Whitepaper entitled "The Role of Modeling and Simulation in Information Security".
5f8856fb2b9965e4af48075871fdccda90ef3461fa0ec709beca8292fca13122Whitepaper entitled "Hacking Databases For Owning Your Data". This paper goes into specifics on how to compromise MS-SQL and Oracle databases. It includes tools and exploits as well.
4f0613de36a3479fd1e5e7c57266df8715f1eb1c690eea5f55baf65e0ef90793Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".
5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3dWhitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
8f898961deadbbea1e0a38424a21b14dc2cd3202e6954fa1ff015c971451cb97Whitepaper entitled Ambiguity In Ajax Lockdown Framework - Unveiling Some Contradictory Facts.
c72d1fdf0586fb064c35e73407382130Whitepaper entitled Exploiting JSON Framework - 7 Attack Shots.
4ef0bb62586c04ed3138bfb5fb9552f437721e1488319a608841047e93441684Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.
5172b6396a1d3bf6c98f00741dec0697cfc325806e2509483c51c1658ee514dcWhitepaper entitled Windows Vista 64bits And Unexported Kernel Symbols.
2b24f359a718212fdce5611bf648c054d5e5be36b5321038430e4c47d5aad39cWhitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".
1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93efWhitepaper entitled Cracking String Encrypting in Java Obfuscated Bytecode.
b3a054932b76ff48af0039a46178eecf584bc4eb5e4ead1c864b310c0394d2cbWhitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.
76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162Whitepaper entitled "Implementing and Detecting a PCI Rootkit". This paper discusses means of persisting a rootkit on a PCI device containing a flashable expansion ROM.
260ded5cc1071aca1b4d5dfacad60c3e7469b9713f06b292531eeef70176c5cdWhitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.
e539c152ba59e2540ddc231887dd894606a4dec7b799c519d0ed06cee73a609cWhitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.
0edd124aeb55cb3125140eb5cdb86f78449fba1ac22466a4b4325fdf39c92857Whitepaper entitled "HTTP Response Smuggling". It discusses evasion techniques to bypass anti-HTTP response splitting strategies.
ee3a42dce4b4f8bc8c2ae652525c238be609475a31e10db164e4648e1e6a3f2fWhitepaper entitled Windows Access Control Demystified. It discusses some security issues inherent in Microsoft Windows that can allow for local privilege escalation.
5c643fff89661eb32c0192e07cb5fb805f0bbe3a74916157fb39d3dfd499c98cWhitepaper entitled 'Attacking Automatic Wireless Network Selection'.
0fab76effc4d98fe89fa651a422e69e400fe3ac37312fd2e5b3e468409306386Whitepaper entitled 'An Introduction To Heap Overflows On AIX 5.3L'.
7fe6d39248e544c8e5b6ebe39fa4a017668634c3582f64b4ab78f3a53fbf39b8Whitepaper entitled 'Web Application Footprinting and Assessment with MSN Search Tricks'.
21fa9f7a4c5cc5110927a0d58b634ca2cc3a52a3998262dfccb65e1141516e43Whitepaper entitled "Database Servers on Windows XP and the Unintended Consequences of Simple File Sharing".
961bfed777c65e67a52ff50f80f30cc3225bb5fe84c5ae0b939ca30c781b8ef4Whitepaper entitled 'Data-Mining With SQL Injection and Inference'. Paper is based on a talk given earlier this year at Blackhat Europe. It divides SQL injection data theft attacks into three classes - inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference.
fcb6268f83b03e6bae5da741f0a4a4a70ef1f3e89a8ac16c3c1c47f83e4853f6Whitepaper entitled 'Buffer Underruns, DEP, ASLR, and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform'.
6a2fef57985b54e3b9a2d601af88045009dd270ff00aa613302b46f9fe35639bWhitepaper entitled "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more."
f9a2ac7567ed51e0a9e6e4ff4008bf10f202d346e42b74a07fdaa5b5d39e055fWhitepaper entitled 'NIDS Polymorphic Evasion - The End?'. This paper explains how even the most modern of NIDS fail to detect polymorphic shellcode.
3c6e4f916e13381251401f462b3e2128ca6d50fa3050aa9efdad122aee3d6e88Whitepaper entitled Application Level Cryptography: Combination Stream And Block Ciphering Using Double Encryption Algorithms.
54d5e2cd2f382e5bab89c50c763f3a086a983c656a1aa1b329596d85ebac7bb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed