exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files

Baseline Requirements For Publicly-Trusted Certificates 1.0
Posted Dec 17, 2011
Site cabforum.org

This document is version 1.0, as adopted by the CA/Browser Forum on 22 Nov. 2011 with an Effective Date of 1 July 2012. These Baseline Requirements describe an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements that are necessary (but not sufficient) for the issuance and management of Publicly-Trusted Certificates; Certificates that are trusted by virtue of the fact that their corresponding Root Certificate is distributed in widely-available application software. The Requirements are not mandatory for Certification Authorities unless and until they become adopted and enforced by relying–party Application Software Suppliers.

tags | paper, root, protocol
SHA-256 | 7e40dcea212696d52d1c4425eabf0a1c02ba09e85412416def237608e9fe7832

Related Files

PrintNightmare Vulnerability
Posted Nov 22, 2021
Authored by Siddhi Verma, Divya Bora, Mayank Dholia

Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.

tags | paper, remote, local, code execution
systems | windows
advisories | CVE-2021-34527
SHA-256 | a5647c132e4877c92a507d0bcd1ac0ea57ab7bb3dca97b06b3806f2dcf13942f
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
SHA-256 | 6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
Comprehensive Guide On TShark
Posted Apr 23, 2021
Authored by Jeenali Kothari | Site hackingarticles.in

This document is a guide on how to use tshark effectively to monitor and analyze traffic.

tags | paper
SHA-256 | b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
A Hands-On Approach To Linux Privilege Escalation
Posted Jan 12, 2021
Authored by Tanishq Sharma, Shikhar Saxena

Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.

tags | paper
systems | linux
SHA-256 | 310fda8af6653a1631b701e34fda63984b79da47abf4d0c694660655c07035b4
Heartbleed Attack
Posted Dec 21, 2020
Authored by Jaspreet Singh, Siddhi Verma

This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.

tags | paper, proof of concept
advisories | CVE-2014-0160
SHA-256 | cf6fbc4d936699857b6524b54211eae3ce2b2ca1a865a3ff3877d5fc4fc945b6
Bypassing Certificate Pinning In Modern Android Application Via Custom Root CA
Posted Aug 20, 2020
Authored by Nghia Van Le

This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.

tags | paper, root
SHA-256 | e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
Manually Exploiting Intel AMT
Posted Mar 18, 2020
Authored by Laxita Jain

This document illustrates the manual exploitation of the vulnerability found in the Intel Active Management Technology in 2017 that stripped off the primary authentication mechanism in the Intel AMT web interface.

tags | paper, web
advisories | CVE-2017-5689
SHA-256 | cfebcadf4361db526ce74bd43cf6067fdd66062b8ff3d28335972d33dcde2b8d
The Network Protocol Cheatsheet
Posted Feb 24, 2020
Authored by Riddhi Suryavanshi

This document is intended for students and security professionals as a quick reference for networking protocols. It covers 50 protocols classified according to the OSI Layer they operate on. The corresponding RFC has been provided to further check for parameters / commands of a particular protocol. From a security perspective, the corresponding attacks / vulnerabilities are also included in this cheatsheet.

tags | paper, vulnerability, protocol
SHA-256 | 4ae048d7061779872feeaba89b1f42cb9adcbb7b27fd89275e80e93dd0279d75
Local File Inclusion (LFI) Testing Techniques
Posted Jan 6, 2017
Authored by Aptive | Site aptive.co.uk

The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.

tags | paper, web, local, vulnerability, file inclusion
SHA-256 | 5e0f59932f1a0e50ca16efbe5fc14be1920860feb00a8731ba38a2383ae6c8bf
Cybercrime Report Template
Posted Nov 15, 2016
Authored by Bart Blaze

This document is meant to be a general purpose cybercrime report template for victims.

tags | paper
SHA-256 | d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7
Framework For Improving Critical Infrastructure Cybersecurity
Posted Feb 14, 2014
Site nist.gov

This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.

tags | paper
SHA-256 | 696de85131e12c5aeceb80b81967cf7b6a763bedd16495ecd096c382eb8c7d35
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
SHA-256 | 8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
Poor Man's Brand Monitoring
Posted Jul 7, 2013
Authored by Josh Clark | Site chimera-security.com

This document is a collection of short guides to set up your own (free) brand monitoring solution. The document is primarily aimed at security professionals but is very simple, enabling even non-technical people to follow.

tags | paper
SHA-256 | 4769fca2809576803cac3c3a5b874c0ffdeef8513cf9eec20d76edf4dbd6ef9e
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
SHA-256 | e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09
A Short Guide On ARM Exploitation
Posted Feb 13, 2013
Authored by Aditya Gupta, Gaurav Kumar

This document is a short guide on ARM exploitation and architecture.

tags | paper
SHA-256 | eb11c5954a8a1ffe7fe345267174615ea26305cce19dcecad07807f79430e55d
ICS / SCADA / PLC Google / Shodanhq Cheat Sheet
Posted Jan 21, 2013
Authored by Yuri Goltsev, Gleb Gritsai, Alexander Timorin, Roman Ilin | Site ptsecurity.com

This document illustrates multiple ways to identify multiple SCADA systems.

tags | paper
SHA-256 | 4a6fa6642d990c8dd6fd4923a4888e0ece61a8ec460784de6393c1c946926834
Java Applet CVE-2012-5076 Analysis
Posted Dec 3, 2012
Authored by KAIST CSRC

This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.

tags | paper, java
advisories | CVE-2012-5076
SHA-256 | 7eeb8ee0aa1f322c9171f7d50fdfb6981bdfe07f9917cd5cb594c930fb228140
MS IE CVE-2012-4969 Analysis
Posted Oct 10, 2012
Authored by KAIST CSRC

This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.

tags | paper
advisories | CVE-2012-4969
SHA-256 | 71be4f13df3ab83a03a854c8af051074e8ab424be281df96d72b7c7300338be3
Oracle Java Applet SunToolkit.getField Method Remote Code Execution
Posted Sep 15, 2012
Authored by Minsu Kim, Hyunwoo Choi, Hyunwook Hong, Changhoon Yoon

This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.

tags | paper, java, remote, code execution
advisories | CVE-2012-4781
SHA-256 | 984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cf
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
SHA-256 | 828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
SHA-256 | b0bd48d4dfcf7fc338169df812038a282998457c61b3f8cfb9294a669b43f80a
Inline Hooking In Windows
Posted Sep 8, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

This document is the second of a series of five articles relating to the art of hooking. As a test environment they will use an english Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
SHA-256 | 02012b744a4c170a554406666f1561e871e40b64e03fab4557959d93d6ba3e92
Userland Hooking In Windows
Posted Aug 16, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
SHA-256 | 14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996
hackers-rfc.txt
Posted Oct 16, 2008
Authored by fckD

The Hacker's RFC - This document introduces best practices a computer hacker should know about and implement for his own safety.

tags | paper
SHA-256 | 5dfd6596e321d2e81fa6a2c7d9595a98bfcbbebec637c8ddb53d37a350a936d3
w32.bypass.abstract.en.pdf
Posted Mar 20, 2007
Authored by FraMe | Site kernelpanik.org

This document is a technical abstract of paper "Win32/Bypass: Anulando la deteccion de ficheros". The main objective is to explain techniques used to bypass security measures of many antivirus programs.

tags | paper
systems | windows
SHA-256 | a80051bbb8ce9864fffe9ef392dcd3c70799043f3b62af74e23d40f6777bcba9
Page 1 of 2
Back12Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close