exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 3,772 RSS Feed

Whitepaper Files

FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
Hacking Zyxel IP Cameras To Get A Root Shell
Posted Aug 17, 2022
Authored by Eric Urban | Site hydrogen18.com

This paper is an in-depth blog post on hacking Zyxel IP cameras to obtain a root shell.

tags | paper, shell, root
SHA-256 | b1c1d5af6bd2b118ab3a1c720fe41a27cfec41885c4cf555570f4e8a14d7f78b
Race Against The Sandbox
Posted Aug 16, 2022
Authored by The Abyss Labs | Site theabysslabs.github.io

Whitepaper called Race Against the Sandbox - Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.

tags | exploit, paper, root
advisories | CVE-2022-21881
SHA-256 | 0f616b5cf39ba9d918c5536f81ef8913f0d5085d06313e728467400d30c01737
Abusing Microsoft System Center Configuration Manager (SCCM)
Posted Jul 29, 2022
Authored by Mazen Al-Faifi

Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.

tags | paper
SHA-256 | 5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951
2nd International Workshop On Cyber Forensics And Threat Investigations Challenges Call For Papers
Posted Jul 19, 2022
Site easychair.org

The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.

tags | paper, conference
SHA-256 | a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10
CPSIoTSec 2022 Call For Papers
Posted Jul 1, 2022
Site cpsiotsec2022.github.io

The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.

tags | paper, conference
SHA-256 | 210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880b
Hardwear.io NL 2022 Call For Papers
Posted Jul 1, 2022
Authored by hardwear.io CFP

The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.

tags | paper, conference
SHA-256 | 2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2
No cON Name 2022 Barcelona Call For Papers
Posted Jun 28, 2022
Site noconname.org

The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.

tags | paper
SHA-256 | d8182cfe16d9ccbd8e7da1be7700730af253ceafe0069e08c13e7dd297ae1bfc
Are Blockchains Decentralized? Unintended Centralities In Distributed Ledgers
Posted Jun 22, 2022
Authored by Felipe Manzano, Talley Amir, Evan Sultanik, Mike Myers, Sam Moelius, Trent Brunson, Eric Kilmer, Sonya Schriner, Alexander Remie | Site github.com

Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.

tags | paper, protocol
SHA-256 | 7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5
Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

tags | paper, protocol, xss
systems | cisco
SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

tags | paper, protocol, xss
SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
COOPER: Testing The Binding Code Of Scripting Languages With Cooperative Mutation
Posted May 13, 2022
Authored by Purui Su, Hong Hu, Yanhao Wang, Peng Xu | Site huhong789.github.io

Scripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.

tags | paper, javascript, vulnerability
SHA-256 | 5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911
Cracking Notezilla Passwords
Posted May 11, 2022
Authored by Salman Asad

Whitepaper discussing how to crack Notezilla passwords.

tags | paper
SHA-256 | db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807
nullcon Goa 2022 Call For Papers
Posted Apr 28, 2022
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.

tags | paper, conference
SHA-256 | 39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
Spamhaus Botnet Threat Update Q1 2022
Posted Apr 26, 2022
Site spamhaus.com

This is the Spamhaus Botnet Threat Update for Q1 2022. It shows a modest increase of 8% in the new number of botnet command and controllers.

tags | paper
SHA-256 | 27881d2519cb2cb26262ed765a46dee0f7d9f74eee33851a0592cb21197cffd3
Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels
Posted Apr 19, 2022
Authored by Max Van Kleek,, Nigel Shadbolt, Anastasia Shuba, Reuben Binns, Konrad Kollnig | Site arxiv.org

This is a research paper titled Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels. It analyzes 1,759 iOS apps before and after the changes in iOS 14.

tags | paper
systems | ios
SHA-256 | f2c94b3fe30d62f6090a9abdcdc56152591090977c196e48ef151cadea9e410a
Are You Really Muted? A Privacy Analysis Of Mute Buttons In Video Conferencing Apps
Posted Apr 15, 2022
Authored by George K. Thiruvathukal, Yucheng Yang, Kassem Fawaz, Jack West, Neil Klingensmith | Site wiscprivacy.com

Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.

tags | paper
SHA-256 | 050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
Ansible Quick Shot Red Teaming Cheatsheet
Posted Apr 11, 2022
Authored by Cody Sixteen | Site code610.blogspot.com

This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.

tags | paper
SHA-256 | 0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
What Data Do The Google Dialer And Messages Apps On Android Send To Google?
Posted Mar 28, 2022
Authored by Douglas J. Leith

In-depth whitepaper that casts light on the actual telemetry data sent by Google Play Services, which to date has largely been opaque.

tags | paper
SHA-256 | 1961b146927a5d663ba288e9e0655edeb281a7f9333b4a2e556204df1aadc496
Passive Inter-Modulation Sources And Cancellation Methods
Posted Mar 24, 2022
Site yupanatech.com

Whitepaper that discusses passive inter-modulation sources and cancellation methods. When two or more signals of different frequencies pass through a nonlinear system, intermodulation distortion (IMD) occurs, resulting in the formation of spurious distortion signals. IMD is most commonly found in active circuits of a radio system, but it can also be found in passive wireless components such as lters, transmission lines, connectors, antennas, attenuators, and so on, especially when transmit power is quite high. Passive intermodulation (PIM) distortion is the name given to the IMD in the latter scenario. With the evolution of radio systems and the scarcity of radio spectrum, PIM interference is being recognized as a potential stumbling block to a radio network's maximum capacity. This article classifies the PIM sources in BS radio systems into two categories, internal and external sources. Internal sources are the radio's passive components such lters, transmission lines, connections, antennas, and so on. External sources, on the other hand, are passive items that are located outside of the BS antenna but inside the RF signal path, such as metallic and rusted objects in the antenna near eld. The high power current flowing through such passive devices can cause nonlinear behavior, resulting in IMD for both types of sources. Also, a review of PIM mitigation techniques is presented in the article.

tags | paper
SHA-256 | cf614fd9aec75f56c27a43e6f47b0a0ad97338db9c10ee853cbd6a9b35d11692
PE Infection
Posted Feb 28, 2022
Authored by Hejap Zairy Al-Sharif

Whitepaper called PE Infection that discusses portable execution injection and exploitation. Written in Arabic.

tags | paper
SHA-256 | e0534cb924c64a357ac0fc2ed8a017fc1a7e5701279ab670c791cde630d32ab9
OPENSSLDIR Privilege Escalation
Posted Feb 18, 2022
Authored by Marlon Petry

Whitepaper called OPENSSLDIR - The adventures of hidden folder to privilege escalation.

tags | paper
advisories | CVE-2021-2307
SHA-256 | 169de44bba1064b1fdf63754db8a9eba9c5bd777fa8e4e5dd12cb47dfe4af528
ICICS 2022 Call For Papers
Posted Feb 11, 2022
Site cyber.kent.ac.uk

The call for papers for the 24th International Conference on Information and Communications Security (ICICS 2022) has been announced. It will take place at the University of Kent, Canterbury, UK on September 5th through the 8th, 2022.

tags | paper, conference
SHA-256 | c5858f9c626e3726677487db4f6dd8a236b35385ed21c9145dda99e6fcb0a1d3
CarolinaCon Online 2 Call For Papers
Posted Jan 28, 2022
Site carolinacon.org

CarolinaCon Online 2 will be hosted April 29th to May 1st, 2022. The conference will be virtual and submitted talks will be live streamed.

tags | paper, conference
SHA-256 | fff7bbd7db49ebd9315d7d680ff911339bafb26146b0e7b53c22f7e97b628388
27th ESORICS Call For Papers
Posted Jan 25, 2022
Site esorics2022.compute.dtu.dk

The 27th European Symposium on Research in Computer Security (ESORICS) 2022 call for papers has been announced. It will take place September 26th through the 30th, 2022, in Copenhagen, Denmark.

tags | paper, conference
SHA-256 | d6d561f5decef2aeebfa90197d0283329d02bb79413abb4a528024c02cec78af
Page 3 of 151
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close