A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.
5cda689106931a122f885350c46515532ff0a47fdb0e7ef0f9f15038b40dc6e7Alphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.
58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08The purpose of this paper is to make the reader aware of various Hash Cracking Techniques ranging from Basic to Advanced. The intended audience for this paper is those who have a basic understanding of hash cracking and password hashing algorithms.
6c41eb42dce76b95d64a452addb5a968a83f179dde367f0854ad7f166b86b909Secunia Security Advisory - Zero Science Lab has reported a vulnerability in SciTools Understand, which can be exploited by malicious people to compromise a user's system.
5587107ef238a7cdc734028c14f123e4f97c8b66b4f53cc05a9155bb8d9cd304This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8Whitepaper called Hardware Involved Software Attacks. Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.
c7725f5f5155ccae730b5464c6855db0d3283f354981f52fcebb60c92127731aThis white paper aims to understand the operation of an Android malware named "*DroidKungFu 2 - A*" and investigate the parameters, code and structure which is created or modified by this malware. It also highlights the mitigation steps which requires the user and the developer to be proactive.
c87a98cdf37b9f56b2a378c84cd4c8aff4968bbdafd25c95eca7fe50f6f384b7Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.
2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449Whitepaper called From Unexpected Restart To Understand The System. Written in Indonesian.
b56dfc1b21c46a2ee3b8448e30538c6d9148ec299edfbd6cc15a4ab59099ccc8Whitepaper called Understanding Basic Vuln c0de for RCE (Remote Command Execution).
9907db6251dee6363621a9bac17337fb5c5d9bae683f453fccf2a42db3aebae3Whitepaper called Understanding the heap by breaking it. A case study of the heap as a persistent data structure through non-traditional exploitation techniques.
f784cc1f14648890cc5d7ddb94b3cdc3112dcb6dc69d331aa678085a5d6333fdCisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
ac868da7539c09459df98a634ab8f4c33c7b86d10462a10ba94406de92cecb96Whitepaper called Understanding the ARM Architecture. Written in Portuguese.
cf0eaadb289df97ca53ecb2bb43210d339f7a1c7c7d590641192f41d631c74a7Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.
c8f425e5b59d8610a92403e4d24fbd0a74109b64e2b2600c739f8f66b44a6701Whitepaper called Understanding SQL Injection. Written in Portuguese.
af987039e63ecaf10627212cb4cc10fd0b3928911e5862ae152fed93ba43490fThe Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity.
a372c268440ecd927644d79af2dfa9a7fa4bc692839cf9d01c41ae9ef56051a8FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
e8d3b4ac3e54097c0e0f14bfab773a75d43b522fa123a42088b7f23f13495ea2Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg".
ce547d6e607ecd39cfd126ab4728d62ffb1f7731c73fcc2dafca170a94c6e6fdThis paper was written to give a better understanding of the various approaches taken in reverse engineering. It also provides insight into proper software design to protect sensitive data, etc.
b5c7dfd571117696f905dd62992db0d72be563b920bd026e5c7eb6fcb944883cd3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.
3a126fab40bdf37d454ad73832916998084a1fe58d73b0eedba9215a507149bcd3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.
0cb0f038abaade6674714b1f16cde8ecba91e9165bffc2995646448c023c6a0bd3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.
8e6418044e81dd37bf0678cf05065374969b81ada852085d22921a4d422e7bf4It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
40dd024bc2d874958a21e126057bd31b7ed7d0c86e440e3d7f7f5635a1c9819cFireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
9bf6cfa2765f05571a2301f0e9cef9e1c13cab4281f2ed0396e6cbf0d374b83dBy understanding how ASP .NET malicious request filtering functions, ProCheckUp has found that it is possible to bypass ASP .NET request filtering and perform cross site scripting and HTML injection attacks.
4b78fe2bdca6f7c490f51b3622de9ef13cf64b7899eaa6f8f39a70a7ab3ae074
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed