seeing is believing
Showing 1 - 25 of 326 RSS Feed


New Methods Of Payload Delivery - MSFVenom
Posted Jun 9, 2017
Authored by Zed Hamad

Short whitepaper called New Methods of Payload Delivery - MSFVenom.

tags | paper
MD5 | 9dec8285aef4b1f15a2800a8e8f209b5
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
Posted Jun 7, 2017
Authored by Sean Dillon, Dylan Davis

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.

tags | paper, remote, kernel, vulnerability, code execution
systems | windows, xp, 7
MD5 | 0e04e472a5f9e98389f5f1e13ec2bf50
How FlexiSpy Was Hacked
Posted Apr 26, 2017
Authored by fleximinx

A write up by the hacker who hacked FlexiSpy.

tags | paper
MD5 | 749511fa1b92d7722d352af8137558ce
HackBack - A DIY Guide For Those Without The Patience To Wait For Whistleblowers
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.

tags | paper
MD5 | b557eab1296015871663c2a205da3ccd
HackBack - A DIY Guide, Spanish Version
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.

tags | paper
MD5 | 1e4a3a38e424f1f49d5678019db173bd
HackBack - A DIY Guide
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide.

tags | paper
MD5 | cb504760265cc4bebfc1f9114b25fef9
Remote Exploitation Of An Unaltered Passenger Vehicle
Posted Apr 26, 2017
Authored by Chris Valasek, Charlie Miller

This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.

tags | paper, remote
MD5 | 8ef1c05f03804965a8e0959a7cddb361
CAN Message Injection - OG Dynamite Edition
Posted Apr 26, 2017
Authored by Chris Valasek, Charlie Miller

This paper investigates why physical control inconsistencies exist and present techniques that can be leveraged to more fully obtain control of the physical systems of the car while only injecting CAN bus messages. It also discusses ways to makes these systems more robust to CAN message injection.

tags | paper
MD5 | 25920aec7946aa6f96de1c56e09a1183
A Survey Of Remote Automotive Attack Surfaces
Posted Apr 26, 2017
Authored by Chris Valasek, Charlie Miller

Whitepaper called A Survey of Remote Automotive Attack Surfaces. This paper attempts to analyze numerous automobiles varying in production year to show how remote attack surfaces have evolved with time and to try to quantify the difficulty of a remote attack for a variety of different automobiles. This analysis will include how large the remote attack surface is, how segmented the ECUs which have physical control of the automobile are from those accepting external input, and the features present in the automobile which allow computers to physically control it. Additionally, this paper recommends defensive strategies including an IDS-type system to detect and prevent these types of attacks.

tags | paper, remote
MD5 | 57b3fa5787893314a0300f8c18e243a7
Car Hacking: For Poories A.K.A. Car Hacking Too: Electric Boogaloo
Posted Apr 26, 2017
Authored by Chris Valasek, Charlie Miller

This whitepaper is a follow-up on car hacking that was an attempt to reduce this barrier to entry so more researchers could get involved.

tags | paper
MD5 | eb246a73301a997dcab1f41718591906
nt!_SEP_TOKEN_PRIVILEGES Single Write EoP Protection
Posted Apr 21, 2017
Authored by Kyriakos Economou

This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.

tags | paper, kernel
MD5 | 30228610ed457bed8670b8f3dcfdd1b6
How To Exploit EternalBlue And DoublePulsar Spanish Version
Posted Apr 20, 2017
Authored by Sheila A. Berta

Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.

tags | paper
systems | windows, 7
MD5 | 6074d8aecbb5bfe4f10b3186617d1b5b
How To Exploit EternalBlue And DoublePulsar English Version
Posted Apr 20, 2017
Authored by Sheila A. Berta

Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.

tags | paper
systems | windows, 7
MD5 | 9923b32818775889684c2df610bb45d5
Web Services Penetration Testing
Posted Apr 17, 2017
Authored by Firat Celal Erdik, Mert Tasci

This is a whitepaper that discussing penetration testing against web services. Written in Turkish.

tags | paper, web
MD5 | 0d44214ba96b783c46bbca2a6e34d070
From Zero to ZeroDay Journey: Router Hacking
Posted Apr 6, 2017
Authored by Leon Juranic

Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).

tags | paper
MD5 | db1a8ee4cfe26b0939e229c55041d19f
Attacking RDP - How To Eavesdrop On Poorly Secured RDP Connections
Posted Mar 15, 2017
Authored by Dr. Adrian Vollmer

Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.

tags | paper
MD5 | 08c726c194f04ec842f3c33ac2386895
Local File Disclosure Via SQL Injection
Posted Mar 13, 2017
Authored by Manish Tanwar

Whitepaper discussing local file disclosure attacks via remote SQL injection.

tags | paper, remote, local, sql injection
MD5 | dba854d85b85d2a54ff8aebeba6b9d29
Telstra 4Gx Portable Router Persistent Root Shell
Posted Jan 22, 2017
Authored by David Crees

This write up discusses how to leave a persistent root shell on a Telstra 4GX portable router.

tags | paper, shell, root
MD5 | 5ce382b3e97db0ed2752e7c22784c2b7
Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobilizer
Posted Aug 14, 2015
Authored by Baris Ege, Roel Verdult, Flavio D. Garcia

The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.

tags | paper, crypto, protocol
MD5 | 552ea71c6b3759788ec94e28a8f7c722
BIGINT Overflow Error Based SQL Injection
Posted Aug 5, 2015
Authored by Osanda Malith

This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.

tags | paper, overflow, sql injection
MD5 | 6b07eab8ef3d32101a729a41d8d83e52
Chinese Attack On USIS Exploiting SAP Vulnerability
Posted Jul 15, 2015
Authored by ERPScan Research Team | Site

This whitepaper contains research details an attack timeline, documents what vulnerability was exploited, and provide recommendations on how to avoid data breaches in SAP systems.

tags | paper
MD5 | 9feb968a62c00d045d48c202cb454cf7
Unauthorized Cross-App Resource Access On Mac OS X And iOS
Posted Jun 17, 2015
Authored by XiaoFeng Wang, Xiaojing Liao, Kai Chen, Luyi Xing, Xiaolong Bai, Tongxin Li

The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.

tags | paper
systems | cisco, apple, osx, ios
MD5 | 34ca33c5c84fc14daeecd87c3ead4da7
Exploit Sources Part One
Posted Feb 9, 2015
Authored by Florian MINDZSEC

This paper is simply a large collection of code snippets that can be leveraged when building/designing exploits.

tags | paper
MD5 | d986ae9d51deb20b1c1f4b00488896a4
Blind Command Injection On Embedded Systems
Posted Dec 15, 2014
Authored by Cenk Kalpakoglu

This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.

tags | paper
MD5 | 4793cb924cd104abb532a6ff0d77ef6e
SpoofedMe - Intruding Accounts Using Social Login Providers
Posted Dec 4, 2014
Authored by Roee Hay, Or Peles

In this paper, they authors present an implementation vulnerability found in some popular social login identity providers (including LinkedIn, Amazon and and show how this vulnerability allowed them to impersonate users of third-party websites.

tags | paper
MD5 | b7ac7ad3e6649189ecd29e7c94daf083
Page 1 of 14

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By