what you don't know can hurt you
Showing 1 - 25 of 59 RSS Feed


Posted Jul 31, 2007
Authored by Andy Davis - IRMPLC, Phil Huggins | Site irmplc.com

This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.

tags | paper
MD5 | cfb45eac3e565e1e32e3b0effda2bb2c

Related Files

Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
MD5 | 4560c10a59bfed2734bbd165d32220ff
Running Encrypted ELF Binaries In Memory
Posted Mar 4, 2020
Authored by Marco Ortisi, redtimmysec

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

tags | paper
MD5 | 52ec6510fb7651a2bf2d2fba030f87b6
Remote Code Execution With EL Injection Vulnerabiltiies
Posted Feb 1, 2019
Authored by Asif Durani

This paper discusses a vulnerability class called "Expression Language Injection (EL Injection)". Although several security researchers have published details in the past, the bug class is still fairly unknown. EL Injection is a serious security threat over the Internet for the various dynamic applications. In today's world, there is a universal need present for dynamic applications. As the use of dynamic applications for various online services is rising, so is the security threats increasing. This paper defines a methodology for detecting and exploiting EL injection.

tags | paper
MD5 | d27631ed77a06533d0b790da76f33b03
Case Study: Security Of Modern Bluetooth Keyboards
Posted Jun 22, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

tags | paper, vulnerability
MD5 | 066966c0a18d2c6ee4c885c5fb48bd21
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
MD5 | b7f93b900e475675844e4bcace0d312d
Bypassing NoScript Security Suite Using XSS And MITM Attacks
Posted Mar 18, 2016
Authored by Mazin Ahmed

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

tags | paper
MD5 | e0cacc6a2c0d3253f7821933e2e8dfbd
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
Facebook Malicious Extension Malware Analysis
Posted Feb 8, 2015
Authored by Nick Pantazopoulos, Nikolas Totosis

This paper discusses a recent malware distribution occurring on Facebook that attempts to install a malicious Chrome extension.

tags | paper
MD5 | fedad77bedf020e298bf353de0a8924c
Blind Command Injection On Embedded Systems
Posted Dec 15, 2014
Authored by Cenk Kalpakoglu

This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.

tags | paper
MD5 | 4793cb924cd104abb532a6ff0d77ef6e
In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
MD5 | fac4b2bf6db6bfdea8da11c5c3607f7d
Abusing, Exploiting, And Pwning With Firefox Add-Ons
Posted Feb 22, 2013
Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper
MD5 | b89cfaf1ecf68081c8b9cd981e067659
A Pentester's Guide To Hacking OData
Posted Oct 1, 2012
Authored by Gursev Kalra | Site mcafee.com

The Open Data Protocol (OData) is an open web based RESTful protocol for querying and updating data. This paper discusses OData penetration testing methodology and techniques.

tags | paper, web, protocol
MD5 | de2b6f30074f337146b28faab1c7043e
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehbock

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
MD5 | 795e111de4ff159c05752bfb679f8945
Biclique Cryptanalysis Of The Full AES
Posted Aug 19, 2011
Authored by Dmitry Khovratovich, Andrey Bogdanov, Christian Rechberger

Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.

tags | paper
MD5 | 709a1f2c8b9ff655ca735589dc58c746
Web Application Finger Printing
Posted Jul 17, 2011
Authored by Anant Shrivastava | Site anantshri.info

Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.

tags | paper, web
MD5 | 028fc6c8349bd9406ea3371b78ced25f
Security Implications Of IPv6
Posted May 27, 2011
Authored by Fernando Gont

This paper, called Security Implications of IPv6, was published by CPNI and is a collection of security implications to think about while transitioning to IPv6.

tags | paper
MD5 | 6dcdf237ac03cf32360097348699cfd8
Apple iTunes Privilege Escalation
Posted Apr 1, 2010
Authored by Jason Geffner | Site ngssoftware.com

This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.

tags | advisory, local
systems | windows, apple
advisories | CVE-2010-0532
MD5 | eeacb581ab0680707becbfb2bfb0e1ce
GDT And LDT In Windows Kernel Vulnerability Exploitation
Posted Jan 18, 2010
Authored by Gynvael Coldwind, Matthew Jurczyk

Whitepaper called GDT and LDT in Windows kernel vulnerability exploit. This paper discusses using 1 or 4 byte write-what-where conditions to convert a custom Data-Segment Descriptor entry in LDT of a process into a Call-Gate (with DPL set to 3 and RPL to 0).

tags | paper, kernel
systems | windows
MD5 | 6840185722dc69048e0bf5434f19d5cb
Bypassing SEHOP
Posted Dec 22, 2009
Authored by Damien Cauquil, Stefan Le Berre

Whitepaper called Bypassing SEHOP. Microsoft has recently implemented in many Windows versions a new security feature named Structured Exception Handling Overwrite Protection. This paper discusses how it can be bypassed.

tags | paper
systems | windows
MD5 | 9d07cf6d2d0a4ac1cc6f92499ee959bb
SecurityTubeCon Call For Papers
Posted Sep 10, 2009
Site securitytube.net

SecurityTube.net is pleased to announce the CFP for SecurityTubeCon, the first hacker conference, to be held completely online! This conference will be held November 6th through the 8th, 2009.

tags | paper, conference
MD5 | 76c2f30972cb8a36ff064d5698acb338
LFI/RFI Testing With fimap
Posted Sep 4, 2009
Authored by Iman Karim

This paper discuss local and remote file inclusion testing and exploiting using fimap.

tags | paper, remote, local, file inclusion
MD5 | f7dec790733630ffeed3134110800187
Whitepaper Called Security Of The Web
Posted Jul 14, 2009
Authored by kuze

Whitepaper called Security of the Web. This papers discusses how vulnerabilities have evolved over the years and how web applications have become a primary vector of attack. Written in German.

tags | paper, web, vulnerability
MD5 | 2aaf20a12012c628ded7d80ceb29084e
Securitybyte / OWASP AppSec Asia Call For Papers
Posted Jul 7, 2009
Authored by Securitybyte CFP | Site securitybyte.org

The Security Byte and OWASP AppSec Asia conference call for papers has been announced. It will be held November 17th through the 20th, 2009 in New Delhi.

tags | paper, conference
MD5 | 8ca41340b83fcd160449f9da8b81664a
Posted Oct 7, 2008
Authored by Aelphaeis Mangarae | Site blackhat-forums.com

This paper discusses injection into Oracle PL/SQL databases objects.

tags | paper
MD5 | f9ab79eb4c9cf9a20d44e368ed1ae970
Posted May 20, 2008
Authored by Ferruh Mavituna | Site portcullis-security.com

DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.

tags | paper
MD5 | 51a158a1e160f74d3c8e54ce364c873b
Page 1 of 3

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By