exploit the possibilities
Showing 1 - 25 of 37 RSS Feed


Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
MD5 | 4560c10a59bfed2734bbd165d32220ff

Related Files

Running Encrypted ELF Binaries In Memory
Posted Mar 4, 2020
Authored by Marco Ortisi, redtimmysec

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

tags | paper
MD5 | 52ec6510fb7651a2bf2d2fba030f87b6
Remote Code Execution With EL Injection Vulnerabiltiies
Posted Feb 1, 2019
Authored by Asif Durani

This paper discusses a vulnerability class called "Expression Language Injection (EL Injection)". Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today's world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.

tags | paper
MD5 | d27631ed77a06533d0b790da76f33b03
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
MD5 | b7f93b900e475675844e4bcace0d312d
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
MD5 | e0cacc6a2c0d3253f7821933e2e8dfbd
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
Facebook Malicious Extension Malware Analysis
Posted Feb 8, 2015
Authored by Nick Pantazopoulos, Nikolas Totosis

This paper discusses a recent malware distribution occurring on Facebook that attempts to install a malicious Chrome extension.

tags | paper
MD5 | fedad77bedf020e298bf353de0a8924c
Blind Command Injection On Embedded Systems
Posted Dec 15, 2014
Authored by Cenk Kalpakoglu

This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.

tags | paper
MD5 | 4793cb924cd104abb532a6ff0d77ef6e
In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
MD5 | fac4b2bf6db6bfdea8da11c5c3607f7d
Abusing, Exploiting, And Pwning With Firefox Add-Ons
Posted Feb 22, 2013
Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper
MD5 | b89cfaf1ecf68081c8b9cd981e067659
A Pentester's Guide To Hacking OData
Posted Oct 1, 2012
Authored by Gursev Kalra | Site mcafee.com

The Open Data Protocol (OData) is an open web based RESTful protocol for querying and updating data. This paper discusses OData penetration testing methodology and techniques.

tags | paper, web, protocol
MD5 | de2b6f30074f337146b28faab1c7043e
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehbock

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
MD5 | 795e111de4ff159c05752bfb679f8945
Biclique Cryptanalysis Of The Full AES
Posted Aug 19, 2011
Authored by Dmitry Khovratovich, Andrey Bogdanov, Christian Rechberger

Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.

tags | paper
MD5 | 709a1f2c8b9ff655ca735589dc58c746
Web Application Finger Printing
Posted Jul 17, 2011
Authored by Anant Shrivastava | Site anantshri.info

Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.

tags | paper, web
MD5 | 028fc6c8349bd9406ea3371b78ced25f
Apple iTunes Privilege Escalation
Posted Apr 1, 2010
Authored by Jason Geffner | Site ngssoftware.com

This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.

tags | advisory, local
systems | windows, apple
advisories | CVE-2010-0532
MD5 | eeacb581ab0680707becbfb2bfb0e1ce
GDT And LDT In Windows Kernel Vulnerability Exploitation
Posted Jan 18, 2010
Authored by Gynvael Coldwind, Matthew Jurczyk

Whitepaper called GDT and LDT in Windows kernel vulnerability exploit. This paper discusses using 1 or 4 byte write-what-where conditions to convert a custom Data-Segment Descriptor entry in LDT of a process into a Call-Gate (with DPL set to 3 and RPL to 0).

tags | paper, kernel
systems | windows
MD5 | 6840185722dc69048e0bf5434f19d5cb
Bypassing SEHOP
Posted Dec 22, 2009
Authored by Damien Cauquil, Stefan Le Berre

Whitepaper called Bypassing SEHOP. Microsoft has recently implemented in many Windows versions a new security feature named Structured Exception Handling Overwrite Protection. This paper discusses how it can be bypassed.

tags | paper
systems | windows
MD5 | 9d07cf6d2d0a4ac1cc6f92499ee959bb
LFI/RFI Testing With fimap
Posted Sep 4, 2009
Authored by Iman Karim

This paper discuss local and remote file inclusion testing and exploiting using fimap.

tags | paper, remote, local, file inclusion
MD5 | f7dec790733630ffeed3134110800187
Posted Oct 7, 2008
Authored by Aelphaeis Mangarae | Site blackhat-forums.com

This paper discusses injection into Oracle PL/SQL databases objects.

tags | paper
MD5 | f9ab79eb4c9cf9a20d44e368ed1ae970
Posted May 20, 2008
Authored by Ferruh Mavituna | Site portcullis-security.com

DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

tags | paper
MD5 | 51a158a1e160f74d3c8e54ce364c873b
Biologger - A Biometric Keylogger Whitepaper
Posted Sep 7, 2007
Authored by Matthew Lewis | Site irmplc.com

Whitepaper entitled "Biologger - A Biometric Keylogger". This paper discusses using a "Biologger" to capture biometric data and replaying the data via man-in-the-middle attacks.

tags | paper
MD5 | 88e34353043a2a365a7d0bbf43940b13
Posted Jul 31, 2007
Authored by Andy Davis - IRMPLC, Phil Huggins | Site irmplc.com

This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.

tags | paper
MD5 | cfb45eac3e565e1e32e3b0effda2bb2c
Posted Nov 18, 2006
Authored by John Heasman | Site ngssoftware.com

Whitepaper entitled "Implementing and Detecting a PCI Rootkit". This paper discusses means of persisting a rootkit on a PCI device containing a flashable expansion ROM.

tags | paper
MD5 | 7084bf1c02b55654aea3de77ef71ed9b
Posted May 22, 2006
Authored by Monte Toren | Site AlertPool.com

This paper discusses a simple technique for injecting code by manipulating hidden form fields.

tags | paper
MD5 | 273b5ed1157eef000e072bc27d7b8264
Host Fingerprinting and Firewalking With Hping
Posted Nov 30, 2005
Authored by naveed afzal

Host Fingerprinting and Firewalking With hping - This paper discusses some of the techniques that can be effectively used in host fingerprinting, especially when a host is behind a firewall. Various tools are discussed with hping as a primary focus.

tags | paper
MD5 | 3e2bea990221c86fe51e24c4388388c4
Posted Oct 26, 2005
Authored by haker haker

NEURAL NETWORKS and their applicability in security field - Neural networks are widely used for prediction, pattern recognition, and classification. Voice or handwriting recognition problems are very hard to solve using standard programs and algorithms. This paper discusses the applicability of neural networks in security applications.

tags | paper
MD5 | 439ec7f50261d19bfc0c477a4b4d0e12
Page 1 of 2

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By