exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 3,758 RSS Feed

Whitepaper Files

DensePose From WiFi
Posted Jan 23, 2023
Authored by Fernando De la Torre, Jiaqi Geng, Dong Huang

Whitepaper called DensePose From WiFi. It discusses how scientists from Carnegie Mellon University have figured out how to map a human's 3D form by using two wifi routers.

tags | paper, wireless
SHA-256 | 79e410d611cf1fce59906fb6029e819c60c9ad628363ca5b29efc9728ff69195
Acunetix Vulnweb Solutions Handbook
Posted Jan 9, 2023
Authored by Ismail Tasdelen

In this paper, the author subjects the vulnerable web application vulnweb.com, developed by Acunetix, to security tests. Acunetix is a web application where we can perform legal penetration tests. The author discusses how to infiltrate the target system by acting as a real hacker through this application. Written in Turkish.

tags | paper, web
SHA-256 | 9452d8ba127e646598688770379f1d68ad85c10e81be8c7238597d9d656014c1
Everything About The Secure Software Development Process
Posted Jan 9, 2023
Authored by Ismail Tasdelen

This is a brief whitepaper that discusses some basic fundamentals for approaching secure design of an application.

tags | paper
SHA-256 | c962e90a506a04f9658f44421b9bf8e4b0339a1755b66c5c193c109f722ea574
EuskalHack Security Congress VI Call For Papers
Posted Jan 2, 2023
Site euskalhack.org

EuskalHack Security Congress sixth edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 200 attendees for this sixth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 23th and 24th of June 2023 in the lovely city of Donostia San Sebastian.

tags | paper, conference
SHA-256 | eb3ffa1da9807b837a3317ded516298ccef5fca21861e6fdeb5eed21bc5c6eed
BSides SF 2023 Call For Papers
Posted Dec 15, 2022
Site bsidessf.org

BSidesSF is soliciting presentations, workshops, and villages for the 2023 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco April 22nd through the 23rd, 2023.

tags | paper, conference
SHA-256 | 155076340b81d26d3d2bd8aa8310d074feff7f8a583b03a687abd01754152f90
Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

tags | exploit, paper, remote, code execution, proof of concept
advisories | CVE-2020-16947
SHA-256 | e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3
Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.

tags | exploit, paper, proof of concept, info disclosure
advisories | CVE-2020-1493
SHA-256 | d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76
Microsoft Outlook 2019 16.0.12624.20424 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.

tags | advisory, paper, remote, code execution
advisories | CVE-2020-1349
SHA-256 | 0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759
PatrIoT: Practical And Agile Threat Research For IoT
Posted Nov 18, 2022
Authored by Emre Suren, Robert Lagerstrom, Fredrik Heiding, Johannes Olegard | Site doi.org

PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

tags | paper
SHA-256 | 7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119
Nullcon Berlin 2023 Call For Papers
Posted Oct 17, 2022
Site nullcon.net

The Nullcon Berlin 2023 Call For Papers is open. It will take place March 9th through the 10th, 2023 in Berlin, Germany.

tags | paper, conference
SHA-256 | fe1cb7a63d18537e4b4b907db517cecd2187c370eebe4852d306e3dc81a202d3
FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
Hacking Zyxel IP Cameras To Get A Root Shell
Posted Aug 17, 2022
Authored by Eric Urban | Site hydrogen18.com

This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.

tags | paper, shell, root
SHA-256 | b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78b
Race Against The Sandbox
Posted Aug 16, 2022
Authored by The Abyss Labs | Site theabysslabs.github.io

Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.

tags | exploit, paper, root
advisories | CVE-2022-21881
SHA-256 | 0f616b5cf39ba9d918c5536f81ef8913f0d5085d06313e728467400d30c01737
Abusing Microsoft System Center Configuration Manager (SCCM)
Posted Jul 29, 2022
Authored by Mazen Al-Faifi

Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.

tags | paper
SHA-256 | 5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951
2nd International Workshop On Cyber Forensics And Threat Investigations Challenges Call For Papers
Posted Jul 19, 2022
Site easychair.org

The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.

tags | paper, conference
SHA-256 | a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10
CPSIoTSec 2022 Call For Papers
Posted Jul 1, 2022
Site cpsiotsec2022.github.io

The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.

tags | paper, conference
SHA-256 | 210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880b
Hardwear.io NL 2022 Call For Papers
Posted Jul 1, 2022
Authored by hardwear.io CFP

The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.

tags | paper, conference
SHA-256 | 2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2
No cON Name 2022 Barcelona Call For Papers
Posted Jun 28, 2022
Site noconname.org

The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.

tags | paper
SHA-256 | d8182cfe16d9ccbd8e7da1be7700730af253ceafe0069e08c13e7dd297ae1bfc
Are Blockchains Decentralized? Unintended Centralities In Distributed Ledgers
Posted Jun 22, 2022
Authored by Felipe Manzano, Talley Amir, Evan Sultanik, Mike Myers, Sam Moelius, Trent Brunson, Eric Kilmer, Sonya Schriner, Alexander Remie | Site github.com

Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.

tags | paper, protocol
SHA-256 | 7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5
Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

tags | paper, protocol, xss
systems | cisco
SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

tags | paper, protocol, xss
SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
COOPER: Testing The Binding Code Of Scripting Languages With Cooperative Mutation
Posted May 13, 2022
Authored by Purui Su, Hong Hu, Yanhao Wang, Peng Xu | Site huhong789.github.io

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

tags | paper, javascript, vulnerability
SHA-256 | 5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911
Cracking Notezilla Passwords
Posted May 11, 2022
Authored by Salman Asad

Whitepaper discussing how to crack Notezilla passwords.

tags | paper
SHA-256 | db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
nullcon Goa 2022 Call For Papers
Posted Apr 28, 2022
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.

tags | paper, conference
SHA-256 | 39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
Spamhaus Botnet Threat Update Q1 2022
Posted Apr 26, 2022
Site spamhaus.com

This is the Spamhaus Botnet Threat Update for Q1 2022. It shows a modest increase of 8% in the new number of botnet command and controllers.

tags | paper
SHA-256 | 27881d2519cb2cb26262ed765a46dee0f7d9f74eee33851a0592cb21197cffd3
Page 2 of 151

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By