This paper investigates why physical control inconsistencies exist and present techniques that can be leveraged to more fully obtain control of the physical systems of the car while only injecting CAN bus messages. It also discusses ways to makes these systems more robust to CAN message injection.
383c15500ebb9e6fd0e34bf42e9e070b737657eb4bcf9930fb34491defdb4078Whitepaper called A Survey of Remote Automotive Attack Surfaces. This paper attempts to analyze numerous automobiles varying in production year to show how remote attack surfaces have evolved with time and to try to quantify the difficulty of a remote attack for a variety of different automobiles. This analysis will include how large the remote attack surface is, how segmented the ECUs which have physical control of the automobile are from those accepting external input, and the features present in the automobile which allow computers to physically control it. Additionally, this paper recommends defensive strategies including an IDS-type system to detect and prevent these types of attacks.
371d87d27666d1f97678cbf4eec03704f4c1e85029009ee2439690303f7dde28This whitepaper is a follow-up on car hacking that was an attempt to reduce this barrier to entry so more researchers could get involved.
9249c9c2c9ccfb49896bf3953a0b5ca6d1f19ab6a4f67bc032d488183dad0773This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548cWhitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.
50bf49894518deda534f1032b98b7e30137585abe5130ca8b0a557aa5ddf01e5Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.
9826659afad14c5aaeede84482ba6c38303eb65a202931871de20350a1ab3548This is a whitepaper that discussing penetration testing against web services. Written in Turkish.
4883e0979bed91e02253acc95f59113aa6d85ba94b5cdfa5e26ea275754dd7e0Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).
66c928dae742c5b1f66c19385575361b4ebbbe5aef56979b8945aa3f1562cf31Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.
3c51b078f0d29ee8f8f11fe84b643afac24b5da42fb26ebb75e637de90e17d12Whitepaper discussing local file disclosure attacks via remote SQL injection.
940d4b6633aae1d9c2af7031f2faf416054ec79ee99ea8bae458b1ec6d9ba112This write up discusses how to leave a persistent root shell on a Telstra 4GX portable router.
7a80dcc21f0f695423e49bcf2557195fb27939c236ec9f1533baea601f1ac355The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.
e8819e38284ae00f42181afdbb067dcbb1901e3845adf87a0c7b6914ed3d9c52This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.
e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48This whitepaper contains research details an attack timeline, documents what vulnerability was exploited, and provide recommendations on how to avoid data breaches in SAP systems.
dcff6a0ea2091f5fe7bffdc14f8099eaff07f1cd9faee672d80b8d8bfb1b39fbThe research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4fThis paper is simply a large collection of code snippets that can be leveraged when building/designing exploits.
8c5a1d0f7b26d5df5b5a8f3bd678e2f8b74dca78a2b8d965e4b11b2712ac8f55This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.
0ddf38fc9a6ebf83ee98eff187bf56078b44d152d0cee625cb886a34f9cce193In this paper, they authors present an implementation vulnerability found in some popular social login identity providers (including LinkedIn, Amazon and Mydigipass.com) and show how this vulnerability allowed them to impersonate users of third-party websites.
acd7f10d948ec0bd229808e6ce9cbdcb95ea98fae082067f187f1c0429619fbdThis whitepaper discusses exploitation of CVE-2014-4113 on Windows 8.1.
347b65c62cf9b21ce7a51217f70945df6a72439a4ef09808f6143d9103ce6fc4This is a brief whitepaper that provides an analysis of account lockout schemes used to prevent bruteforce attacks.
8e18db6be674d94c9a87db4b797085812ec8e170e75ee52055331ec7fa17383eWhitepaper called HTML5 Modern Day Attack and Defence Vectors. This paper analyzes most of the features introduced in HTML5 along with the vulnerabilities each feature introduces.
8513f4316667a90362b7aad6528db9107c77904abf213c45d1e612037dd3eaf3This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.
e01e929f0159f35636b57ccb14d23133cee0871e331625923ed2e065e0033b49The purpose of this paper is to learn the basics of 64 bit-based buffer overflows.
92b364bc1b263acbd077dd7cedc3f52b9435792bd5f47a3ac4db9084521cb9bfThis is a whitepaper that goes into detail on downloading configuration files and exploiting the TP-Link TD-W89.
2dfc73d9ef994b03b446f888c6817b5c32e2be979c223712e3c435c81878b3b7This article goes into detail on how to overflow a custom heap in Microsoft Windows 7.
da85d1c71e43d3dd424e4a8554fff860e473083210aa9ad816da6ab171e9b515
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed