exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,769 RSS Feed

Whitepaper Files

GhostRace: Exploiting And Mitigating Speculative Race Conditions
Posted Mar 13, 2024
Authored by Cristiano Giuffrida, Anil Kurmus, Hany Ragab, Andrea Mambretti | Site download.vusec.net

Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this paper, the authors present GhostRace, the first security analysis of these primitives on speculatively executed code paths. Their key finding is that all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs).

tags | paper, vulnerability
advisories | CVE-2024-2193
SHA-256 | e0d3a753ac273a430c317cd67e808c20b6cdd914b31b24e71450d5fb4ad420af
Stealing Part Of A Production Language Model
Posted Mar 13, 2024
Authored by David Rolnick, Jonathan Hayase, Eric Wallace, Nicholas Carlini, Arthur Conmy, Thomas Steinke, Matthew Jagielski, Florian Tramer, Krishnamurthy Dvijotham, Daniel Paleka, Katherine Lee, Milad Nasr, A. Feder Cooper

In this whitepaper, the authors introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, their attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, their attack extracts the entire projection matrix of OpenAI's ada and babbage language models. They thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. They also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. They conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend this attack.

tags | exploit, paper, vulnerability
SHA-256 | 35bb26fb1fe58d91b595fbecc219b129076e6cc3ae746288dc27c6fa0d128e6a
Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware
Posted Mar 4, 2024
Authored by Raheem Beyah, Ryan Pickren, Tohid Shekari, Saman Zonouz

This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.

tags | paper, web
SHA-256 | 741326e4fbc51ab41e106a049572fa380ad7b01037f9e364be260067feb5194b
The KeyTrap Denial-of-Service Algorithmic Complexity Attacks On DNS
Posted Feb 22, 2024
Authored by Niklas Vogel, Haya Schulmann, Michael Waidner, Elias Heftrig | Site athene-center.de

In this paper, the authors show that the design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, they developed a new class of DNSSEC-based algorithmic complexity attacks on DNS, they dubbed KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as "the worst attack on DNS ever discovered". Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver.

tags | paper, encryption
SHA-256 | 4c1743e665520f276be83b47e7a1ae86496ca84f1935e9197aa5b5736fc57eb4
NFC Relay Attack On Tesla Model Y
Posted Feb 21, 2024
Authored by Josep Pi Rodriguez | Site ioactive.com

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

tags | paper, protocol, wireless
SHA-256 | 1b2f050c027e1bfe9702c6a2a927a78ccba6ef0043e76bbe3a63de1a54eaecc8
44CON 2024 Call For Papers
Posted Feb 15, 2024
Site cfp.44con.com

The 44CON 2024 Call For Papers has been announced. 44CON is the UK's largest combined annual Security Conference and Training event. The event takes place September 18th through the 20th, 2024 at the Novotel London West near Hammersmith, London.

tags | paper, conference
SHA-256 | a660b30e4404268fcebbcfa2b2402a49ffaeb99ce9d7683cef070387d9e15b3e
RECON 2024 Call For Papers
Posted Feb 8, 2024
Site cfp.recon.cx

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It will be held June 28th through the 30th, 2024, in Montreal, Canada.

tags | paper, conference
SHA-256 | 682dca50c2c0835b200447e03653ce581b484302a66fa646092da85d05f86274
How To Install And Use Metasploit On Termux
Posted Jan 15, 2024
Authored by devil rose

Whitepaper called How To Install And Use Metasploit On Termux. Written in Arabic.

tags | paper
SHA-256 | 334302ac8df53bd30a618970bd4921ff0d15d9fb14991c99d782217efaee5098
Hardwear.io USA 2024 Call For Papers
Posted Jan 12, 2024
Authored by hardwear.io CFP

The call for papers for Hardwear.io USA 2024 is open. It will take place May 31st through June 1, 2024.

tags | paper, conference
SHA-256 | a5538868f308cd9bb2ec3f056b3154503e81c208c926ca7d137401dabae1f61a
EuskalHack Security Congress VII Call For Papers
Posted Jan 4, 2024
Site euskalhack.org

EuskalHack Security Congress seventh edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. With an estimated capacity of 200 people, EuskalHack Security Congress has established itself as the most relevant congress specialized in computer security in the Basque Country, and as a national reference. The profile of attendees include specialized companies, public organisms, professionals, hobbyists and students in the area of security and Information Technology. The congress will take place on the 21st and 22nd of June 2024 in the lovely city of Donostia San Sebastian (Gipuzkoa).

tags | paper, conference
SHA-256 | a72344689ad4897e2e6442ffc7f6807d041770096f4a804c22960c580db6927b
Terrapin SSH Connection Weakening
Posted Dec 20, 2023
Authored by Jorg Schwenk, Marcus Brinkmann, Fabian Baumer | Site terrapin-attack.com

In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.

tags | exploit, paper, shell, protocol, proof of concept
advisories | CVE-2023-46445, CVE-2023-46446, CVE-2023-48795
SHA-256 | 3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93
BSides SF 2024 Call For Papers
Posted Dec 5, 2023
Site bsidessf.org

BSidesSF is soliciting submissions for presentations and panels for BSidesSF 2024 in San Francisco on May 4 and 5 2024.

tags | paper, conference
SHA-256 | 75e553207fcfe4803295c83bffc1e8269caff8e7f6dcc22679181410a2cfe306
BLUFFS: Bluetooth Forward And Future Secrecy Attacks And Defenses
Posted Nov 30, 2023
Authored by Daniele Antonioli, Sophia Antipolis

Whitepaper titled BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. It presents six novel attacks affecting chips from many major Bluetooth vendors.

tags | paper
SHA-256 | 348467e3c5ed34a3d7601f57132defd129109109224ba2966ff023f2babfce33
Nullcon Berlin 2024 Call For Papers
Posted Nov 25, 2023
Site nullcon.net

The Nullcon Berlin 2024 Call For Papers is open. It will take place March 14th through the 15th, 2024 in Berlin, Germany. Training courses are March 11th through the 13th.

tags | paper, conference
SHA-256 | 9d898d2e9216636ff0ee2829f5372248546c6aacbe8d6ffd65fd875822b51870
Not CVE Announcement
Posted Nov 13, 2023
Site notcve.org

The !CVE Project is an initiative to track and identify security issues that are not acknowledged by vendors but still are important for the security community.

tags | paper
SHA-256 | b048c73843bf5ec0efa0043743dba221a703c3a314b73dbc5a6b254795d5cb61
Passive SSH Key Compromise Via Lattices
Posted Nov 13, 2023
Authored by Nadia Heninger, Keegan Ryan, Kaiwen He, George Arnold Sullivan

This whitepaper demonstrates that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. The paper shows that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. The authors provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use their attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.

tags | paper, cryptography, protocol
SHA-256 | 481aab67e2963f899f4d0981c2be3f03e3ff14965119cb78e929b36c27b58597
Ringzer0 BOOTSTRAP24 Austin Call For Papers
Posted Oct 26, 2023

BOOTSTRAP24, a hacker conference with that is heavy with hands-on participation, will take play February 24, 2024 in Austin, Texas, USA. The prior evening will be a mixer.

tags | paper, conference
SHA-256 | b1f9172e7f5d4b6075f403a3456e89348d944d9a2ffa74762c3f4765a53d55f8
Everlasting ROBOT: The Marvin Attack
Posted Sep 27, 2023
Authored by Hubert Kario | Site people.redhat.com

Whitepaper called Everlasting ROBOT: the Marvin Attack. In this paper, the author shows that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key.

tags | paper
SHA-256 | 11fd5f5eb17765f91bb0b2d7fe6530d7a6e1e20781250cc9cc5e701006d329c9
Cybersecurity In Industry 4.0 And Smart Manufacturing
Posted Sep 25, 2023
Authored by Erhan YAZAN

Whitepaper called Cybersecurity in Industry 4.0 and Smart Manufacturing: The Rise of Security in the Age of IoT, IIoT, ICS, and SCADA. This article examines Industry 4.0's relationship with the rapidly developing technologies Internet of Things (IoT), Industrial Internet of Things (IIoT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) and why cyber security is important in these areas.

tags | paper
SHA-256 | 0458410365974be314b620bd7944a4541658322fd5a9cee88134e46a6317b29b
nullcon Goa 2023 Live Bug Hunting
Posted Sep 4, 2023
Site nullcon.net

nullcon Goa 2023 will be having a live bug hunting competition to win money. Registration deadline is September 7, 2023. The conference will be held September 22nd through the 24th, 2023.

tags | paper, conference
SHA-256 | 1cd891b4b4f7b63a38bb73250b01e63e89e37a5c67f9dcf2487b0a4a3db90a52
Windows API Exploitation In Real World
Posted Aug 18, 2023
Authored by Akash Sarode

This paper focuses on using Windows APIs to exploit and bypass modern day defense systems. The idea here is to understand the approach of how a modern day threat adversary would definitely help blue teamers to improve their defense mechanism. This article is useful for both blue and red teamers.

tags | paper
systems | windows
SHA-256 | a08987a70023a852cfeef5c85e21b3ba9fa78f1aa30066467583fa799fdca5e3
Introduction To Web Pentesting
Posted Aug 2, 2023
Authored by Andrey Stoykov

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

tags | paper, web, xss, sql injection, csrf
SHA-256 | 1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de
Hardwear.io NL 2023 Call For Papers
Posted Jul 19, 2023
Authored by hardwear.io CFP | Site hardwear.io

The call for papers for Hardwear.io 2023 in the Netherlands is now open. It will take place November 2nd through the 3rd, 2023 at the Marriott Hotel, The Hague, Netherlands.

tags | paper, conference
SHA-256 | ec87fd1f62c43c5094a8b7edcbb92181ee748aea83102c2abf02a405cf32899b
From RFC To RCE 16 Years Later
Posted Jul 11, 2023
Authored by Fabian Hagg | Site sec-consult.com

Whitepaper titled Everyone Knows SAP, Everyone Uses SAP, Everyone Uses RFC, No One Knows RFC: From RFC to RCE 16 Years Later.

tags | paper
SHA-256 | ec3e058c8f83be6779103d8bb8f9cdbd4b8c1663435f67a9d7c36923c7afe54a
Speculative Denial-of-Service Attacks In Ethereum
Posted Jun 19, 2023
Authored by Kaihua Qin, Liyi Zhou, Aviv Yaish, Arthur Gervais, Aviv Zohar

The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, the authors show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return by introducing three attacks.

tags | paper, cryptography
SHA-256 | 68b4adbac9a02de43d43f0c0b285dc603d363d3be1f6185ba4fe1c00129c1969
Page 1 of 151
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close