This paper investigates why physical control inconsistencies exist and present techniques that can be leveraged to more fully obtain control of the physical systems of the car while only injecting CAN bus messages. It also discusses ways to makes these systems more robust to CAN message injection.
383c15500ebb9e6fd0e34bf42e9e070b737657eb4bcf9930fb34491defdb4078
Whitepaper called A Survey of Remote Automotive Attack Surfaces. This paper attempts to analyze numerous automobiles varying in production year to show how remote attack surfaces have evolved with time and to try to quantify the difficulty of a remote attack for a variety of different automobiles. This analysis will include how large the remote attack surface is, how segmented the ECUs which have physical control of the automobile are from those accepting external input, and the features present in the automobile which allow computers to physically control it. Additionally, this paper recommends defensive strategies including an IDS-type system to detect and prevent these types of attacks.
371d87d27666d1f97678cbf4eec03704f4c1e85029009ee2439690303f7dde28
This whitepaper is a follow-up on car hacking that was an attempt to reduce this barrier to entry so more researchers could get involved.
9249c9c2c9ccfb49896bf3953a0b5ca6d1f19ab6a4f67bc032d488183dad0773
This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548c
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.
50bf49894518deda534f1032b98b7e30137585abe5130ca8b0a557aa5ddf01e5
Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.
9826659afad14c5aaeede84482ba6c38303eb65a202931871de20350a1ab3548
This is a whitepaper that discussing penetration testing against web services. Written in Turkish.
4883e0979bed91e02253acc95f59113aa6d85ba94b5cdfa5e26ea275754dd7e0
Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).
66c928dae742c5b1f66c19385575361b4ebbbe5aef56979b8945aa3f1562cf31
Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.
3c51b078f0d29ee8f8f11fe84b643afac24b5da42fb26ebb75e637de90e17d12
Whitepaper discussing local file disclosure attacks via remote SQL injection.
940d4b6633aae1d9c2af7031f2faf416054ec79ee99ea8bae458b1ec6d9ba112
This write up discusses how to leave a persistent root shell on a Telstra 4GX portable router.
7a80dcc21f0f695423e49bcf2557195fb27939c236ec9f1533baea601f1ac355
The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.
e8819e38284ae00f42181afdbb067dcbb1901e3845adf87a0c7b6914ed3d9c52
This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.
e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48
This whitepaper contains research details an attack timeline, documents what vulnerability was exploited, and provide recommendations on how to avoid data breaches in SAP systems.
dcff6a0ea2091f5fe7bffdc14f8099eaff07f1cd9faee672d80b8d8bfb1b39fb
The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f
This paper is simply a large collection of code snippets that can be leveraged when building/designing exploits.
8c5a1d0f7b26d5df5b5a8f3bd678e2f8b74dca78a2b8d965e4b11b2712ac8f55
This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.
0ddf38fc9a6ebf83ee98eff187bf56078b44d152d0cee625cb886a34f9cce193
In this paper, they authors present an implementation vulnerability found in some popular social login identity providers (including LinkedIn, Amazon and Mydigipass.com) and show how this vulnerability allowed them to impersonate users of third-party websites.
acd7f10d948ec0bd229808e6ce9cbdcb95ea98fae082067f187f1c0429619fbd
This whitepaper discusses exploitation of CVE-2014-4113 on Windows 8.1.
347b65c62cf9b21ce7a51217f70945df6a72439a4ef09808f6143d9103ce6fc4
This is a brief whitepaper that provides an analysis of account lockout schemes used to prevent bruteforce attacks.
8e18db6be674d94c9a87db4b797085812ec8e170e75ee52055331ec7fa17383e
Whitepaper called HTML5 Modern Day Attack and Defence Vectors. This paper analyzes most of the features introduced in HTML5 along with the vulnerabilities each feature introduces.
8513f4316667a90362b7aad6528db9107c77904abf213c45d1e612037dd3eaf3
This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.
e01e929f0159f35636b57ccb14d23133cee0871e331625923ed2e065e0033b49
The purpose of this paper is to learn the basics of 64 bit-based buffer overflows.
92b364bc1b263acbd077dd7cedc3f52b9435792bd5f47a3ac4db9084521cb9bf
This is a whitepaper that goes into detail on downloading configuration files and exploiting the TP-Link TD-W89.
2dfc73d9ef994b03b446f888c6817b5c32e2be979c223712e3c435c81878b3b7
This article goes into detail on how to overflow a custom heap in Microsoft Windows 7.
da85d1c71e43d3dd424e4a8554fff860e473083210aa9ad816da6ab171e9b515