This whitepaper discussing using the Domain Name System (DNS) to communicate with hosts in separated networks using the open source tool outis.
65b92759a9b48cee3f0a1add8bbab003
Side channel attacks against cryptographic systems involve identifying ways in which their physical implementations leak useful information. A cryptographic algorithm may be secure on paper but when implemented on physical hardware some of the secret data, such as key bits, may potentially be recovered by an attacker by measuring various physical properties whilst encryption or decryption is being performed. This essay reviews the most successful countermeasures that can be used to make different classes of side channel attacks as difficult as possible. An understanding of basic principles of cryptography is assumed.
cac393efbdd310e9a2ca73805bcb9ebd
Whitepaper called BluedIoT: When a mature and immature technology mixes, becomes an "idiot" situation.
354a4d6912f8718e27ab4e72caee78c9
The International Conference on Internet of Things and Machine Learning (IML 2017) will be held from October 17th through the 18th, 2017 in Liverpool John Moores University, Liverpool city, United Kingdom. Through its technical program, the conference aims to provide an outstanding opportunity for both academic and industrial communities alike to address new trends and challenges, emerging technologies and progress in standards on topics relevant to today's fast moving areas of Internet of Things and Machine Learning. This workshop will discuss new results in the field of Internet of things and machine learning.
7bd2c1391afd79fcb4dcfceb63063887
A write up by the hacker who hacked FlexiSpy.
749511fa1b92d7722d352af8137558ce
Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.
b557eab1296015871663c2a205da3ccd
Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.
1e4a3a38e424f1f49d5678019db173bd
Whitepaper entitled HackBack - A DIY Guide.
cb504760265cc4bebfc1f9114b25fef9
This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.
8ef1c05f03804965a8e0959a7cddb361
This paper investigates why physical control inconsistencies exist and present techniques that can be leveraged to more fully obtain control of the physical systems of the car while only injecting CAN bus messages. It also discusses ways to makes these systems more robust to CAN message injection.
25920aec7946aa6f96de1c56e09a1183
Whitepaper called A Survey of Remote Automotive Attack Surfaces. This paper attempts to analyze numerous automobiles varying in production year to show how remote attack surfaces have evolved with time and to try to quantify the difficulty of a remote attack for a variety of different automobiles. This analysis will include how large the remote attack surface is, how segmented the ECUs which have physical control of the automobile are from those accepting external input, and the features present in the automobile which allow computers to physically control it. Additionally, this paper recommends defensive strategies including an IDS-type system to detect and prevent these types of attacks.
57b3fa5787893314a0300f8c18e243a7
This whitepaper is a follow-up on car hacking that was an attempt to reduce this barrier to entry so more researchers could get involved.
eb246a73301a997dcab1f41718591906
This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
30228610ed457bed8670b8f3dcfdd1b6
Final call for the third annual Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.
b2356a36a9744a3e5bec326c67502810
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.
6074d8aecbb5bfe4f10b3186617d1b5b
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.
9923b32818775889684c2df610bb45d5
This is a whitepaper that discussing penetration testing against web services. Written in Turkish.
0d44214ba96b783c46bbca2a6e34d070
The c0c0n 2017 call for papers has been announced. It will take place August 17th through the 19th, 2017 at Le Meridien, Kochi (Cochin), Kerala, India
334aec1e51ee1622244bb760b9b471c9
This paper reviews fuzzing and its context within the field of information security research. We firstly examine how vulnerabilities come to exist in software and how security researchers find them. After a brief overview of common vulnerability types and methods of static analysis, we look in more depth at the field of fuzzing. Competing approaches to fuzzing are examined, from simple random inputs all the way to using genetic algorithms and taint analysis. The importance of measuring code coverage to evaluate the completeness of a fuzzing campaign is examined. Finally, previous work on fuzz testing of web browsers is reviewed.
05ec78341cba442fad300cb679ddfbf5
Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).
db1a8ee4cfe26b0939e229c55041d19f
Whitepaper called Art of Anti Detection 3 - Shellcode Alchemy.
64ff3c0796f34131b1d9f45424cafb8b
Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.
08c726c194f04ec842f3c33ac2386895
Whitepaper discussing local file disclosure attacks via remote SQL injection.
dba854d85b85d2a54ff8aebeba6b9d29
hardwear is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. It will take place September 21st through the 22nd, 2017 in The Hague, Netherlands.
6dded008afb7533d12b8def9f2c712d6
Whitepaper called RSA Asymmetric Polymorphic Shellcode. It discusses how to encrypt and decrypt the opcodes of the shellcode, how the program that decrypts the shellcode was built and how to get the opcodes, and much more.
6ef6ad85f67a041f723657484409f983