what you don't know can hurt you
Showing 1 - 25 of 49 RSS Feed


Bypassing Certificate Pinning In Modern Android Application Via Custom Root CA
Posted Aug 20, 2020
Authored by Nghia Van Le

This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.

tags | paper, root
MD5 | a7b082989a758162279f6f9571e01594

Related Files

Manually Exploiting Intel AMT
Posted Mar 18, 2020
Authored by Laxita Jain

This document illustrates the manual exploitation of the vulnerability found in the Intel Active Management Technology in 2017 that stripped off the primary authentication mechanism in the Intel AMT web interface.

tags | paper, web
advisories | CVE-2017-5689
MD5 | 72fd2e7bef5700602d4113b623fb94b5
The Network Protocol Cheatsheet
Posted Feb 24, 2020
Authored by Riddhi Suryavanshi

This document is intended for students and security professionals as a quick reference for networking protocols. It covers 50 protocols classified according to the OSI Layer they operate on. The corresponding RFC has been provided to further check for parameters / commands of a particular protocol. From a security perspective, the corresponding attacks / vulnerabilities are also included in this cheatsheet.

tags | paper, vulnerability, protocol
MD5 | 5283f87c171d89b2a5c9d8ddec708942
Bypassing A Null Byte POP/POP/RET Sequence
Posted Dec 25, 2019
Authored by FULLSHADE

This whitepaper covers a new technique that utilizes DLL injection to inject a custom DLL into a running vulnerable process to add a POP POP RET sequence in the scenario that the vulnerable program does not include any null byte free sequences. This is a useful technique to exploit SEH buffer overflow attacks successfully.

tags | paper, overflow
MD5 | bb80127d68605a1a12195a050601b797
Local File Inclusion (LFI) Testing Techniques
Posted Jan 6, 2017
Authored by Aptive | Site aptive.co.uk

The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.

tags | paper, web, local, vulnerability, file inclusion
MD5 | e7fdd5e5b7b65b2027f85f7ec55081ff
Cybercrime Report Template
Posted Nov 15, 2016
Authored by Bart Blaze

This document is meant to be a general purpose cybercrime report template for victims.

tags | paper
MD5 | d8a13b10ba4375189813d0663478c87a
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
MD5 | e0cacc6a2c0d3253f7821933e2e8dfbd
Framework For Improving Critical Infrastructure Cybersecurity
Posted Feb 14, 2014
Site nist.gov

This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.

tags | paper
MD5 | 3d2dca820cb0ebcc5c8e8f8d0f0e0085
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
MD5 | 39928e924c6c07063963edbf2916d536
Poor Man's Brand Monitoring
Posted Jul 7, 2013
Authored by Josh Clark | Site chimera-security.com

This document is a collection of short guides to set up your own (free) brand monitoring solution. The document is primarily aimed at security professionals but is very simple, enabling even non-technical people to follow.

tags | paper
MD5 | 3070506c884d04470003f53747450df8
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
MD5 | 419f5768fc2814c6e1eeaa774ba42148
A Short Guide On ARM Exploitation
Posted Feb 13, 2013
Authored by Aditya Gupta, Gaurav Kumar

This document is a short guide on ARM exploitation and architecture.

tags | paper
MD5 | 6bfeaf302049fa087f5def4d00308252
ICS / SCADA / PLC Google / Shodanhq Cheat Sheet
Posted Jan 21, 2013
Authored by Yuri Goltsev, Gleb Gritsai, Alexander Timorin, Roman Ilin | Site ptsecurity.com

This document illustrates multiple ways to identify multiple SCADA systems.

tags | paper
MD5 | 2da13b842c046b950c68fc86f91afa28
Java Applet CVE-2012-5076 Analysis
Posted Dec 3, 2012
Authored by KAIST CSRC

This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.

tags | paper, java
advisories | CVE-2012-5076
MD5 | d0ecc314d015826f16c87e2f4c4ea017
MS IE CVE-2012-4969 Analysis
Posted Oct 10, 2012
Authored by KAIST CSRC

This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.

tags | paper
advisories | CVE-2012-4969
MD5 | cd569ca592a6bd5f3ce9778ff0baf3a2
Oracle Java Applet SunToolkit.getField Method Remote Code Execution
Posted Sep 15, 2012
Authored by Minsu Kim, Hyunwoo Choi, Hyunwook Hong, Changhoon Yoon

This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.

tags | paper, java, remote, code execution
advisories | CVE-2012-4781
MD5 | a30f6942df60bfd5825077b8aa0e8f00
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
MD5 | 741c90380aa6aebee7cb9f986b50390b
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
MD5 | 333569f5708db49e25c089f6a7579295
Bypassing Address Space Layout Randomization
Posted Apr 16, 2012
Authored by TheXero | Site nullsecurity.net

Most modern day Operating Systems include some form of memory protection such as DEP and ASLR. This article focuses on ASLR, its implementation, limitations and finally various techniques which can be used to circumvent the protection.

tags | paper
MD5 | 0efab163baa971c694aefcc02f81e781
Bypassing tolower() Filters In Buffer Overflows
Posted Mar 30, 2012
Authored by localh0t

This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.

tags | paper, overflow
MD5 | f64919dfc1aa21cbaaaaeadd847a02ff
Baseline Requirements For Publicly-Trusted Certificates 1.0
Posted Dec 17, 2011
Site cabforum.org

This document is version 1.0, as adopted by the CA/Browser Forum on 22 Nov. 2011 with an Effective Date of 1 July 2012. These Baseline Requirements describe an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements that are necessary (but not sufficient) for the issuance and management of Publicly-Trusted Certificates; Certificates that are trusted by virtue of the fact that their corresponding Root Certificate is distributed in widely-available application software. The Requirements are not mandatory for Certification Authorities unless and until they become adopted and enforced by relying–party Application Software Suppliers.

tags | paper, root, protocol
MD5 | 63d03aa7d401de867cf392a08b47eb93
Inline Hooking In Windows
Posted Sep 8, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

This document is the second of a series of five articles relating to the art of hooking. As a test environment they will use an english Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
MD5 | ba487d0f2f4ac32605b8b10c0f9d3d63
Bypassing PHPIDS 0.6.5
Posted Aug 26, 2011
Authored by Michael Brooks

Using the attacks in this paper allows you to bypass all of PHPIDS's rule sets, which defeats all protection PHPIDS can provide. Furthermore, on a default install of PHPIDS the log file can be used to drop a PHP backdoor. This can use PHPIDS as a vital steping stone in turning an LFI vulnerability into remote code execution. The end result is that use of PHPIDS 0.6.5 can make you less secure. All of these issues have been fixed in version 0.7.

tags | paper, remote, php, code execution
MD5 | 9ab07f1c927a13a3d156d301289a0974
Userland Hooking In Windows
Posted Aug 16, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
MD5 | 05a7bc02c53bdc0f1a0598ded46469bd
Bypassing Anti-Virus Scanners
Posted Mar 29, 2011
Authored by MaXe

Whitepaper called Bypassing Anti-Virus Scanners.

tags | paper, virus
MD5 | ac6502acce41650496faa087d474e6f0
Bypassing Browser Memory Protections
Posted Jan 6, 2011
Authored by Mark Dowd, Alexander Sotirov

Whitepaper called Bypassing Browser Memory Protections.

tags | paper
MD5 | 95657eee5f5fc56951e75e9d64ec3813
Page 1 of 2

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    11 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By