exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

SciTools Understand 2.6 DLL Loading Code Execution
Posted Feb 8, 2012
Authored by LiquidWorm | Site zeroscience.mk

A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
SHA-256 | 5cda689106931a122f885350c46515532ff0a47fdb0e7ef0f9f15038b40dc6e7

Related Files

Alphanumeric Shellcode
Posted Jun 12, 2012
Authored by hatter of BHA | Site blackhatacademy.org

Alphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.

tags | paper, overflow, x86, shellcode
SHA-256 | 58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08
Breaking The Crypt
Posted May 31, 2012
Authored by Sudeep Singh

The purpose of this paper is to make the reader aware of various Hash Cracking Techniques ranging from Basic to Advanced. The intended audience for this paper is those who have a basic understanding of hash cracking and password hashing algorithms.

tags | paper
SHA-256 | 6c41eb42dce76b95d64a452addb5a968a83f179dde367f0854ad7f166b86b909
Secunia Security Advisory 47921
Posted Feb 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Zero Science Lab has reported a vulnerability in SciTools Understand, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 5587107ef238a7cdc734028c14f123e4f97c8b66b4f53cc05a9155bb8d9cd304
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
SHA-256 | 8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8
Hardware Involved Software Attacks
Posted Dec 25, 2011
Authored by Jeff Forristal

Whitepaper called Hardware Involved Software Attacks. Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.

tags | paper, vulnerability
SHA-256 | c7725f5f5155ccae730b5464c6855db0d3283f354981f52fcebb60c92127731a
Dissecting Andro Malware
Posted Sep 8, 2011
Authored by Vadodil Joel Varghese

This white paper aims to understand the operation of an Android malware named "*DroidKungFu 2 - A*" and investigate the parameters, code and structure which is created or modified by this malware. It also highlights the mitigation steps which requires the user and the developer to be proactive.

tags | paper
SHA-256 | c87a98cdf37b9f56b2a378c84cd4c8aff4968bbdafd25c95eca7fe50f6f384b7
Digging Inside VxWorks OS And Firmware - Holistic Security
Posted Jul 18, 2011
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.

tags | paper, vulnerability
SHA-256 | 2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449
From Unexpected To Understanding The System
Posted Jul 17, 2011
Authored by Meylira Kagaya Eisenberg

Whitepaper called From Unexpected Restart To Understand The System. Written in Indonesian.

tags | paper
SHA-256 | b56dfc1b21c46a2ee3b8448e30538c6d9148ec299edfbd6cc15a4ab59099ccc8
Understanding Basic Vuln C0de For RCE
Posted May 30, 2011
Authored by eidelweiss

Whitepaper called Understanding Basic Vuln c0de for RCE (Remote Command Execution).

tags | paper, remote
SHA-256 | 9907db6251dee6363621a9bac17337fb5c5d9bae683f453fccf2a42db3aebae3
Understanding The Heap By Breaking It
Posted May 6, 2011
Authored by Justin N. Ferguson

Whitepaper called Understanding the heap by breaking it. A case study of the heap as a persistent data structure through non-traditional exploitation techniques.

tags | paper
SHA-256 | f784cc1f14648890cc5d7ddb94b3cdc3112dcb6dc69d331aa678085a5d6333fd
Cisco Security Response 20110505-ios
Posted May 5, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.

tags | advisory, vulnerability
systems | cisco
SHA-256 | ac868da7539c09459df98a634ab8f4c33c7b86d10462a10ba94406de92cecb96
Understanding The ARM Architecture
Posted Mar 10, 2011
Authored by f0nt_Drk

Whitepaper called Understanding the ARM Architecture. Written in Portuguese.

tags | paper
SHA-256 | cf0eaadb289df97ca53ecb2bb43210d339f7a1c7c7d590641192f41d631c74a7
Cisco IOS Router Exploitation
Posted Jul 26, 2009
Authored by FX | Site recurity-labs.com

Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.

tags | paper, vulnerability
systems | cisco
SHA-256 | c8f425e5b59d8610a92403e4d24fbd0a74109b64e2b2600c739f8f66b44a6701
Understanding SQL Injection
Posted May 27, 2009
Authored by k4m1k451

Whitepaper called Understanding SQL Injection. Written in Portuguese.

tags | paper, sql injection
SHA-256 | af987039e63ecaf10627212cb4cc10fd0b3928911e5862ae152fed93ba43490f
wasc_wass_2007.pdf
Posted Sep 8, 2008
Site webappsec.org

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity.

tags | paper, web, vulnerability
SHA-256 | a372c268440ecd927644d79af2dfa9a7fa4bc692839cf9d01c41ae9ef56051a8
firehol-1.273.tar.bz2
Posted Jul 31, 2008
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
SHA-256 | e8d3b4ac3e54097c0e0f14bfab773a75d43b522fa123a42088b7f23f13495ea2
browser_insecurity_iceberg_2008.pdf
Posted Jul 1, 2008
Authored by Gunter Ollmann, Stefan Frei, Thomas Duebendorfer, Martin May

Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg".

tags | paper, web
SHA-256 | ce547d6e607ecd39cfd126ab4728d62ffb1f7731c73fcc2dafca170a94c6e6fd
Reverse.Engineering.AntiCracking.Techniques.pdf
Posted Jun 26, 2008
Authored by Glafkos Charalambous, George Nicolaou | Site astalavista.com

This paper was written to give a better understanding of the various approaches taken in reverse engineering. It also provides insight into proper software design to protect sensitive data, etc.

tags | paper
SHA-256 | b5c7dfd571117696f905dd62992db0d72be563b920bd026e5c7eb6fcb944883c
d3vscan-alpha8.bz2
Posted Apr 4, 2008
Authored by devtar | Site d3vscan.sourceforge.net

d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.

Changes: Windows installer added. Vulnerability scanner plugin released. Several bug fixes.
tags | tool, wireless
SHA-256 | 3a126fab40bdf37d454ad73832916998084a1fe58d73b0eedba9215a507149bc
d3vscan-alpha7.tar
Posted Mar 12, 2008
Authored by devtar | Site d3vscan.sourceforge.net

d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.

Changes: Project functionality objectives reached.
tags | tool, wireless
SHA-256 | 0cb0f038abaade6674714b1f16cde8ecba91e9165bffc2995646448c023c6a0b
alpha6.tar.gz
Posted Feb 26, 2008
Authored by devtar | Site d3vscan.sourceforge.net

d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.

tags | tool, wireless
SHA-256 | 8e6418044e81dd37bf0678cf05065374969b81ada852085d22921a4d422e7bf4
Cisco_IOS_Exploitation_Techniques.pdf
Posted Jun 28, 2007
Authored by Gyan Chawdhary | Site irmplc.com

It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.

tags | paper, code execution
systems | cisco
SHA-256 | 40dd024bc2d874958a21e126057bd31b7ed7d0c86e440e3d7f7f5635a1c9819c
firehol-1.256.tar.bz2
Posted May 23, 2007
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
SHA-256 | 2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49
firehol-1.255.tar.bz2
Posted May 22, 2007
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: See changelog.
tags | tool, spoof, firewall
systems | linux
SHA-256 | 9bf6cfa2765f05571a2301f0e9cef9e1c13cab4281f2ed0396e6cbf0d374b83d
dotnet-bypass.txt
Posted Apr 7, 2007
Authored by Adrian Pastor, Richard Brain, Jan Fry | Site procheckup.com

By understanding how ASP .NET malicious request filtering functions, ProCheckUp has found that it is possible to bypass ASP .NET request filtering and perform cross site scripting and HTML injection attacks.

tags | exploit, xss, asp, bypass
SHA-256 | 4b78fe2bdca6f7c490f51b3622de9ef13cf64b7899eaa6f8f39a70a7ab3ae074
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close