This whitepaper shows that the security threat from DMPs is significantly worse than previously thought and demonstrates the first end-to-end attacks on security-critical software using the Apple m-series DMP. Undergirding the author's attacks is a new understanding of how DMPs behave which shows, among other things, that the Apple DMP will activate on behalf of any victim program and attempt to leak any cached data that resembles a pointer.
a26af7248f3a7458c6db704eb23699f3163f79dcf78ceedd895d0097eb93941bIn this paper, the authors present the first GPU cache side-channel attack from within the browser, more specifically from the restricted WebGPU environment. The foundation for our generic and automated attacks are self-configuring primitives applicable to a wide variety of devices, which they demonstrate on a set of 11 desktop GPUs from 5 different generations and 2 vendors.
6c5387e050fc45456bdc1a46bd17a019b33a674a9d2100d5130f5e042b53b654In this paper, the authors show that the design of DNSSEC is flawed. Exploiting vulnerable recommendations in the DNSSEC standards, they developed a new class of DNSSEC-based algorithmic complexity attacks on DNS, they dubbed KeyTrap attacks. All popular DNS implementations and services are vulnerable. With just a single DNS packet, the KeyTrap attacks lead to a 2.000.000x spike in CPU instruction count in vulnerable DNS resolvers, stalling some for as long as 16 hours. This devastating effect prompted major DNS vendors to refer to KeyTrap as "the worst attack on DNS ever discovered". Exploiting KeyTrap, an attacker could effectively disable Internet access in any system utilizing a DNSSEC-validating resolver.
4c1743e665520f276be83b47e7a1ae86496ca84f1935e9197aa5b5736fc57eb4Whitepaper called Everlasting ROBOT: the Marvin Attack. In this paper, the author shows that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key.
11fd5f5eb17765f91bb0b2d7fe6530d7a6e1e20781250cc9cc5e701006d329c9Whitepaper discussing how to crack Notezilla passwords.
db3961e08ef61a0d202ba7ab4184a19ba1f3ed41a5461a43cca0d7b0d4c10807Whitepaper called Attacking Optical Character Recognition System.
27d4178ceb7a28e6651e0994b57cf6748e06a11feff3bb4601978c419df69e91This whitepaper focuses on explaining the Apache Ghostcat vulnerability and how it can be used to read file contents of all web applications deployed on Tomcat.
dc2b8740104317c36ad79dcb929d334c237272637cf804d3dfc086cec7bb44d1Whitepaper called Exploiting Unrestricted File Upload via Plugin Uploader in WordPress.
efdbdb90e446a0fac9ede57a38883f4aa80f9e270ca7fa7750a06b3b479136afThis is a brief whitepaper that discusses buffer overflows and analysis with the Immunity Debugger.
73127a9cc87fc8a939672df63d83e98a8b71f9eac62cd948cf7afa9a24f08ecbWhitepaper called Injecting .NET Ransomware into Unmanaged Process.
7e890c6dff5ae8156d98429f6fe186edb3369beed0fab15a6a007e3594801cf7Whitepaper that appears to be authored by Phineas Fisher called HackBack - A DIY Guide To Rob Banks. Written in Spanish.
27c62be8c0f63cf1ea3399eb23af8641daf76da0da42c41d2bcd2bfc8fd2bdbeWhitepaper that appears to be authored by Phineas Fisher called HackBack - A DIY Guide To Rob Banks.
6f4bda574c8c9dd1977b94777b2459398ec711e90dcdc1ffba003ee3fe468b72The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, the authors analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents.
517f98746fe2867354db4d9e80fb07916b9d1d2b6c386ab280af27aaadc9b848This is a guide to red teaming operations. It covers the basic questions like what is a red team, differences between red teaming and vulnerability assessments along with advance theory such as how red team engagements are done. Thought processes and legal processes are also covered.
5cc2490b24414f5aeb2a2e09e0c87501a01a2b68b64b7528e03498377c40dfb4This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.
8a7fc1857be351bac85ed32986c92e1568085599649c4da76ee6420d59f718c5This is a whitepaper that goes over methodologies for web application penetration testing. It is very thorough with examples and overviews.
5f258ff9e75dba499306df2a06fa89e9eebcc2fd3b3ee0b82a6a2a06f26b66fdWhitepaper called Meltdown. It discusses how you can bypass Intel's hardware barrier between applications and the computer's core memory.
593ea59090a096211b06194fb5985d5c2ea2b5bd85b540d01802d5d7da2d36f8Whitepaper called Spectre Attacks: Exploiting Speculative Execution. It discusses how to trick error-free applications into giving up secret information.
d1a3c8c49faea6321bd01e706e0957012c18a94e1a187f1a5477c0e82270dc51Short whitepaper called New Methods of Payload Delivery - MSFVenom.
9e1586814423a97f1e8fa42862660c5a5d2c1d8bb20f89737c24e0484f2acf2dOn April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.
fa13189f37eae3318ce25b3bd600e5e83270e401b53f1a2fd4a6340b7b1a8803A write up by the hacker who hacked FlexiSpy.
210438ee4534c14e66292144d27d635e0535da4750c255a43ca819509ebce9a3Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.
8a4bf253d346e6edb5debbc3d0af1853e0c2c708d9b3c1a2b28a8685f580d674Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.
cd9224d9caca3f6b88269980123d5374486f1353fbc9efb50253557b2a53a6c0Whitepaper entitled HackBack - A DIY Guide.
13106443a0101118a7a673f7eab1962e92e195d9d493092b209fc627e5dc9db6This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.
d7f534a978ca4d25721f39404f7aad67339b186a0025047f6293bf98556c1d36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed