Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.
a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1cThis is a whitepaper that discusses DNS spoofing. Written in Spanish.
f2ea4bf58281fa68bc973561373c15277c62566c003a2f7a9096cddecd79929eThis document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.
ff7bcacb2c7403598821beac18efca74a1f7003754707a0f87aff49223d1293aWhitepaper called Mail Information Gathering AppScript. This paper contains the exploitation of vulnerabilities for collecting email information using Google utilities via App Script using the Gmail App class. This paper exposes the design of a web application that collects mail information from users with associated Google mail accounts.
bb58e73be8e657614e1304dca838b2c7c09c9f5bf8e0bb733adf4f93ad1f3671This whitepaper is an overview on the Microsoft MSHTML remote code execution vulnerability recently highlighted in CVE-2021-40444.
087e3d97e374ce1d4b7286735f7a428ab28ea89b53f87246c6b35e526a161c30The Nullcon Berlin 2022 Call For Papers is open. It will take place April 8th through the 9th, 2022 in Berlin, Germany.
198c70e918acee017241f39e3a28687dd2d5c957ff48b61de4f62dee5c5b1c00This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like path traversal and remote code execution.
f1aae18afbd9ad17a4af83ba0fe8f963226438309f210e48576d57b0bdf705a2This whitepaper provides an overview of a Polkit authentication bypass vulnerability that allows for local privilege escalation.
93e86eaad4a245a57200302487bb9941411bfdb877a212d1a63b777283e5ebdbWhitepaper called Wireshark for Newbies. Written in Spanish.
4eba6ef7844800c28ebd51692b48a6153ba4549162d4af3786f0e308332432dbWhitepaper that gives an analysis of the remote code execution vulnerability noted in CVE-2019-11932 for WhatsApp that affects versions prior to 2.19.244. Written in Spanish.
7866772d314829babcae8d60f3a6173f7e55759aac6e5184ca91290e471e6320Whitepaper called PrintNightmare Vulnerability. This document illustrates the exploitation of the vulnerability found in the Windows spooler service. Originally thought to be a local privilege escalation vulnerability in the Windows Print Spooler, identified as CVE-2021-1675 and patched during Microsoft's June Patch. Microsoft increased the severity of this issue on June 21 as well as reclassifying it as a 'remote code execution' (RCE) threat. This RCE vulnerability has been assigned a new identifier, CVE-2021-34527.
a5647c132e4877c92a507d0bcd1ac0ea57ab7bb3dca97b06b3806f2dcf13942fIn this paper, the authors conduct an analysis of the previously over-looked attack surface related to DNS, and are able to uncover even stronger side channels that have existed for over a decade in Linux kernels. The side channels affect not only Linux but also a wide range of DNS software running on top of it, including BIND, Unbound and dns-masq. They also discovered that about 38% of open resolvers (by frontend IPs) and 14% (by backend IPs) are vulnerable including the popular DNS services such as OpenDNS and Quad9.
285348238e1453af785253da8bbd1e4ba41081c23566393003c3960304917844Whitepaper called Pass-The-Hash Attack on Named Pipes against ESET Server Security. Written in Spanish.
f9316a93cdca8ab23c7d80dd39ad820bd1df91d1d115107172ebf3e6abcf7799The call for papers has been announced for the 4th international workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS). It will be co-located with the ACNS2022 conference June 20 through the 23rd in Rome, Italy.
93e3635739ba0bfd607e2ca07b7aed66f2efbf31ba1d7bb6fb8e6f40b4743083Whitepaper discussing the OWASP top ten and security of APIs. Written in Spanish.
5d6c059cffab55d95f06d12ecf6b042c525b6ac3c50432367d0c388815310a67Whitepaper on hacking smart switches to capture credentials for a network.
f8f67bb8bd3d07c337c5634f1d46b38d4f4c0584c9fdd46ad313d8f83fd77937This whitepaper is a detailed study of social engineering. Written in Spanish.
c9a4ab55a4fe280401423634db648f2ba46834faec23f18e384c23d5b80c5916EuskalHack Security Congress Fifth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fifth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 24th and 25th of June 2022 in the lovely city of Donostia San Sebastian.
3afb79f9c5c2ee498a58a508b7a49f8cd57ff1c62f0a23ed7a3954d643223070Whitepaper called Analyzing Java Heap Dumps.
54d081d0cf45414725ec543774d445e3b65c9e6d220fd49ee159cc2f879bce53Whitepaper that gives an overview on brute-forcing login and bypassing account lockout on elabFTW version 1.8.5.
094a251f151a7eb62b59cfd2e713ac0c84510e643ec38087d3cafab6380e06e8Whitepaper that discusses the functionality of EDR (Endpoing Protection and Response), how it compares to antivirus, and how it can be manipulated.
ece8d73b3f5b494064886d578b32c0f9fcd8723057d66ff7d4e4b551ab1d242dWhitepaper that discusses deserialization of untrusted data in jsoniter.
0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4This is the OWASP TimeGap Theory handbook that discusses TOC/TOU vulnerabilities.
3fa653fadddee02d336d318a62bba714ded87e3ad0707724dc715175cf443fc2This is a brief whitepaper discussing the securing of authentication and authorization.
ec474e596a9d9ba2ab9781f4af02b1dee9f12e35a15b86af9d6a4566b3045d04BSides SF is soliciting papers and presentations for the 2022 annual BSidesSF conference. It will be located at City View at the Metreon in downtown San Francisco February 5th through the 6th, 2022.
116913a94e74b59af467e5522f2a4c08f2434469de79a58f7d2653633b1bb6cb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed