Dancho Danchev wrote a personal 100 page memoir.
8768965b892b82131fe72867147c1aa8f5bde8ae1c52f43f5116c6cb6e7afd3fThis is a whitepaper that gives an overview of the PIP vulnerability in Android 11.
de30f374a906fe8d9c0d8bb8b7dfebcf0db353f3671a5b1d8f515460f9e6c36dWhitepaper called Attacking Optical Character Recognition System.
27d4178ceb7a28e6651e0994b57cf6748e06a11feff3bb4601978c419df69e91This article focuses on using the NT hash to execute commands successfully on the target server which includes ESET Server Security and File Security even if the packet inspection settings restrict communication with a few services.
73f932909f758032767a6c41c634328ff69c7b2451dec44e6313edfddc0e6afaThis paper contains a step by step detailed walk-through of different nmap scanning techniques and how the nmap traffic looks like in wireshark for each scan. The objective of documenting the paper is to get a better understanding of packets while initiating any nmap scan so that it can help in bypassing firewalls or debugging what went wrong between the source and destination. It can also help in writing basic firewall rules.
e98eb4f64e115f6a22e5fb658a650a8f88305b65ab9f8584011c81fe80099560This whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
3c9df4f24a784d6c632f742ca3902c18462336b6f1ee4031041e932d800f8a5dThe call for papers for hardwear.io 2021 in the Netherlands is now open. It will take place October 28th through the 29th, 2021 at NH Hotel Den Haag, The Netherlands.
68c8cf7a45d193d9d0d1360a6d987ce1ee4b0018bcef8b1a265a29c1fb7d7a14Whitepaper called Smart Contract Automated Testing Guidelines that provides guidance on automation.
2637d58d1c7c59b0e8b57db8f391f84b9a001dcc6d498f48455236de4f4f2d0aWhitepaper discussing BIZARRELOVETRIANGLE and FULLCLIP - JNLP parameter injection attacks to remote, persistent, multi-os code execution.
0544f59a1e884ac5e4753711797fde21b5db764b310bbdc41f2106aa58ffdef4Brief whitepaper that goes through proxy, ssh, and vpn pivoting during an attack. Written in Arabic.
a1e855c508e17641d2eb114eced9cbb69be22f676f04484aaf30c490b078784eWhitepaper called 'node-serialize' Remote Code Execution - Web Shell. Written in Turkish.
5258591e002e919f55d52d14edd0cf8d6b32488ebf99fbf4b7583e1a674d53bbWhitepaper called Penetration Testing Web Storage (User Experience). Written in Arabic.
ac64e028c271cb652e3c0e80ad58084627611674cb22fcd6bb4a831a7c2fced8This whitepaper illustrates exploitation of an insufficient data validation vulnerability in the Chromium framework.
b518b651332d5b50eee9efb4b357a5e396fada0eba42899f6a54932aabdff483This research paper explains how to take advantage of windows services, how to mimic display names to deploy malicious beacons or even Meterpreter sessions.
e1a4a62a90edd81fc9429eb3e16e8be7198bf5bc28a6abec8b729d347a942b26This e-book gives an overview of how to approach assessing WordPress plugins for vulnerabilities and common vectors of attack.
e66d1b3feb40251693712a7381b3bf18fb112a40e5a99d570e55530e8cadfbfaThis is a research paper that gives an overview of cracking pi-hole password hashes.
687155fdc445a42788cc41d3f903e89b54bbc18bb85f359808d45b10b2e51fe3Whitepaper called Truth of Cross Site Scripting. It gives an overview of types of cross site scripting and how the attacks are achieved.
289402d119429de05aaa98fba905a55adee29689c0309d7affdd2e784a584b23Whitepaper called Windows Win32k Elevation of Privilege Vulnerability. It details exploitation and an overview of CVE-2021-1732.
a9380503b2a681de62499f1daeafb145966439dc2c08d757cb57d440409aaee2Whitepaper giving an overview of a remote code execution vulnerability that exists in CMS Made Simple version 2.2.13.
e8e543b0e7f3d1f441248d328301c18373431ac24f8ad36bc50bc9bebcac44d8Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ecThis is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
599c840a9119e2c8108281701779707886926208b2da13457cc0150074c5afdfThe document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.
7380c1055909d23c493abb4f5067d3428e536c6a0041025856be420b9c8732fbThis paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.
6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.
0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216The Call For Papers has been announced for the 2nd Joint Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2021). It will be held in Seoul, South Korea on November 15, 2021.
b06d8635ef575b104a9761e12224a79c99747d65270f61cbffee99241b943c7d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed