exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files

locale_sol.txt
Posted Nov 22, 2001
Authored by Solar Eclipse | Site phreedom.org

This paper describes in detail the exploitation of the libc locale format string vulnerability on Solaris/SPARC. The full source code for the exploit is presented and some details of the implementation are discussed.

tags | exploit
systems | solaris
SHA-256 | 7b17fe99c5995c3700f946e8abe827d958a46295cd8e9068e1a590b08b7ef993

Related Files

A Vulnerability In Implementations of SHA-3, SHAKE, EdDSA, And Other NIST-Approved Algorithms
Posted Mar 7, 2023
Authored by Nicky Mouha, Christopher Celi | Site eprint.iacr.org

This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

tags | paper, overflow, cryptography, php, python
advisories | CVE-2022-37454
SHA-256 | e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1
Stealing Windows Credentials Using Google Chrome
Posted May 18, 2017
Authored by Bosko Stankovic

This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

tags | paper
systems | windows
SHA-256 | 88f2619b5a29a05dfc2991bd8091e6af81c3ee03407380cea432941cad18af7a
Bypassing McAfee's Application Whitelisting For Critical Infrastructure Systems
Posted Jan 12, 2016
Authored by Rene Freingruber | Site sec-consult.com

This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.

tags | paper
SHA-256 | 447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18
Handling The Problems In Biometrics
Posted Jan 6, 2015
Authored by Varun Mamillapalli

This paper describes some of the common problems faced in biometrics and possible solutions to these problems.

tags | paper
SHA-256 | 1e2342519676a56045378295699ec80a758236ce205376eff99f6166e1ce8163
PE (Portable Executable) File Format
Posted Aug 12, 2013
Authored by Nytro

This paper describes the PE (Portable Executable) file format used by Windows executables (.exe), dynamic link libraries (.dll) and other files: system drivers or ActiveX controls. It is written in Romanian.

tags | paper, activex
systems | windows
SHA-256 | a2646c777b4db6e736b6d280dbe7880941e981053a622f50cc9a96c813f0425e
Call Of Duty: Modern Warfare 3 NULL Pointer Dereference
Posted Nov 14, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper describes a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare6 query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

tags | advisory, denial of service
SHA-256 | 1db66d6df1c094eebc40c0809e56c80069be073ae8a823feafea42632a3104da
Transferable State Attack On Iterated Hashing Functions
Posted Jul 29, 2012
Authored by bwall

This paper describes an attack of the iterated use of hashing functions used as key stretching algorithms where the state of a hash can be transferred to the next hash function.

tags | paper
SHA-256 | 52f96766730e53dd9b718a0a0d0d999d36d38002c0a17023db1db12a5d4196c7
Indexed Blind SQL Injection
Posted Dec 3, 2011
Authored by gamma95

Whitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.

tags | paper, sql injection
SHA-256 | 84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21
Sophail: A Critical Analysis Of Sophos Antivirus
Posted Aug 4, 2011
Authored by Tavis Ormandy

This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.

tags | paper, vulnerability, virus
SHA-256 | 57ecb0848e5b99ef5678dc00d7aabb2718195a8bb23f387f2d5ff429df854455
ProxBrute - Taking Proxcard Cloning To The Next Level
Posted Jan 20, 2011
Authored by Brad Antoniewicz

This paper describes the basic process of using the proxmark3 to clone Proxcards and then introduces ProxBrute, a new tool for brute forcing valid proxcard values.

tags | paper
SHA-256 | 2d0fd9f79fb7dbb051b1d0d095dea1dd28993622fb07d852518c7f7100181d3b
Google Chrome 3.0 Beta Math.random Vulnerability
Posted Sep 2, 2009
Authored by Amit Klein | Site trusteer.com

The revised Google Chrome Math.random algorithm (included in version 3.0 of Google Chrome) is predictable. This paper describes how Google Chrome 3.0 Math.random's internal state can be reconstructed, and how it can be rolled forward and backward, and how (in Windows) the exact seeding time can be extracted.

tags | paper
systems | windows
SHA-256 | 7b9c83dd2e7273c2190b761a57b11ae0110031308ec5b9aabd23733fed32ae97
Cisco IOS Router Exploitation
Posted Jul 26, 2009
Authored by FX | Site recurity-labs.com

Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.

tags | paper, vulnerability
systems | cisco
SHA-256 | c8f425e5b59d8610a92403e4d24fbd0a74109b64e2b2600c739f8f66b44a6701
Sniffing SAP GUI Passwords
Posted Jul 17, 2009
Authored by Andreas Baus, Rene Ledosquet

This paper describes a practical attack against the protocol used by SAP for client server communication. The purpose of this paper is to clarify the fact that the protocol does not sufficiently protect sensitive information like user names and passwords.

tags | paper, protocol
SHA-256 | f6435814e3afad6ebb4262a9c614cacd418277717cf925da94343a17ae06aa57
D2T1_-_Petko_Petkov_-_For_My_Next_Trick_-_Client_Side_Hacking.zip
Posted Apr 21, 2008
Authored by Petko Petkov | Site conference.hitb.org

For My Next Trick: Client-Side Hacking - This paper describes numerous techniques for attacking Clients-side technologies. The content of the paper is based the research that has been conducted over past year by the GNUCITIZEN Ethical Hacker Outfit.

SHA-256 | 5114d549b8788fd32a3a932d6dc7a62491c96edcf00a8827b0992a195405db27
Detect Honeypots / Honeywalls Using Hping Whitepaper
Posted Apr 4, 2006
Authored by Amir Alsbih | Site informatik.uni-freiburg.de

This paper describes how to detect Honeypots / Honeywalls by using hping to send an ICMP packet containing shellcode and analyzing the response.

tags | paper, shellcode
SHA-256 | 9239f109f0a37a9b7bfba5c3af51feee113b633f86cd3cd17248aa31a91adb27
vm.pdf
Posted Mar 22, 2006
Authored by Val Smith | Site offensivecomputing.net

Detecting the Presence of Virtual Machines Using the Local Data Table - This paper describes a method for determining the presence of virtual machine emulation in a non-privileged operating environment. This attack is useful for triggering anti-virtualization attacks and evading analysis.

tags | paper, local
SHA-256 | 48ac374b43d646206bf8a59b9cc0aed6ac19a76791acaea176314b493393c68e
MSBugPaper.pdf
Posted Oct 25, 2005
Authored by Cesar | Site argeniss.com

Story of a dumb patch - This paper describes a mistake made by Microsoft in patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes of software vendors to not repeat these kind of mistakes.

tags | paper
SHA-256 | a79eb3b5aa2f5d80efad97626f1bd81b439fa096671c52ff737b3558b91a75e0
WritingSmallShellcode.pdf
Posted Sep 23, 2005
Authored by Dafydd Stuttard | Site ngssoftware.com

This paper describes an attempt to write Win32 shellcode that is as small as possible, to perform a common task subject to reasonable constraints. The solution presented implements a bindshell in 191 bytes of null-free code, and outlines some general ideas for writing small shellcode.

tags | paper, shellcode
systems | windows
SHA-256 | a4631261a3729136f9d6a5d804e1c7cdf1a8baf9350860bdca03b63296b139a2
022805.txt
Posted Mar 1, 2005
Authored by Amit Klein | Site webappsec.org

This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.

tags | paper, web
SHA-256 | 95d07a72940beb4eb7d8ef7e8dce89e68ae8dd623e9569d62e531063c6e241f1
Advanced_XSS_Control.txt
Posted Feb 18, 2005
Authored by Anton Rager

Advanced Cross-Site-Scripting with Real-time Remote Attacker Control - Some people think XSS attacks are no big deal, but I plan to change that perception with the release of this paper and an accompanying tool called XSS-Proxy which allows XSS attacks to be fully controlled by a remote attacker. This paper describes current XSS attacks and introduces new methods/tool for making XSS attacks interactive, bi-directional, persistent and much more evil. This is not a detailed XSS HowTo, but an explanation of methods for taking XSS attacks much further. Attackers can access sites as the victim or forward specific blind requests to other servers.

tags | paper, remote, web
SHA-256 | 8f3f833faade0f8c6add6576e39ff2be36df99d31657b8eb6613799fa7945aa6
Blind_XPath_Injection_20040518.pdf
Posted May 20, 2004
Authored by Amit Klein | Site sanctuminc.com

This paper describes a Blind XPath Injection attack that enables an attacker to extract a complete XML document used for XPath querying, without prior knowledge of the XPath query.

tags | paper
SHA-256 | 007c04289ec7cfd707f78efcc1903cb5ebf8636ba697af09bdef3416f86c5cbb
vote.pdf
Posted Oct 31, 2003
Authored by Adam Stubblefield, Tadayoshi Kohno, Dan S. Wallach, Aviel D. Rubin

Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.

tags | paper
SHA-256 | 4195f132bcaecb86b41e4710a96c5bfb1819b0c3bcee08b19876dba8e2cfdd2e
ebpoverflow.txt
Posted Oct 30, 2003
Authored by Nebunu

One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.

tags | paper, overflow
systems | unix
SHA-256 | 003c664e2339c4874046201145c181f17ebdd3ea4be562a3990168bb8426da4e
fstream-overflows.txt
Posted Feb 3, 2003
Authored by Killah | Site hack.gr

This paper describes FILE stream overflow vulnerabilities and illustrates how they can be exploited. The author uses a FILE stream overflow in dvips as a case study.

tags | paper, overflow, vulnerability
systems | unix
SHA-256 | 1ba52e016c0392136d39eef96e00aa376e076ea025a6eab55d090bf725634635
mk.pdf
Posted Jan 24, 2003
Authored by Matt Blaze | Site crypto.com

Rights Amplification in Master-Keyed Mechanical Locks - This paper describes a relatively unknown procedure for obtaining a master key if given access to a tumbler based master keyed lock and any low level key in the system. No special skill or equipment beyond a small number of blank keys and a file is needed, and the attacker does not need to engage in any suspicious behavior at the locks location. Countermeasures are described with provide limited protection under certain circumstances.

tags | paper
SHA-256 | 562ab51f68cdb767a008ead12ba2e6dff9f5b95fde08373041067c0cc80dbfa9
Page 1 of 2
Back12Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close