exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 3,775 RSS Feed

Whitepaper Files

Microsoft Outlook 2019 16.0.12624.20424 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper discussing CVE-2020-1349 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.12624.20424 when it fails to properly handle objects in memory.

tags | advisory, paper, remote, code execution
advisories | CVE-2020-1349
SHA-256 | 0cbeab94a42718d9dc0fbddcb25e670799fb9171ff9f4aa0d640945941711759
PatrIoT: Practical And Agile Threat Research For IoT
Posted Nov 18, 2022
Authored by Emre Suren, Robert Lagerstrom, Fredrik Heiding, Johannes Olegard | Site doi.org

PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

tags | paper
SHA-256 | 7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119
Nullcon Berlin 2023 Call For Papers
Posted Oct 17, 2022
Site nullcon.net

The Nullcon Berlin 2023 Call For Papers is open. It will take place March 9th through the 10th, 2023 in Berlin, Germany.

tags | paper, conference
SHA-256 | fe1cb7a63d18537e4b4b907db517cecd2187c370eebe4852d306e3dc81a202d3
FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
Hacking Zyxel IP Cameras To Get A Root Shell
Posted Aug 17, 2022
Authored by Eric Urban | Site hydrogen18.com

This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.

tags | paper, shell, root
SHA-256 | b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78b
Race Against The Sandbox
Posted Aug 16, 2022
Authored by The Abyss Labs | Site theabysslabs.github.io

Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.

tags | exploit, paper, root
advisories | CVE-2022-21881
SHA-256 | 0f616b5cf39ba9d918c5536f81ef8913f0d5085d06313e728467400d30c01737
Abusing Microsoft System Center Configuration Manager (SCCM)
Posted Jul 29, 2022
Authored by Mazen Al-Faifi

Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.

tags | paper
SHA-256 | 5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951
2nd International Workshop On Cyber Forensics And Threat Investigations Challenges Call For Papers
Posted Jul 19, 2022
Site easychair.org

The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.

tags | paper, conference
SHA-256 | a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10
CPSIoTSec 2022 Call For Papers
Posted Jul 1, 2022
Site cpsiotsec2022.github.io

The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.

tags | paper, conference
SHA-256 | 210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880b
Hardwear.io NL 2022 Call For Papers
Posted Jul 1, 2022
Authored by hardwear.io CFP

The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.

tags | paper, conference
SHA-256 | 2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2
No cON Name 2022 Barcelona Call For Papers
Posted Jun 28, 2022
Site noconname.org

The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.

tags | paper
SHA-256 | d8182cfe16d9ccbd8e7da1be7700730af253ceafe0069e08c13e7dd297ae1bfc
Are Blockchains Decentralized? Unintended Centralities In Distributed Ledgers
Posted Jun 22, 2022
Authored by Felipe Manzano, Talley Amir, Evan Sultanik, Mike Myers, Sam Moelius, Trent Brunson, Eric Kilmer, Sonya Schriner, Alexander Remie | Site github.com

Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.

tags | paper, protocol
SHA-256 | 7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5
Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

tags | paper, protocol, xss
systems | cisco
SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

tags | paper, protocol, xss
SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
COOPER: Testing The Binding Code Of Scripting Languages With Cooperative Mutation
Posted May 13, 2022
Authored by Purui Su, Hong Hu, Yanhao Wang, Peng Xu | Site huhong789.github.io

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

tags | paper, javascript, vulnerability
SHA-256 | 5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911
Cracking Notezilla Passwords
Posted May 11, 2022
Authored by Salman Asad

Whitepaper discussing how to crack Notezilla passwords.

tags | paper
SHA-256 | db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
nullcon Goa 2022 Call For Papers
Posted Apr 28, 2022
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.

tags | paper, conference
SHA-256 | 39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
Spamhaus Botnet Threat Update Q1 2022
Posted Apr 26, 2022
Site spamhaus.com

This is the Spamhaus Botnet Threat Update for Q1 2022. It shows a modest increase of 8% in the new number of botnet command and controllers.

tags | paper
SHA-256 | 27881d2519cb2cb26262ed765a46dee0f7d9f74eee33851a0592cb21197cffd3
Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels
Posted Apr 19, 2022
Authored by Max Van Kleek,, Nigel Shadbolt, Anastasia Shuba, Reuben Binns, Konrad Kollnig | Site arxiv.org

This is a research paper titled Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels. It analyzes 1,759 iOS apps before and after the changes in iOS 14.

tags | paper
systems | ios
SHA-256 | f2c94b3fe30d62f6090a9abdcdc56152591090977c196e48ef151cadea9e410a
Are You Really Muted? A Privacy Analysis Of Mute Buttons In Video Conferencing Apps
Posted Apr 15, 2022
Authored by George K. Thiruvathukal, Yucheng Yang, Kassem Fawaz, Jack West, Neil Klingensmith | Site wiscprivacy.com

Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.

tags | paper
SHA-256 | 050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
Ansible Quick Shot Red Teaming Cheatsheet
Posted Apr 11, 2022
Authored by Cody Sixteen | Site code610.blogspot.com

This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.

tags | paper
SHA-256 | 0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
What Data Do The Google Dialer And Messages Apps On Android Send To Google?
Posted Mar 28, 2022
Authored by Douglas J. Leith

In-depth whitepaper that casts light on the actual telemetry data sent by Google Play Services, which to date has largely been opaque.

tags | paper
SHA-256 | 1961b146927a5d663ba288e9e0655edeb281a7f9333b4a2e556204df1aadc496
Passive Inter-Modulation Sources And Cancellation Methods
Posted Mar 24, 2022
Site yupanatech.com

Whitepaper that discusses passive inter-modulation sources and cancellation methods. When two or more signals of different frequencies pass through a nonlinear system, intermodulation distortion (IMD) occurs, resulting in the formation of spurious distortion signals. IMD is most commonly found in active circuits of a radio system, but it can also be found in passive wireless components such as lters, transmission lines, connectors, antennas, attenuators, and so on, especially when transmit power is quite high. Passive intermodulation (PIM) distortion is the name given to the IMD in the latter scenario. With the evolution of radio systems and the scarcity of radio spectrum, PIM interference is being recognized as a potential stumbling block to a radio network's maximum capacity. This article classifies the PIM sources in BS radio systems into two categories, internal and external sources. Internal sources are the radio's passive components such lters, transmission lines, connections, antennas, and so on. External sources, on the other hand, are passive items that are located outside of the BS antenna but inside the RF signal path, such as metallic and rusted objects in the antenna near eld. The high power current flowing through such passive devices can cause nonlinear behavior, resulting in IMD for both types of sources. Also, a review of PIM mitigation techniques is presented in the article.

tags | paper
SHA-256 | cf614fd9aec75f56c27a43e6f47b0a0ad97338db9c10ee853cbd6a9b35d11692
PE Infection
Posted Feb 28, 2022
Authored by Hejap Zairy Al-Sharif

Whitepaper called PE Infection that discusses portable execution injection and exploitation. Written in Arabic.

tags | paper
SHA-256 | e0534cb924c64a357ac0fc2ed8a017fc1a7e5701279ab670c791cde630d32ab9
OPENSSLDIR Privilege Escalation
Posted Feb 18, 2022
Authored by Marlon Petry

Whitepaper called OPENSSLDIR - The adventures of hidden folder to privilege escalation.

tags | paper
advisories | CVE-2021-2307
SHA-256 | 169de44bba1064b1fdf63754db8a9eba9c5bd777fa8e4e5dd12cb47dfe4af528
Page 3 of 151

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By