exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 3,740 RSS Feed

Whitepaper Files

Polkit CVE-2021-3560 Overview
Posted Dec 16, 2021
Authored by Julio Cesar Baltazar Sainz

Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.

tags | paper
advisories | CVE-2021-3560
SHA-256 | a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1c
DNS Spoofing
Posted Dec 16, 2021
Authored by Rodriguez Padilla Luis, Cortes Leyva Carla

This is a whitepaper that discusses DNS spoofing. Written in Spanish.

tags | paper, spoof
SHA-256 | f2ea4bf58281fa68bc973561373c15277c62566c003a2f7a9096cddecd79929e
Polkit CVE-2021-3560 Research
Posted Dec 10, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena

This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.

tags | exploit, paper, shell, local, root
systems | linux
advisories | CVE-2021-3560
SHA-256 | ff7bcacb2c7403598821beac18efca74a1f7003754707a0f87aff49223d1293a
Mail Information Gathering AppScript
Posted Dec 9, 2021
Authored by Carla Cortes Leyva, Luis David Rodriguez Padilla

Whitepaper called Mail Information Gathering AppScript. This paper contains the exploitation of vulnerabilities for collecting email information using Google utilities via App Script using the Gmail App class. This paper exposes the design of a web application that collects mail information from users with associated Google mail accounts.

tags | paper, web, vulnerability
SHA-256 | bb58e73be8e657614e1304dca838b2c7c09c9f5bf8e0bb733adf4f93ad1f3671
Microsoft MSHTML Remote Code Execution
Posted Dec 9, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena, Utkarsh Shrivastava

This whitepaper is an overview on the Microsoft MSHTML remote code execution vulnerability recently highlighted in CVE-2021-40444.

tags | paper, remote, code execution
SHA-256 | 087e3d97e374ce1d4b7286735f7a428ab28ea89b53f87246c6b35e526a161c30
Nullcon Berlin 2022 Call For Papers
Posted Dec 8, 2021
Site nullcon.net

The Nullcon Berlin 2022 Call For Papers is open. It will take place April 8th through the 9th, 2022 in Berlin, Germany.

tags | paper
SHA-256 | 198c70e918acee017241f39e3a28687dd2d5c957ff48b61de4f62dee5c5b1c00
Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation
Posted Nov 29, 2021
Authored by Apaar Farmaha, Aman Saxena, Shlok Yadav

This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like path traversal and remote code execution.

tags | exploit, paper, remote, web, vulnerability, code execution
advisories | CVE-2021-42013
SHA-256 | f1aae18afbd9ad17a4af83ba0fe8f963226438309f210e48576d57b0bdf705a2
Polkit Authentication Bypass / Local Privilege Escalation
Posted Nov 29, 2021
Authored by Sudhanshu Kumar, Rohit Verma, Sonam Nagar

This whitepaper provides an overview of a Polkit authentication bypass vulnerability that allows for local privilege escalation.

tags | exploit, paper, local, bypass
advisories | CVE-2021-3560
SHA-256 | 93e86eaad4a245a57200302487bb9941411bfdb877a212d1a63b777283e5ebdb
Wireshark For Newbies
Posted Nov 26, 2021
Authored by Anmol K Sachan

Whitepaper called Wireshark for Newbies. Written in Spanish.

tags | paper
SHA-256 | 4eba6ef7844800c28ebd51692b48a6153ba4549162d4af3786f0e308332432db
Remote Code Execution In WhatsApp
Posted Nov 24, 2021
Authored by cor le

Whitepaper that gives an analysis of the remote code execution vulnerability noted in CVE-2019-11932 for WhatsApp that affects versions prior to 2.19.244. Written in Spanish.

tags | paper, remote, code execution
advisories | CVE-2019-11932
SHA-256 | 7866772d314829babcae8d60f3a6173f7e55759aac6e5184ca91290e471e6320
PrintNightmare Vulnerability
Posted Nov 22, 2021
Authored by Siddhi Verma, Divya Bora, Mayank Dholia

Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.

tags | paper, remote, local, code execution
systems | windows
advisories | CVE-2021-34527
SHA-256 | a5647c132e4877c92a507d0bcd1ac0ea57ab7bb3dca97b06b3806f2dcf13942f
DNS Cache Poisoning Attack: Resurrections With Side Channels
Posted Nov 17, 2021
Authored by Keyu Man, Zhiyun Qian, Xin'an Zhou

In this paper, the authors conduct an analysis of the previously over-looked attack surface related to DNS, and are able to uncover even stronger side channels that have existed for over a decade in Linux kernels. The side channels affect not only Linux but also a wide range of DNS software running on top of it, including BIND, Unbound and dns-masq. They also discovered that about 38% of open resolvers (by frontend IPs) and 14% (by backend IPs) are vulnerable including the popular DNS services such as OpenDNS and Quad9.

tags | paper, kernel
systems | linux
SHA-256 | 285348238e1453af785253da8bbd1e4ba41081c23566393003c3960304917844
Pass-The-Hash Attack On Named Pipes Against ESET Server Security
Posted Nov 16, 2021
Authored by Aldair Raya Del Rio

Whitepaper called Pass-The-Hash Attack on Named Pipes against ESET Server Security. Written in Spanish.

tags | paper
SHA-256 | f9316a93cdca8ab23c7d80dd39ad820bd1df91d1d115107172ebf3e6abcf7799
AIoTS 4th Annual Workshop Call For Papers
Posted Nov 10, 2021
Site mujeebch.github.io

The call for papers has been announced for the 4th international workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS). It will be co-located with the ACNS2022 conference June 20 through the 23rd in Rome, Italy.

tags | paper, conference
SHA-256 | 93e3635739ba0bfd607e2ca07b7aed66f2efbf31ba1d7bb6fb8e6f40b4743083
Seguridad En Las API's
Posted Nov 10, 2021
Authored by Cesar Bustos

Whitepaper discussing the OWASP top ten and security of APIs. Written in Spanish.

tags | paper
SHA-256 | 5d6c059cffab55d95f06d12ecf6b042c525b6ac3c50432367d0c388815310a67
My Neighbor's Flat Smells Like Data
Posted Nov 8, 2021
Authored by Gerard Fuguet

Whitepaper on hacking smart switches to capture credentials for a network.

tags | paper
SHA-256 | f8f67bb8bd3d07c337c5634f1d46b38d4f4c0584c9fdd46ad313d8f83fd77937
Estudio Detallado De La Ingenieria Social
Posted Nov 4, 2021
Authored by Fermin Franco

This whitepaper is a detailed study of social engineering. Written in Spanish.

tags | paper
SHA-256 | c9a4ab55a4fe280401423634db648f2ba46834faec23f18e384c23d5b80c5916
EuskalHack Security Congress V Call For Papers
Posted Nov 2, 2021
Site euskalhack.org

EuskalHack Security Congress Fifth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fifth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 24th and 25th of June 2022 in the lovely city of Donostia San Sebastian.

tags | paper, conference
SHA-256 | 3afb79f9c5c2ee498a58a508b7a49f8cd57ff1c62f0a23ed7a3954d643223070
Analyzing Java Heap Dumps
Posted Oct 26, 2021
Authored by Salman Asad, N. B. Sri Harsha

Whitepaper called Analyzing Java Heap Dumps.

tags | paper, java
SHA-256 | 54d081d0cf45414725ec543774d445e3b65c9e6d220fd49ee159cc2f879bce53
Brute-Force Login And Bypass Account Lockout On elabFTW 1.8.5
Posted Oct 14, 2021
Authored by samguy

Whitepaper that gives an overview on brute-forcing login and bypassing account lockout on elabFTW version 1.8.5.

tags | paper, cracker
SHA-256 | 094a251f151a7eb62b59cfd2e713ac0c84510e643ec38087d3cafab6380e06e8
EDR Protection Is A Myth
Posted Oct 12, 2021
Authored by Deepanshu Khanna

Whitepaper that discusses the functionality of EDR (Endpoing Protection and Response), how it compares to antivirus, and how it can be manipulated.

tags | paper
SHA-256 | ece8d73b3f5b494064886d578b32c0f9fcd8723057d66ff7d4e4b551ab1d242d
Deserialization Of Untrusted Data In jsoniter
Posted Sep 30, 2021
Authored by Adi Malyanker

Whitepaper that discusses deserialization of untrusted data in jsoniter.

tags | paper
SHA-256 | 0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4
OWASP TimeGap Theory Handbook
Posted Sep 25, 2021
Authored by Abhi M Balakrishnan

This is the OWASP TimeGap Theory handbook that discusses TOC/TOU vulnerabilities.

tags | paper, vulnerability
SHA-256 | 3fa653fadddee02d336d318a62bba714ded87e3ad0707724dc715175cf443fc2
Securing Authentication And Authorization
Posted Sep 21, 2021
Authored by Jitendra Kumar Singh

This is a brief whitepaper discussing the securing of authentication and authorization.

tags | paper
SHA-256 | ec474e596a9d9ba2ab9781f4af02b1dee9f12e35a15b86af9d6a4566b3045d04
BSides SF 2022 Call For Papers
Posted Sep 20, 2021
Site bsidessf.org

BSides SF is soliciting papers and presentations for the 2022 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco February 5th through the 6th, 2022.

tags | paper, conference
SHA-256 | 116913a94e74b59af467e5522f2a4c08f2434469de79a58f7d2653633b1bb6cb
Page 3 of 150

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By