 2012. These Baseline Requirements describe an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements that are necessary (but not sufficient) for the issuance and management of Publicly-Trusted Certificates; Certificates that are trusted by virtue of the fact that their corresponding Root Certificate is distributed in widely-available application software. The Requirements are not mandatory for Certification Authorities unless and until they become adopted and enforced by relying–party Application Software Suppliers.
7e40dcea212696d52d1c4425eabf0a1c02ba09e85412416def237608e9fe7832
Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.
a5647c132e4877c92a507d0bcd1ac0ea57ab7bb3dca97b06b3806f2dcf13942f
This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.
310fda8af6653a1631b701e34fda63984b79da47abf4d0c694660655c07035b4
This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.
cf6fbc4d936699857b6524b54211eae3ce2b2ca1a865a3ff3877d5fc4fc945b6
This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.
e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
This document illustrates the manual exploitation of the vulnerability found in the Intel Active Management Technology in 2017 that stripped off the primary authentication mechanism in the Intel AMT web interface.
cfebcadf4361db526ce74bd43cf6067fdd66062b8ff3d28335972d33dcde2b8d
This document is intended for students and security professionals as a quick reference for networking protocols. It covers 50 protocols classified according to the OSI Layer they operate on. The corresponding RFC has been provided to further check for parameters / commands of a particular protocol. From a security perspective, the corresponding attacks / vulnerabilities are also included in this cheatsheet.
4ae048d7061779872feeaba89b1f42cb9adcbb7b27fd89275e80e93dd0279d75
The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.
5e0f59932f1a0e50ca16efbe5fc14be1920860feb00a8731ba38a2383ae6c8bf
This document is meant to be a general purpose cybercrime report template for victims.
d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7
This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.
696de85131e12c5aeceb80b81967cf7b6a763bedd16495ecd096c382eb8c7d35
This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.
8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
This document is a collection of short guides to set up your own (free) brand monitoring solution. The document is primarily aimed at security professionals but is very simple, enabling even non-technical people to follow.
4769fca2809576803cac3c3a5b874c0ffdeef8513cf9eec20d76edf4dbd6ef9e
This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.
e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09
This document is a short guide on ARM exploitation and architecture.
eb11c5954a8a1ffe7fe345267174615ea26305cce19dcecad07807f79430e55d
This document illustrates multiple ways to identify multiple SCADA systems.
4a6fa6642d990c8dd6fd4923a4888e0ece61a8ec460784de6393c1c946926834
This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.
7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140
This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.
71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3
This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.
984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cf
This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.
828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.
b0bd48d4dfcf7fc338169df812038a282998457c61b3f8cfb9294a669b43f80a
This document is the second of a series of five articles relating to the art of hooking. As a test environment they will use an english Windows Seven SP1 operating system distribution.
02012b744a4c170a554406666f1561e871e40b64e03fab4557959d93d6ba3e92
Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.
14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996
The Hacker's RFC - This document introduces best practices a computer hacker should know about and implement for his own safety.
5dfd6596e321d2e81fa6a2c7d9595a98bfcbbebec637c8ddb53d37a350a936d3
This document is a technical abstract of paper "Win32/Bypass: Anulando la deteccion de ficheros". The main objective is to explain techniques used to bypass security measures of many antivirus programs.
a80051bbb8ce9864fffe9ef392dcd3c70799043f3b62af74e23d40f6777bcba9