Whitepaper called Phishing on XSS way. Written in Arabic.
9bfa857c10578300a3d0e90b32f3dca05d735640854f0caeb3fa3174acf7d6f1
Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.
892f69df7711f607a712c9642c0b94ef2229b7c62e1af9495c6c69a8dfd8fb59
Whitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.
e2fd5239e0ac4b7622e1680a42e1476e166f4701849942f1a604ec249819ee28
Whitepaper called Social Engineering Toolkit. This article covers backdooring executables and evading antivirus using scripts included with BackTrack.
fbcf75008182e4dbcd87643f245856c70110db2cf8ab3517e184bc997d649044
Whitepaper called Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning. This is a follow-up study that reassesses the flash cookie landscape and examines a new tracking vector, HTML5 local storage, and cache-cookies via ETags.
d034027c4b2e69e75390f976a780e8fc1fab1ac887010dcf7e3bc3bc82d11ac4
Whitepaper called EvilQR – When QR Code Goes Bad . This is a security assessment of mobile QR readers.
7b3b37a824d45432f4d5dca8cf6fa59589898640f214c2a42d3938d5a4f243fd
Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.
14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996
Whitepaper called Defeating DEP (Data Execution Prevention) through a mapped file.
c08d113619ee176b7898ecf1686249bd2ae760e23e531cd3578f20b4101f6a2b
Whitepaper called Jugando en la red. This tutorial focuses on using Backtrack 4 RC2 to hack wireless. Written in Spanish.
49ab9a712c223e031e00ce7e89adcb97b2687ab92b432230c49afcfb1b61fb51
Whitepaper called Asaltando Redes Wi-Fi. This manual explains how to crack WEP to recover a password. Written in Spanish.
cf2e1b7ec9e6852b5d0c7bd1a949d48876475ba8ad49f9dbca3206ebcb57148b
Whitepaper called Introduction To Hacking Basics. Written in Indonesian.
a54033f1d15f089131b735c5506d79c7555c8272d18984925b7b1b022bc0c3c6
Whitepaper called Exploring and Patching File Inclusion Vulnerabilities. Written in Arabic.
4f92e660e3be31c2fd4ce9ef9aa9eee453b3b7f149797b40bcb6c97e4047f07b
Whitepaper called How To Create Your Own Shellcode On Arch Linux.
a86b5a24bc7c7e5373a8800389143e2b87b4ee9bd2bb60c36fcb9ba75c126768
Whitepaper called What is a vulnerability assessment?
1db8f170789f22c1159c75852c1efe3e2bad976250e145cd254fe747f07c8ab2
Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.
2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449
Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.
eab628337996d7cae9ebcf66a12c3a7e94c93d563219fe2015815e81d348b321
Whitepaper called From Unexpected Restart To Understand The System. Written in Indonesian.
b56dfc1b21c46a2ee3b8448e30538c6d9148ec299edfbd6cc15a4ab59099ccc8
Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
7a281ad62c6b8aa703ecc0bdd4a00e7157e35b1a5e19f99ed374027c1a923e86
This is a brief whitepaper called HTTP Parameter Contamination (HPC) Attack / Research.
fd048c4ac4a159b39bf8ad25dc758cf6e3d6fbf6ed1e035ace3ac04b164649c5
Whitepaper called Protecao Client-side: Testando a eficacia das ferramentas de protecao Microsoft para estacoes de trabalho e desktops. It describes how to protect against malicious threats by testing some Microsoft client security tools. Written in Portuguese.
e41f88d3cee57b501ac1371b72178ecae8c0b77e0613ee03997081844e81b28c
Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
f469442a5a92bed1a1086a83f8aebc86f786d426e10337f16a54d94b71969b8e
Whitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.
6e3042b60dc7dac5ac44837519701c34752fa6f26c6addfd50be7b699eb1b3b2
Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8c
Whitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
9eeb90330cfbccc1cd8f8478aef2e4c16a609d57f5f1172310f841fe03112f37
Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9
Whitepaper called Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection.
508b3adcfa30b3eb228307da305bfbcb56145693a093e0540551c290bbbef5f8