Whitepaper called Android Application Vulnerabilities. Written in Vietnamese.
65ca4065964d00a8f0b73e9520869d1c
Whitepaper called The Art of XSS Escalation. Written in Arabic.
bec232064a7047d5845620b18be13b0d
This whitepaper compiles notes that can be useful to security researchers if access to the administrative API is achieved.
12f9554092c0319f6a27ae52e2d56846
Whitepaper called UFW - A Beginners Guide to Linux Firewall. The white paper is intended to provide information about a Linux firewall using a simple tool called UFW. It provides complete information on the tool and various ways through which users can create their own firewall rules to protects their assets.
3f0bb94817761f100839d5cdd6f95239
Whitepaper called Deep Insight into Social Engineering.
7ceee78fadaa96ded09aea1718d7ac19
Whitepaper called Practical Insight into Injections. This document describes the meaning, working, implementation, and impact of injection vulnerabilities.
03c734fe0bc100e2234162e8efb3ea3b
Whitepaper called Blind SSRF with Shellshock Exploitation. It discusses how an attacker can leverage shellshock to also perform server-side request forgery attacks.
98b9ca178b7a872b9ca5107e78efa8e8
Whitepaper called A Hands-On Approach To Linux Privilege Escalation. This document is intended to provide multiple techniques that a pentester can use to escalate their privileges and gain access to higher roles.
f6cf10579b31e9f8440e8a43248cd662
Whitepaper called Injections 101. It covers everything from SQL injection to XML injection.
bb362d2c2b41335a6bfbbf0942cf3a98
Whitepaper called Wireshark for Noobs.
0f96b685aa1b6798ca17d1c05562352f
Whitepaper called Practical PHP Security.
ba9dacc8d65da0f08072dc4b5e4512f6
Whitepaper called Ethical Hacking and Penetration Testing Guide. Written in Turkish.
ae55abf53fb2c2ab6ef9f6b1cf481640
Zerologon is a vulnerability in Microsoft's Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.
941b59db31d2ceb9c4233ac44fa7d62a
Whitepaper called A Hands-On Introduction to Insecure Deserialization.
ff4a19d6dc23115fa4812829935313d8
The 16th CarolinaCon was postponed in 2020 due to the pandemic but the conference will be hosted online in 2021. A new CFP has been announced.
2e1ac4156f59b933bd88b2086ce0d990
Whitepaper called Object Prototype Pollution Attack.
47102dc9d96a280fceb29bd1300d2a6a
This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.
e8a2c00d2b65fcc1e497ac17d7e827ed
Whitepaper that discusses secure coding practices and touches on security principles.
6bd59098e3d334a5c81d94a0d42083b3
This is a whitepaper that discusses unmasking hidden sites behind Cloudflare an Tor.
aa7b2878375fcbbb79ba01d2357e1fe8
Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.
5547d9c5988fdab38bfb79b10e2532b8
This is a brief whitepaper discussing best practices in mobile application security.
077ad6207fbdc6a00700a76feb4cde0c
Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
569e9618b5cbeac20e8fe78ab24f61fe
Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.
71edce142a1b2975b9d4d10c1398f3b2
Whitepaper called Firmware Analysis and Simulation.
c1364d9b1fdfd7d6a8410fdcb5a6c864
Whitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.
5523c83e92054c30532290f6f4a597aa