A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
55aef9cbf06435171aad139605e96ea9This is the Call for Papers for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). CFATI is the first open access, peer-reviewed, scholarly journal, that is dedicated entirely to the study of tools, techniques, procedures, and methodologies of Red, Yellow, and Blue teamers.
0f204cb88395bc7fdfc1246c52043df7This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.
4560c10a59bfed2734bbd165d32220ffThe Call For Papers for nullcon Goa 2021 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place in March of 2021.
2195e33b7b03998a600766bbee7f995eWhitepaper that goes over a full attack scenario by getting a foothold through Microsoft Exchange OWA Portal to discover and abuse MSSQL.
f741488af943c9146c71ec2735f7f3c3Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.
3faa4e36a848fdfbb9d0d8405de46e69This document presents semi-formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.
4502a821c4246645b42cedf6191e3bf8This paper explains how the Nos-Santos-Izquierdo Field (NSIF) works, focusing in the similarities between the RSA problem, factorization, and the calculation decimal expansions.
d79eed2672631e469adcfb58d853b01eWhitepaper called Abusing COM and DCOM Objects.
042053ba0081dd7b678508670edd4d6aWhitepaper called Exploiting DLLs: A Guide to DLL Hijacking.
4b2e982015f5d387d0ec801594d6eea4A complete guide to cross site scripting and methodologies relating to exploitation. Covers everything from basic to advanced concepts.
0657359049b89f8afe623023b7334906Whitepaper called SMB Enumeration and Exploitation and Hardening.
cc8718ed7411491ef187c07d94471f4aThis document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.
a7b082989a758162279f6f9571e01594In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.
eb8470252a6b4d9620877f82a1676c7eThe BugCON 2020 call for papers has been announced. BugCON will take place from November 26th through the 28th, 2020 online.
7b2dfbbe378beac5ee2866a3b37a7250Whitepaper that discusses CVE-2020-6418 which encapsulates a type confusion vulnerability in V8 in Google Chrome versions prior to 80.0.3987.122.
5288e8aae7d73e86be39b7fc12c1b359Whitepaper called I Got My Eye On You - Security Vulnerabilities In D-Link's Baby Monitor.
0304f25cce0455f304b37b0f4bff220aThis is a whitepaper called APK Testing Report. It goes through various tooling used to analyze devices.
ad4a14ea86d0891260f406cc0fedd7dbWhitepaper called Assembly "Wrapping": A Technique for Anti-Disassembly.
47e084698e68187ea5222a31c0d9a875Whitepaper discussing how to leverage the WhatsApp remote code execution vulnerability that takes advantage of a double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library.
9970cc4e34af7ebf4899a50eaf2a2bc7Whitepaper called Exploit Command Injection Router via reverse firmware technique.
d656257a28af7647491580460f2f0396This is a cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
6e15df9671853952db238e2127101563Whitepaper called Writing a Quick Packet Sniffer with Python and Scapy.
5e9b453d4ce882236ab65c3b0f834bedThis is a whitepaper that presents an exploratory study of responses from 75 security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. The researchers presented the participants with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve their understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. They observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.
0f272b6b407ab987e5b3d5577fe511bcWhitepaper called Reverse Engineering Android Application.
aefd3e87dbec9ce62088ebd91c3a7cb6
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed