exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed


A Vulnerability In Implementations of SHA-3, SHAKE, EdDSA, And Other NIST-Approved Algorithms
Posted Mar 7, 2023
Authored by Nicky Mouha, Christopher Celi | Site eprint.iacr.org

This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

tags | paper, overflow, cryptography, php, python
advisories | CVE-2022-37454
SHA-256 | e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1

Related Files

Stealing Windows Credentials Using Google Chrome
Posted May 18, 2017
Authored by Bosko Stankovic

This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

tags | paper
systems | windows
SHA-256 | 88f2619b5a29a05dfc2991bd8091e6af81c3ee03407380cea432941cad18af7a
Bypassing McAfee's Application Whitelisting For Critical Infrastructure Systems
Posted Jan 12, 2016
Authored by Rene Freingruber | Site sec-consult.com

This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.

tags | paper
SHA-256 | 447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18
Handling The Problems In Biometrics
Posted Jan 6, 2015
Authored by Varun Mamillapalli

This paper describes some of the common problems faced in biometrics and possible solutions to these problems.

tags | paper
SHA-256 | 1e2342519676a56045378295699ec80a758236ce205376eff99f6166e1ce8163
PE (Portable Executable) File Format
Posted Aug 12, 2013
Authored by Nytro

This paper describes the PE (Portable Executable) file format used by Windows executables (.exe), dynamic link libraries (.dll) and other files: system drivers or ActiveX controls. It is written in Romanian.

tags | paper, activex
systems | windows
SHA-256 | a2646c777b4db6e736b6d280dbe7880941e981053a622f50cc9a96c813f0425e
Call Of Duty: Modern Warfare 3 NULL Pointer Dereference
Posted Nov 14, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper describes a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare6 query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

tags | advisory, denial of service
SHA-256 | 1db66d6df1c094eebc40c0809e56c80069be073ae8a823feafea42632a3104da
Transferable State Attack On Iterated Hashing Functions
Posted Jul 29, 2012
Authored by bwall

This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.

tags | paper
SHA-256 | 52f96766730e53dd9b718a0a0d0d999d36d38002c0a17023db1db12a5d4196c7
Indexed Blind SQL Injection
Posted Dec 3, 2011
Authored by gamma95

Whitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.

tags | paper, sql injection
SHA-256 | 84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21
Sophail: A Critical Analysis Of Sophos Antivirus
Posted Aug 4, 2011
Authored by Tavis Ormandy

This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.

tags | paper, vulnerability, virus
SHA-256 | 57ecb0848e5b99ef5678dc00d7aabb2718195a8bb23f387f2d5ff429df854455
ProxBrute - Taking Proxcard Cloning To The Next Level
Posted Jan 20, 2011
Authored by Brad Antoniewicz

This paper describes the basic process of using the proxmark3 to clone Proxcards and then introduces ProxBrute, a new tool for brute forcing valid proxcard values.

tags | paper
SHA-256 | 2d0fd9f79fb7dbb051b1d0d095dea1dd28993622fb07d852518c7f7100181d3b
Google Chrome 3.0 Beta Math.random Vulnerability
Posted Sep 2, 2009
Authored by Amit Klein | Site trusteer.com

The revised Google Chrome Math.random algorithm (included in version 3.0 of Google Chrome) is predictable. This paper describes how Google Chrome 3.0 Math.random's internal state can be reconstructed, and how it can be rolled forward and backward, and how (in Windows) the exact seeding time can be extracted.

tags | paper
systems | windows
SHA-256 | 7b9c83dd2e7273c2190b761a57b11ae0110031308ec5b9aabd23733fed32ae97
Cisco IOS Router Exploitation
Posted Jul 26, 2009
Authored by FX | Site recurity-labs.com

Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.

tags | paper, vulnerability
systems | cisco
SHA-256 | c8f425e5b59d8610a92403e4d24fbd0a74109b64e2b2600c739f8f66b44a6701
Sniffing SAP GUI Passwords
Posted Jul 17, 2009
Authored by Andreas Baus, Rene Ledosquet

This paper describes a practical attack against the protocol used by SAP for client server communication. The purpose of this paper is to clarify the fact that the protocol does not sufficiently protect sensitive information like user names and passwords.

tags | paper, protocol
SHA-256 | f6435814e3afad6ebb4262a9c614cacd418277717cf925da94343a17ae06aa57
Posted Apr 21, 2008
Authored by Petko Petkov | Site conference.hitb.org

For My Next Trick: Client-Side Hacking - This paper describes numerous techniques for attacking Clients-side technologies. The content of the paper is based the research that has been conducted over past year by the GNUCITIZEN Ethical Hacker Outfit.

SHA-256 | 5114d549b8788fd32a3a932d6dc7a62491c96edcf00a8827b0992a195405db27
Detect Honeypots / Honeywalls Using Hping Whitepaper
Posted Apr 4, 2006
Authored by Amir Alsbih | Site informatik.uni-freiburg.de

This paper describes how to detect Honeypots / Honeywalls by using hping to send an ICMP packet containing shellcode and analyzing the response.

tags | paper, shellcode
SHA-256 | 9239f109f0a37a9b7bfba5c3af51feee113b633f86cd3cd17248aa31a91adb27
Posted Mar 22, 2006
Authored by Val Smith | Site offensivecomputing.net

Detecting the Presence of Virtual Machines Using the Local Data Table - This paper describes a method for determining the presence of virtual machine emulation in a non-privileged operating environment. This attack is useful for triggering anti-virtualization attacks and evading analysis.

tags | paper, local
SHA-256 | 48ac374b43d646206bf8a59b9cc0aed6ac19a76791acaea176314b493393c68e
Posted Oct 25, 2005
Authored by Cesar | Site argeniss.com

Story of a dumb patch - This paper describes a mistake made by Microsoft in patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes of software vendors to not repeat these kind of mistakes.

tags | paper
SHA-256 | a79eb3b5aa2f5d80efad97626f1bd81b439fa096671c52ff737b3558b91a75e0
Posted Sep 23, 2005
Authored by Dafydd Stuttard | Site ngssoftware.com

This paper describes an attempt to write Win32 shellcode that is as small as possible, to perform a common task subject to reasonable constraints. The solution presented implements a bindshell in 191 bytes of null-free code, and outlines some general ideas for writing small shellcode.

tags | paper, shellcode
systems | windows
SHA-256 | a4631261a3729136f9d6a5d804e1c7cdf1a8baf9350860bdca03b63296b139a2
Posted Mar 1, 2005
Authored by Amit Klein | Site webappsec.org

This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.

tags | paper, web
SHA-256 | 95d07a72940beb4eb7d8ef7e8dce89e68ae8dd623e9569d62e531063c6e241f1
Posted Feb 18, 2005
Authored by Anton Rager

Advanced Cross-Site-Scripting with Real-time Remote Attacker Control - Some people think XSS attacks are no big deal, but I plan to change that perception with the release of this paper and an accompanying tool called XSS-Proxy which allows XSS attacks to be fully controlled by a remote attacker. This paper describes current XSS attacks and introduces new methods/tool for making XSS attacks interactive, bi-directional, persistent and much more evil. This is not a detailed XSS HowTo, but an explanation of methods for taking XSS attacks much further. Attackers can access sites as the victim or forward specific blind requests to other servers.

tags | paper, remote, web
SHA-256 | 8f3f833faade0f8c6add6576e39ff2be36df99d31657b8eb6613799fa7945aa6
Posted May 20, 2004
Authored by Amit Klein | Site sanctuminc.com

This paper describes a Blind XPath Injection attack that enables an attacker to extract a complete XML document used for XPath querying, without prior knowledge of the XPath query.

tags | paper
SHA-256 | 007c04289ec7cfd707f78efcc1903cb5ebf8636ba697af09bdef3416f86c5cbb
Posted Oct 31, 2003
Authored by Adam Stubblefield, Tadayoshi Kohno, Dan S. Wallach, Aviel D. Rubin

Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.

tags | paper
SHA-256 | 4195f132bcaecb86b41e4710a96c5bfb1819b0c3bcee08b19876dba8e2cfdd2e
Posted Oct 30, 2003
Authored by Nebunu

One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.

tags | paper, overflow
systems | unix
SHA-256 | 003c664e2339c4874046201145c181f17ebdd3ea4be562a3990168bb8426da4e
Posted Feb 3, 2003
Authored by Killah | Site hack.gr

This paper describes FILE stream overflow vulnerabilities and illustrates how they can be exploited. The author uses a FILE stream overflow in dvips as a case study.

tags | paper, overflow, vulnerability
systems | unix
SHA-256 | 1ba52e016c0392136d39eef96e00aa376e076ea025a6eab55d090bf725634635
Posted Jan 24, 2003
Authored by Matt Blaze | Site crypto.com

Rights Amplification in Master-Keyed Mechanical Locks - This paper describes a relatively unknown procedure for obtaining a master key if given access to a tumbler based master keyed lock and any low level key in the system. No special skill or equipment beyond a small number of blank keys and a file is needed, and the attacker does not need to engage in any suspicious behavior at the locks location. Countermeasures are described with provide limited protection under certain circumstances.

tags | paper
SHA-256 | 562ab51f68cdb767a008ead12ba2e6dff9f5b95fde08373041067c0cc80dbfa9
Posted Dec 4, 2002
Authored by Josh Glenn

This paper describes the wireless LAN standards, WLAN Architecture and Security, Authentication, WEP, and more.

tags | paper
SHA-256 | 9f392febd9924d4bddb9cf37435d3ffd7d215082566ed60870db6bffe4093471
Page 1 of 4

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By