This paper discusses full disclosure, the necessity of legitimate network scanning, and the results of criminalizing security research and information. Overreactions to harmless activities not crossing legal boundaries are leading to a scenario where anyone acquiring basic information about a system needs to be afraid about potential consequences.
e221f988e97f22109eda8c7087b9b887b9ed8deda208b3f903f4f85474a6bd52This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.
e80ccbaa83ffad3bf1cde6de0396cae423f3afd12c0a5a44cb9a16f8090938f4Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.
326178d7c2a2126ac27509f46a4346cfb02ff83ca3fc2a5d381a2e1d830ce3ecThis paper discusses a vulnerability class called "Expression Language Injection (EL Injection)". Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today's world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.
568d83e4ae3f7e4ec9156217f07b246cb483b2ee929431c519f7b291f7254ed0The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.
e7e9068d43e4f86618c09b4979313f1ccd2c4a3b121b0a980a5ccc8d648fc1c0This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.
5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5This paper discusses an overflow in the DOUBLE data type in MySQL.
994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982This paper discusses a recent malware distribution occurring on Facebook that attempts to install a malicious Chrome extension.
dce4e9058411e6582096412639b75d0ec511af38d28faebd4f69cf90d8f5be79This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.
0ddf38fc9a6ebf83ee98eff187bf56078b44d152d0cee625cb886a34f9cce193Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.
1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862aThis paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.
13625ce6c755c96192b50c4a415d4bee4bd21c7137c469ce62b2ea3b7d46cc76The Open Data Protocol (OData) is an open web based RESTful protocol for querying and updating data. This paper discusses OData penetration testing methodology and techniques.
1b62d466847cec22c497a72fa0fe279d3bd1de562ba4265594efc26f9d86694dThis paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.
3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.
892f69df7711f607a712c9642c0b94ef2229b7c62e1af9495c6c69a8dfd8fb59Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.
eab628337996d7cae9ebcf66a12c3a7e94c93d563219fe2015815e81d348b321This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.
08157a8dd7cfd5cb407ffa0138623559421da7fed35cdf32b494e3edc81120bfWhitepaper called GDT and LDT in Windows kernel vulnerability exploit. This paper discusses using 1 or 4 byte write-what-where conditions to convert a custom Data-Segment Descriptor entry in LDT of a process into a Call-Gate (with DPL set to 3 and RPL to 0).
5c8da344b3b6b9b298c6abf88c6abc9b8388ea7855997e8d22f4bdd058f0fb20Whitepaper called Bypassing SEHOP. Microsoft has recently implemented in many Windows versions a new security feature named Structured Exception Handling Overwrite Protection. This paper discusses how it can be bypassed.
494242f6be3d7f34046067b7fd6e0190f1ba76047456124bb6507467ab1279f2This paper discuss local and remote file inclusion testing and exploiting using fimap.
ca0e272e459578d65a04ea70099d78615750a284bffaa9f08e4e57350ee0f311This paper discusses injection into Oracle PL/SQL databases objects.
306aad7837ab141baadbadd186fb4f8aefb3ef5afdd488289c03f1e484a0a996DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.
966761136e5dd0fc10bac9d6b273966d20386567a7bdca93ac2c13e0d89fc0e9Whitepaper entitled "Biologger - A Biometric Keylogger". This paper discusses using a "Biologger" to capture biometric data and replaying the data via man-in-the-middle attacks.
010e9e56816a4de2b35f1a93bdbb54a1d370d7e78a1e3ff111d25a262eecca0eThis paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.
30f5a8238e6edc015d11426f17a737139cb286ac98539e6c0c99d7c160fc1c83Whitepaper entitled "Implementing and Detecting a PCI Rootkit". This paper discusses means of persisting a rootkit on a PCI device containing a flashable expansion ROM.
260ded5cc1071aca1b4d5dfacad60c3e7469b9713f06b292531eeef70176c5cdThis paper discusses a simple technique for injecting code by manipulating hidden form fields.
0b4cb3450ed6fb3cf6fe7f9d2db8b581e808fc233c702aef0904dc6adfa52162Host Fingerprinting and Firewalking With hping - This paper discusses some of the techniques that can be effectively used in host fingerprinting, especially when a host is behind a firewall. Various tools are discussed with hping as a primary focus.
4551fc357bc99a5d90e564c450d8eddd4597186a144d53e9b6e875d61830337f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed