This is a whitepaper that goes into detail on how a PHP shell can be uploaded when leveraging SQL injection.
4bd1b56e632e868443ab5b6f7e07a054ee3c7586c9391af4c31b235f0d5348db
This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.
0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759
This is a whitepaper that discusses DNS spoofing. Written in Spanish.
f2ea4bf58281fa68bc973561373c15277c62566c003a2f7a9096cddecd79929e
This is a whitepaper that discusses additional vectors of attack that can be used against Razer products.
d896ee68726d14957e7b9ef3ead4ea6080977a3951b1f9246dab51ea5e04be7c
This is a whitepaper that gives an overview of the PIP vulnerability in Android 11.
de30f374a906fe8d9c0d8bb8b7dfebcf0db353f3671a5b1d8f515460f9e6c36d
This is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
599c840a9119e2c8108281701779707886926208b2da13457cc0150074c5afdf
This is a whitepaper called WordPress Plugins Analysis.
d0c46ffe0b264d4c36f2a1a05d4c226cc68de98deaf9573d56409ad0026d1d33
This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37beb
This is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.
425783c0a58f4b3d8ceaa1ef51c78b248dc59a4e994ea242a952886897d53b3d
This is a whitepaper that discusses unmasking hidden sites behind Cloudflare an Tor.
55b41d984f3de143bc1ab3d75c2bfb2181b35277644bc2e08ecee6160697f930
This is a whitepaper called APK Testing Report. It goes through various tooling used to analyze devices.
e7e292f4deaf2d179fba420362d70e5c6cc318e28dffe69d1e55a44b7ce8fe88
This is a whitepaper that presents an exploratory study of responses from 75 security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. The researchers presented the participants with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve their understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. They observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.
55854ee2c23a225a399933b2397503589cceb96dd36c5a8986a11eb73227e97e
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.
02221a056ccb54bfaed855a9ef6741e6737b01e06fc5841d931b5745c69e5e8b
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.
c5c75f2da8676e6edfc6cc37ea4ac20e90be1d12275b0fce452c5c10d306afe6
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.
55f884e3a3e6704c111f4ff046bd4931087255499a9ead8d4d9832ca49c77691
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.
c13f3213213baa28e248e4dc73e332bc336b5d187686a95ad2ef8b57a7b36938
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.
9876efa02a9403b13e3814ee5a4409950bf50bd73e0e3c6f43ee673c60841a3e
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.
8cd9a562fc422fbab693c7375a6d77afbff17c5e7e25cd997d8290beae82bbe2
This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.
e14b464d7c303fba5728ee884839d733cf9da1cb6bbb6f3af26614652cc21681
This is a whitepaper that discusses bypassing a firewall using tunneling techniques. Written in Turkish.
c7b022d8f98bd3ad2bc62318bb20cac8cf163c3c7c88fb40ba138d97d7c4b302
This is a whitepaper that provides an overview on WordPress Security. Written in Persian.
d22218ad1594c053cb1ee1157adae795a1d60e443169f78cd2050fa557349319
This is a whitepaper providing a Linux kernel hacking introduction. Written in Korean.
70b905774f039dbf1b79d316a75a314dd09b5e5f02ba71bf7dc495772f69434c
This is a whitepaper that goes over methodologies for web application penetration testing. It is very thorough with examples and overviews.
5f258ff9e75dba499306df2a06fa89e9eebcc2fd3b3ee0b82a6a2a06f26b66fd
This is a whitepaper discussing analyzing and attacking the SSH protocol. Written in Vietnamese.
3c0940d50691503ff7886f4897a97649067e005c53e3ce4c8cc33ecd573a82b1
This is a whitepaper describing the Sony Playstation 4 (PS4) webkit setAttributeNodeNS use-after-free vulnerability.
14a01bece77ecdc9d7053e8a98f004b5c09d8502486e1d85f81508e652194877
This is a whitepaper that discusses pivoting attacks with Metasploit. Pivoting is a technique using a compromised system to attack other systems on the same network. Consider a scenario where there is some juicy information hosted inside a local network and there is only one system which is connected to internet. In this scenario, an attacker can compromise the system which is connected to internet and then use that particular compromised system in-order to test or attack other systems in the same network which are only accessible via local network.
33ab5236cd107568dfd2b0fa53e275b3fac5c53227e58d23cc60eab82d6b07e7