Whitepaper called Phishing on XSS way. Written in Arabic.
9bfa857c10578300a3d0e90b32f3dca05d735640854f0caeb3fa3174acf7d6f1
Whitepaper called Buffer Overflow Exploitation - SEH.
d4773945a03214e61e08b72d1a503fffdf07e12cac2dba7b7d716c937d990401
Whitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
77477751376cbf1dd5937b193eca2afb67787fcb5a3e0c217ea0c52936c41806
Whitepaper called Evading Antimalware Engines via Assembly Ghostwriting.
c69ca241db8929c1badf0a2febd49a571ceddd5755b5f32dd8ef44146ffadb5c
Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.
5c3994059d8384faf17163e5cb49cd471cedb061f14e2c2b7ef3cdb5ce5724aa
Whitepaper called Beyond SQLi: Obfuscate and Bypass. It discusses filter evasion, normal and advanced SQL injection bypassing techniques, and more.
53da24878fd14e31209e104f5628e918c66caec3b70de820ef4ded44a458460e
Whitepaper called Gaming Security By Obscurity. This paper attempts to claim that obscuring information can actually improve security.
85ebf7cdd1837591d397da7aac2ad98c0b1f4ee658364bb7fc4fdcbb32a254d1
Whitepaper called Bypassing IDS with Return Oriented Programming. It heavily discusses and shows the point of leveraging polymorphic shellcode in order to bypass detection.
7b4233a85e4bc362abaaeaf8b2d2687ed81a3db3a7a699bbe6949214aeb66bae
Whitepaper called JBoss Exploitation. This paper goes into detail on popping a shell on open JMX consoles.
f5e7c9eba0269b878c2481d4055fb0247eb60c34c16d6a88ef2dd33026039dc3
Whitepaper called Bypassing ASLR/DEP. It discusses techniques to bypass these security mechanisms and how custom shellcodes are developed.
19d0d0eeefb330797d6b704b3e34af8e0a45d1f512f2906ecc92ca8068e83e5d
Whitepaper called Busting Windows in Backtrack 5 R1 with Metasploit Framework 4.0.
b17b3bde70b97dae75d3386c74f74dbd0087c578cc9036544d4919bdf1d6204e
Whitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection.
14edf4f453f8794728b0ac49c1d1ae57bab9b38e68a39ab9849188b3c9dd702d
Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.
7f7a85ecfeef6b9feb94c08d5e3cb1f087e2f5240b64d76d49bde14d9a26bc7b
Whitepaper called Android LKM Cheat Sheet - Porting Old School LKM Tricks to Android Devices.
745eb8bf8b8dd3d83741b9d6317a53fef94d4fb7ee3c0f8955af8112b7d16328
Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.
b6184ace78ff59c01b98abf9251555c43de66e1e8499ccd4c6717f23c36d980f
Whitepaper called Google Hacking para Pentesters - Mas que una busqueda, un conducto de intrusion. Written in Spanish.
7af4094bc4500e34f386b3f68457a98b4d52c9bdae725016e7f440eb10a4d54a
Whitepaper called Covert Post-Exploitation Forensics With Metasploit.
f59cbcd12441be2dab9123ed5045721dbcfdc2e82f05eaaf9bf8f3b87aeaa123
Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them.
5aeb974041271775d2797f33f606f42ebe41ac2480ecbba6cd286c2ec7fba100
Whitepaper called Vulnerable Facebook Applications - A Case Study.
db7ee148a4140380128730cb9cdbd4d023f5cbc8c38c1fbfd903d105e5c140f9
Whitepaper called Better PHP Practices. It focuses on on security measures and implementations to enhance your code.
6ee3c89a53b24f31636bad8962204b1f5dedcf8be35915edc4dc0196fa23c6b7
Whitepaper called Optimized Ad-Hoc On-Demand Distance Vector Routing Protocol.
276122fff45fd9a03d478f868be5278cae367c1fb18bb2597e19520d2ed8f62a
Whitepaper call Anti-Debugging with Exceptions. Several techniques for detecting exception swallowing debuggers have been documented. The concept is simple: by design, debuggers handle certain kinds of exceptions. If such an exception is wrapped in a try block, the exception handle is only executed if a debugger is not attached. Hence it can be inferred that a debugger is attached whenever the exception block is not executed.
3dc0d938444d4ea8c28a360c244944d839f70154ae1c34e649472052b970a2ef
Whitepaper called Reversing on Linux x86 (with GDB). Written in French.
63981f464847dbb4d276d73bf0736d51248fa7a93e40390d2df252a1579bf0ca
Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
bb2851a7d694bdfdc081c72877ac631b96b1d0fc6f302e1493882794b986f6d1
Whitepaper called Demystifying the Android Malware. It dives into various phases to discuss the hows and whys behind malware implementation for Android.
ad9e4c33e888d2a10ee1d2ca15fbe4ebac9bb71fc66331e213a36b8563c018b5
Whitepaper called Trends in Circumventing Web-Malware Detection. This paper studies the resulting arms race between detection and evasion from the point of view of Google's Safe Browsing infrastructure, an operational web-malware detection system that serves hundreds of millions of users.
cf9f181577c7f297701970d222eb7481558208e956470e4b2215d69e78cf2bdc