what you don't know can hurt you
Showing 1 - 25 of 3,712 RSS Feed

Whitepaper Files

COOPER: Testing The Binding Code Of Scripting Languages With Cooperative Mutation
Posted May 13, 2022
Authored by Purui Su, Hong Hu, Yanhao Wang, Peng Xu | Site huhong789.github.io

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

tags | paper, javascript, vulnerability
SHA-256 | 5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911
Cracking Notezilla Passwords
Posted May 11, 2022
Authored by Salman Asad

Whitepaper discussing how to crack Notezilla passwords.

tags | paper
SHA-256 | db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
nullcon Goa 2022 Call For Papers
Posted Apr 28, 2022
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.

tags | paper, conference
SHA-256 | 39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
Spamhaus Botnet Threat Update Q1 2022
Posted Apr 26, 2022
Site spamhaus.com

This is the Spamhaus Botnet Threat Update for Q1 2022. It shows a modest increase of 8% in the new number of botnet command and controllers.

tags | paper
SHA-256 | 27881d2519cb2cb26262ed765a46dee0f7d9f74eee33851a0592cb21197cffd3
Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels
Posted Apr 19, 2022
Authored by Max Van Kleek,, Nigel Shadbolt, Anastasia Shuba, Reuben Binns, Konrad Kollnig | Site arxiv.org

This is a research paper titled Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels. It analyzes 1,759 iOS apps before and after the changes in iOS 14.

tags | paper
systems | ios
SHA-256 | f2c94b3fe30d62f6090a9abdcdc56152591090977c196e48ef151cadea9e410a
Are You Really Muted? A Privacy Analysis Of Mute Buttons In Video Conferencing Apps
Posted Apr 15, 2022
Authored by George K. Thiruvathukal, Yucheng Yang, Kassem Fawaz, Jack West, Neil Klingensmith | Site wiscprivacy.com

Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.

tags | paper
SHA-256 | 050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
Ansible Quick Shot Red Teaming Cheatsheet
Posted Apr 11, 2022
Authored by Cody Sixteen | Site code610.blogspot.com

This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.

tags | paper
SHA-256 | 0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
What Data Do The Google Dialer And Messages Apps On Android Send To Google?
Posted Mar 28, 2022
Authored by Douglas J. Leith

In-depth whitepaper that casts light on the actual telemetry data sent by Google Play Services, which to date has largely been opaque.

tags | paper
SHA-256 | 1961b146927a5d663ba288e9e0655edeb281a7f9333b4a2e556204df1aadc496
Passive Inter-Modulation Sources And Cancellation Methods
Posted Mar 24, 2022
Site yupanatech.com

Whitepaper that discusses passive inter-modulation sources and cancellation methods. When two or more signals of different frequencies pass through a nonlinear system, intermodulation distortion (IMD) occurs, resulting in the formation of spurious distortion signals. IMD is most commonly found in active circuits of a radio system, but it can also be found in passive wireless components such as lters, transmission lines, connectors, antennas, attenuators, and so on, especially when transmit power is quite high. Passive intermodulation (PIM) distortion is the name given to the IMD in the latter scenario. With the evolution of radio systems and the scarcity of radio spectrum, PIM interference is being recognized as a potential stumbling block to a radio network's maximum capacity. This article classifies the PIM sources in BS radio systems into two categories, internal and external sources. Internal sources are the radio's passive components such lters, transmission lines, connections, antennas, and so on. External sources, on the other hand, are passive items that are located outside of the BS antenna but inside the RF signal path, such as metallic and rusted objects in the antenna near eld. The high power current flowing through such passive devices can cause nonlinear behavior, resulting in IMD for both types of sources. Also, a review of PIM mitigation techniques is presented in the article.

tags | paper
SHA-256 | 466150ae1c71912d6ca4953a348a85685935a9be6d80b95ef638f7e0daa38714
PE Infection
Posted Feb 28, 2022
Authored by Hejap Zairy Al-Sharif

Whitepaper called PE Infection that discusses portable execution injection and exploitation. Written in Arabic.

tags | paper
SHA-256 | e0534cb924c64a357ac0fc2ed8a017fc1a7e5701279ab670c791cde630d32ab9
OPENSSLDIR Privilege Escalation
Posted Feb 18, 2022
Authored by Marlon Petry

Whitepaper called OPENSSLDIR - The adventures of hidden folder to privilege escalation.

tags | paper
advisories | CVE-2021-2307
SHA-256 | 169de44bba1064b1fdf63754db8a9eba9c5bd777fa8e4e5dd12cb47dfe4af528
ICICS 2022 Call For Papers
Posted Feb 11, 2022
Site cyber.kent.ac.uk

The call for papers for the 24th International Conference on Information and Communications Security (ICICS 2022) has been announced. It will take place at the University of Kent, Canterbury, UK on September 5th through the 8th, 2022.

tags | paper, conference
SHA-256 | c5858f9c626e3726677487db4f6dd8a236b35385ed21c9145dda99e6fcb0a1d3
CarolinaCon Online 2 Call For Papers
Posted Jan 28, 2022
Site carolinacon.org

CarolinaCon Online 2 will be hosted April 29th to May 1st, 2022. The conference will be virtual and submitted talks will be live streamed.

tags | paper, conference
SHA-256 | fff7bbd7db49ebd9315d7d680ff911339bafb26146b0e7b53c22f7e97b628388
27th ESORICS Call For Papers
Posted Jan 25, 2022
Site esorics2022.compute.dtu.dk

The 27th European Symposium on Research in Computer Security (ESORICS) 2022 call for papers has been announced. It will take place September 26th through the 30th, 2022, in Copenhagen, Denmark.

tags | paper, conference
SHA-256 | d6d561f5decef2aeebfa90197d0283329d02bb79413abb4a528024c02cec78af
CVE-2021-44228 Log4Shell Overview
Posted Jan 24, 2022
Authored by Pankaj Jorwal, Neeraj Jayant, Shaifali Yadav

Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.

tags | paper
advisories | CVE-2021-44228
SHA-256 | 1718bbf0d45e1ebf16dbdf6e329a8b2f32b620f142e69ae4db5a2403502ff6ac
Abusing LAPS
Posted Jan 19, 2022
Authored by Metin Yunus Kandemir

Whitepaper that explains a misconfiguration based flaw about Local Administrator Password Solution.

tags | paper, local
SHA-256 | afd186867562453b4d7f00ad96270e7a4c5c6b2facd655ef9e4e3c6d602fb576
LightSpeed Cache Vulnerability
Posted Jan 19, 2022
Authored by Nandini Rana, Hanut Kumar Arora, Shlok Gupta

Whitepaper that gives an overview of the LightSpeed cache vulnerability as noted in CVE-2020-29172.

tags | paper
advisories | CVE-2020-29172
SHA-256 | 6b116687f316d0d1b0c270c949274568a68280101b8f2b8703b1d129c2fd14fe
Top Web Application Security
Posted Dec 28, 2021
Authored by Shlok Gupta

Brief whitepaper that discusses well-known standards like OWASP Top 10, OWASP ASVS, WASC and CWE SANS 25.

tags | paper
SHA-256 | bb8c3ba79e4589a5aa83121ea754034f9c5a42dd7b26ad8c48c817a89a9ea285
Insecure sprintf Of C
Posted Dec 20, 2021
Authored by x90c

This is a brief write up discussing insecure functions susceptible to classic buffer overflows.

tags | paper, overflow
SHA-256 | 6c56ef6f21fb5c517c4f05fbff6461b2f130d800355ad39593d8b2f06bee3943
RootedCON 2022 Call For Papers
Posted Dec 17, 2021
Site cfp.rootedcon.com

Call For Papers for RootedCON 2022, a technology congress that will be held in Madrid, Spain March 10th through the 12th of 2022. The conference has a capacity of 2,500 to 3,000 people.

tags | paper, conference
SHA-256 | 6494ed735b857e402c7c71ec3ad563f3512c3a165f5484d32389022c1d1f3f1d
CurveBall Windows CryptoAPI Spoofing
Posted Dec 16, 2021
Authored by Payal Mittal

Whitepaper titled CurveBall Windows CryptoAPI Spoofing that discusses the CVE-2021-0601 vulnerability.

tags | paper, spoof
systems | windows
advisories | CVE-2021-0601
SHA-256 | 728bd43bdaed0560d5327ad21645854d75e4367110b510fd004bcf6753926332
Untrusted Data Deserialization In Jsoniter
Posted Dec 16, 2021
Authored by Adi Malyanker, Ivan Reyes

Whitepaper discussing untrusted data deserialization in jsoniter. Written in Spanish.

tags | paper
SHA-256 | bfcbc92c461eee304f389597423031549d816389de0416f3fa662b1cb15e3995
Polkit CVE-2021-3560 Overview
Posted Dec 16, 2021
Authored by Julio Cesar Baltazar Sainz

Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.

tags | paper
advisories | CVE-2021-3560
SHA-256 | a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1c
DNS Spoofing
Posted Dec 16, 2021
Authored by Rodriguez Padilla Luis, Cortes Leyva Carla

This is a whitepaper that discusses DNS spoofing. Written in Spanish.

tags | paper, spoof
SHA-256 | f2ea4bf58281fa68bc973561373c15277c62566c003a2f7a9096cddecd79929e
Polkit CVE-2021-3560 Research
Posted Dec 10, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena

This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.

tags | exploit, paper, shell, local, root
systems | linux
advisories | CVE-2021-3560
SHA-256 | ff7bcacb2c7403598821beac18efca74a1f7003754707a0f87aff49223d1293a
Page 1 of 149

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By