exploit the possibilities
Showing 1 - 25 of 41 RSS Feed

Files

Abusing, Exploiting, And Pwning With Firefox Add-Ons
Posted Feb 22, 2013
Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper
SHA-256 | 13625ce6c755c96192b50c4a415d4bee4bd21c7137c469ce62b2ea3b7d46cc76

Related Files

Abusing LAPS
Posted Jan 19, 2022
Authored by Metin Yunus Kandemir

Whitepaper that explains a misconfiguration based flaw about Local Administrator Password Solution.

tags | paper, local
SHA-256 | afd186867562453b4d7f00ad96270e7a4c5c6b2facd655ef9e4e3c6d602fb576
Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
SHA-256 | e80ccbaa83ffad3bf1cde6de0396cae423f3afd12c0a5a44cb9a16f8090938f4
Abusing COM And DCOM Objects
Posted Aug 26, 2020
Authored by Haboob Team

Whitepaper called Abusing COM and DCOM Objects.

tags | paper
SHA-256 | 5fd1de5a2df55fca764f1fb18fe5f7e5b49b94117032c4e071b37fcbeb66bcd5
Abusing Windows Data Protection API
Posted Jun 16, 2020
Authored by Haboob Team

Whitepaper called Abusing Windows Data Protection API.

tags | paper
systems | windows
SHA-256 | 773a6f1530d77d0420be2e70d5bd4c5c42a05dd949691ff60a9439f5d56f0977
Running Encrypted ELF Binaries In Memory
Posted Mar 4, 2020
Authored by Marco Ortisi, redtimmysec

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

tags | paper
SHA-256 | 326178d7c2a2126ac27509f46a4346cfb02ff83ca3fc2a5d381a2e1d830ce3ec
Remote Code Execution With EL Injection Vulnerabiltiies
Posted Feb 1, 2019
Authored by Asif Durani

This paper discusses a vulnerability class called "Expression Language Injection (EL Injection)". Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today's world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.

tags | paper
SHA-256 | 568d83e4ae3f7e4ec9156217f07b246cb483b2ee929431c519f7b291f7254ed0
Abusing Kerberos: Kerberoasting
Posted Jul 18, 2018
Authored by Haboob Team

Whitepaper called Abusing Kerberos: Kerberoasting.

tags | paper
SHA-256 | 90e5ba64d14b541cd45c26d45a5af701af4e2a7945959b2f554231973affcdff
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
SHA-256 | e7e9068d43e4f86618c09b4979313f1ccd2c4a3b121b0a980a5ccc8d648fc1c0
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
SHA-256 | 5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
SHA-256 | 994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982
Facebook Malicious Extension Malware Analysis
Posted Feb 8, 2015
Authored by Nick Pantazopoulos, Nikolas Totosis

This paper discusses a recent malware distribution occurring on Facebook that attempts to install a malicious Chrome extension.

tags | paper
SHA-256 | dce4e9058411e6582096412639b75d0ec511af38d28faebd4f69cf90d8f5be79
Blind Command Injection On Embedded Systems
Posted Dec 15, 2014
Authored by Cenk Kalpakoglu

This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.

tags | paper
SHA-256 | 0ddf38fc9a6ebf83ee98eff187bf56078b44d152d0cee625cb886a34f9cce193
In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
SHA-256 | 1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862a
A Pentester's Guide To Hacking OData
Posted Oct 1, 2012
Authored by Gursev Kalra | Site mcafee.com

The Open Data Protocol (OData) is an open web based RESTful protocol for querying and updating data. This paper discusses OData penetration testing methodology and techniques.

tags | paper, web, protocol
SHA-256 | 1b62d466847cec22c497a72fa0fe279d3bd1de562ba4265594efc26f9d86694d
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehbock

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
SHA-256 | 3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3
Biclique Cryptanalysis Of The Full AES
Posted Aug 19, 2011
Authored by Dmitry Khovratovich, Andrey Bogdanov, Christian Rechberger

Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.

tags | paper
SHA-256 | 892f69df7711f607a712c9642c0b94ef2229b7c62e1af9495c6c69a8dfd8fb59
Web Application Finger Printing
Posted Jul 17, 2011
Authored by Anant Shrivastava | Site anantshri.info

Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.

tags | paper, web
SHA-256 | eab628337996d7cae9ebcf66a12c3a7e94c93d563219fe2015815e81d348b321
Apple iTunes Privilege Escalation
Posted Apr 1, 2010
Authored by Jason Geffner | Site ngssoftware.com

This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.

tags | advisory, local
systems | windows, apple
advisories | CVE-2010-0532
SHA-256 | 08157a8dd7cfd5cb407ffa0138623559421da7fed35cdf32b494e3edc81120bf
GDT And LDT In Windows Kernel Vulnerability Exploitation
Posted Jan 18, 2010
Authored by Gynvael Coldwind, Matthew Jurczyk

Whitepaper called GDT and LDT in Windows kernel vulnerability exploit. This paper discusses using 1 or 4 byte write-what-where conditions to convert a custom Data-Segment Descriptor entry in LDT of a process into a Call-Gate (with DPL set to 3 and RPL to 0).

tags | paper, kernel
systems | windows
SHA-256 | 5c8da344b3b6b9b298c6abf88c6abc9b8388ea7855997e8d22f4bdd058f0fb20
Bypassing SEHOP
Posted Dec 22, 2009
Authored by Damien Cauquil, Stefan Le Berre

Whitepaper called Bypassing SEHOP. Microsoft has recently implemented in many Windows versions a new security feature named Structured Exception Handling Overwrite Protection. This paper discusses how it can be bypassed.

tags | paper
systems | windows
SHA-256 | 494242f6be3d7f34046067b7fd6e0190f1ba76047456124bb6507467ab1279f2
LFI/RFI Testing With fimap
Posted Sep 4, 2009
Authored by Iman Karim

This paper discuss local and remote file inclusion testing and exploiting using fimap.

tags | paper, remote, local, file inclusion
SHA-256 | ca0e272e459578d65a04ea70099d78615750a284bffaa9f08e4e57350ee0f311
oracle-assault.pdf
Posted Oct 7, 2008
Authored by Aelphaeis Mangarae | Site blackhat-forums.com

This paper discusses injection into Oracle PL/SQL databases objects.

tags | paper
SHA-256 | 306aad7837ab141baadbadd186fb4f8aefb3ef5afdd488289c03f1e484a0a996
wildcard_attacks.pdf
Posted May 20, 2008
Authored by Ferruh Mavituna | Site portcullis-security.com

DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

tags | paper
SHA-256 | 966761136e5dd0fc10bac9d6b273966d20386567a7bdca93ac2c13e0d89fc0e9
Biologger - A Biometric Keylogger Whitepaper
Posted Sep 7, 2007
Authored by Matthew Lewis | Site irmplc.com

Whitepaper entitled "Biologger - A Biometric Keylogger". This paper discusses using a "Biologger" to capture biometric data and replaying the data via man-in-the-middle attacks.

tags | paper
SHA-256 | 010e9e56816a4de2b35f1a93bdbb54a1d370d7e78a1e3ff111d25a262eecca0e
Security_Testing_Enterprise_Messaging_Systems.pdf
Posted Jul 31, 2007
Authored by Andy Davis - IRMPLC, Phil Huggins | Site irmplc.com

This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.

tags | paper
SHA-256 | 30f5a8238e6edc015d11426f17a737139cb286ac98539e6c0c99d7c160fc1c83
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close