Whitepaper that discusses XXE exploitation via file uploads.
7c6849a41692d2abfdae193b26658ffc1ed539af111174b955d5ba020dc87949Brief whitepaper that discusses well-known standards like OWASP Top 10, OWASP ASVS, WASC and CWE SANS 25.
bb8c3ba79e4589a5aa83121ea754034f9c5a42dd7b26ad8c48c817a89a9ea285Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.
a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1cThis is a whitepaper that discusses DNS spoofing. Written in Spanish.
f2ea4bf58281fa68bc973561373c15277c62566c003a2f7a9096cddecd79929eWhitepaper that gives an analysis of the remote code execution vulnerability noted in CVE-2019-11932 for WhatsApp that affects versions prior to 2.19.244. Written in Spanish.
7866772d314829babcae8d60f3a6173f7e55759aac6e5184ca91290e471e6320Whitepaper that gives an overview on brute-forcing login and bypassing account lockout on elabFTW version 1.8.5.
094a251f151a7eb62b59cfd2e713ac0c84510e643ec38087d3cafab6380e06e8Whitepaper that discusses the functionality of EDR (Endpoing Protection and Response), how it compares to antivirus, and how it can be manipulated.
ece8d73b3f5b494064886d578b32c0f9fcd8723057d66ff7d4e4b551ab1d242dWhitepaper that discusses deserialization of untrusted data in jsoniter.
0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4This is a whitepaper that discusses additional vectors of attack that can be used against Razer products.
d896ee68726d14957e7b9ef3ead4ea6080977a3951b1f9246dab51ea5e04be7cThis is a whitepaper that gives an overview of the PIP vulnerability in Android 11.
de30f374a906fe8d9c0d8bb8b7dfebcf0db353f3671a5b1d8f515460f9e6c36dBrief whitepaper that goes through proxy, ssh, and vpn pivoting during an attack. Written in Arabic.
a1e855c508e17641d2eb114eced9cbb69be22f676f04484aaf30c490b078784eThis is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
599c840a9119e2c8108281701779707886926208b2da13457cc0150074c5afdfWhitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.
0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216This is a brief whitepaper that discusses wordlists, where to get them, and when to use them.
89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31This is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37bebThis is a brief whitepaper that goes over file transfer mechanisms that can be used on Windows and Linux.
bb53fbaa2dc352533456cf7d06a33392552c749b608b8e33b3b03227d97e1520Microsoft SMBv3 CVE-2020-0796 whitepaper that discusses the workings, exploitation, and mitigations.
9154829412e6f27bbd51d39811e1acf07f15b9daf04fbad8e3cb61e74d7e6c62This is a brief whitepaper that goes over some tooling that can be of assistance while performing reconnaissance against a web application prior to attack.
efa89877156455ecbe4998579276a2b7f88564aac2a446ce3a8fdb5d7a98c52cThis is a whitepaper that details identifying cross site scripting vulnerabilities in both the Neo and Matrix LMS codebase.
425783c0a58f4b3d8ceaa1ef51c78b248dc59a4e994ea242a952886897d53b3dWhitepaper that discusses secure coding practices and touches on security principles.
9f6048e80ea6065b6c5a3a4d114d2785cec99719ba4095264843a7765ea4d3f1This is a whitepaper that discusses unmasking hidden sites behind Cloudflare an Tor.
55b41d984f3de143bc1ab3d75c2bfb2181b35277644bc2e08ecee6160697f930Whitepaper that discusses bypassing SSL pinning. Written in Turkish.
8e4b24e390ce31c897804f6427429f08f9ebbc7266dada92a0e4ce6c62427667Whitepaper that goes over a full attack scenario by getting a foothold through Microsoft Exchange OWA Portal to discover and abuse MSSQL.
1e359078a38e5ef9da11966368cd8309e0715ec901171b245500b208e0b296e2Whitepaper that discusses CVE-2020-6418 which encapsulates a type confusion vulnerability in V8 in Google Chrome versions prior to 80.0.3987.122.
1f3aff5295a783cf0bb41866e3c194712b4267c83fb6e233130408cc4d7c35a4This is a whitepaper that presents an exploratory study of responses from 75 security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. The researchers presented the participants with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve their understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. They observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.
55854ee2c23a225a399933b2397503589cceb96dd36c5a8986a11eb73227e97e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed