what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 344 RSS Feed

Files

Introduction To Android Malware Analysis
Posted Apr 29, 2014
Authored by Ugur Cihan KOC

This whitepaper provides an overview of the tools used in order to analyze malware on Android.

tags | paper
SHA-256 | 768a61b28e90178964b682b152e60eca11af1e5d5bb90aff633a7c86d60fa152
Uploading PHP Shell Through SQL Injection
Posted Mar 20, 2014
Authored by 6_Bl4ck9_f0x6

This is a whitepaper that goes into detail on how a PHP shell can be uploaded when leveraging SQL injection.

tags | paper, shell, php, sql injection
SHA-256 | 4bd1b56e632e868443ab5b6f7e07a054ee3c7586c9391af4c31b235f0d5348db
Heap Spraying Whitepaper
Posted Feb 25, 2014
Authored by 6_Bl4ck9_f0x6

This whitepaper discusses heap spraying. Written in Portuguese.

tags | paper
SHA-256 | 4d45d4dd1363f5031cde304561cd53549c288ebffe7ac68449637f119a2fbfcc
Owning A CA Control Access Server
Posted Feb 20, 2014
Authored by Sanehdeep Singh

This whitepaper documents how to compromise CA ControlMinder versions 12.5, 12.6, and 12.6 SP1 running JBoss version 4.2.2.GA.

tags | paper
SHA-256 | d79c4e8b7e01e49acdda05ad5eceda4f0bf7d0d76f4b960c5d9135475bebc7d6
Rooting Windows Server Using PHP Meterpreter Webshell
Posted Feb 5, 2014
Authored by Hasan Sharukh, Anshul Gupta

This whitepaper discusses rooting windows server using the PHP Meterpreter Webshell in Metasploit.

tags | paper, root, php
systems | windows
SHA-256 | 969178f6ff5208ad667a07134dd268f1f3afb8fbcc598cfc6a4095ef57d2b50b
Smashing Bitcoin BrainWallets For Fun And Profit
Posted Jan 30, 2014
Authored by Simo Ben Youssef

This whitepaper discusses how attackers use dictionary-based brute-force attacks to steal other people's bitcoins. Proof of concept tools are included.

tags | paper, proof of concept
SHA-256 | d3b473fd72aba55764c5b793c9300a33b4bc94411e4282b14f400213f149aa0d
Heap Spraying - Active-X Controls Under Atatck
Posted Jan 17, 2014
Authored by Ashfaq Ansari

This is a whitepaper that discusses using heap sprays with vulnerable active-x controls.

tags | paper, activex
SHA-256 | 182912d0e8bbbc850abf4281ee8356d5767b5cb9c7194c7bbfc2b5eab415ddae
Practical Malleability Attack Against CBC Encrypted LUKS Partition
Posted Dec 23, 2013
Authored by Jakob Lell | Site jakoblell.com

The most popular full disk encryption solution for Linux is LUKS (Linux Unified Key Setup), which provides an easy to use encryption layer for block devices. By default, newly generated LUKS devices are set up with 256-bit AES in CBC mode. Since there is no integrity protection/checksum, it is obviously possible to destroy parts of plaintext files by changing the corresponding ciphertext blocks. Nevertheless many users expect the encryption to make sure that an attacker can only change the plaintext to an unpredictable random value. The CBC mode used by default in LUKS however allows some more targeted manipulation of the plaintext file given that the attacker knows the original plaintext. This article demonstrates how this can be used to inject a full remote code execution backdoor into an encrypted installation of Ubuntu 12.04 created by the alternate installer (the default installer of Ubuntu 12.04 doesn't allow setting up full disk encryption).

tags | paper, remote, code execution
systems | linux, ubuntu
SHA-256 | 83e0e48a068a6889d9cec9e057406641dd9d38932ce22381b3c16a767ef73656
Owning Render Farms Via NVIDIA Mental Ray
Posted Dec 10, 2013
Authored by Luigi Auriemma, Donato Ferrante

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

tags | paper
SHA-256 | 775f48d6630d6aac147c8f09fc15e01a82cf693584d38a901be40b58fff0f320
Fuzzing And Software Vulnerabilities Part 1
Posted Oct 24, 2013
Authored by Ibrahim Balic

This is a whitepaper discussing fuzzing and software vulnerabilities. This is part one. It is written in Turkish.

tags | paper, vulnerability
SHA-256 | 29c607fe9abef0fbc5dd236320bcc02b3b1b6084b7be47b5e412136cdbb1b06f
XPATH Injection
Posted Oct 2, 2013
Authored by Chetan Soni

This is a brief whitepaper that covers XPATH injection attacks and use cases.

tags | paper
SHA-256 | 72d2972397b3492bd0d1d375cb0e92be5b5ce54c9372c0809f8b6dc6a39cc58d
Return-to-libc Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing return-to-libc exploitation.

tags | paper
SHA-256 | f1935f980e5eab5d3c4772be6b97efb487d82c08b13fc527519a912c04c08094
Integer Overflow / Underflow Exploitation Tutorial
Posted Sep 24, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses integer overflows and underflows.

tags | paper, overflow
SHA-256 | 9b9f3ebcd70a62a4189cceeaf49edd91a6d027ae60c29bc9f51bfd8eb1a1f3fa
Format String Exploitation Tutorial
Posted Sep 23, 2013
Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses format string exploitation.

tags | paper
SHA-256 | 1544465d9c53bc46b45f199277e5af8bfc93c0c6d2f40f5ff2478c2db9d3714b
Off-By-One Exploitation Tutorial
Posted Sep 23, 2013
Authored by Saif El-Sherei

This whitepaper is called Off-By-One Exploitation Tutorial. The off by one vulnerability in general means that if an attacker supplied input with certain length if the program has an incorrect length condition the program will write one byte outside the bounds of the space allocated to hold this input causing one of two scenarios depending on the input.

tags | paper
SHA-256 | 5f0e7988d1f9efa82633300226d7ad14a89ebbc4f3ad3eb4a3d67306232ea70c
Return-Oriented-Programming
Posted Sep 23, 2013
Authored by Saif El-Sherei

Whitepaper called Return-Oriented-Programming (ROP FTW).

tags | paper
SHA-256 | 0df3dba7ba4fbf596b77ccb6bcaf64bddf65e2fae569ec24d7481f4b6ce3f8b6
Metasploit - The Exploit Learning Tree
Posted Aug 29, 2013
Authored by Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

tags | paper
SHA-256 | 8053bf6927fee92962392df083a57d2a8ab44f95c200a4b5ef0d6c585cbd073d
Smashing The Stack, An Example From 2013
Posted Aug 18, 2013
Authored by Benjamin Randazzo

This whitepaper goes into detail on exploitation techniques to bypass modern security mechanisms cerated to mitigate the common buffer overflow in Linux.

tags | paper, overflow
systems | linux
SHA-256 | a28077f3efc10afd982560236f8d1705726408966a2cf3ce78caa1d0357240c4
Exploiting Add-Ons In Mozilla Firefox
Posted Aug 15, 2013
Authored by SixP4ck3r

These are presentation slides for Explotando Add-On's de Mozilla Firefox, or Exploiting Add-Ons in Mozilla Firefox. Written in Spanish.

tags | paper
SHA-256 | be5a0d2d8734ba09d02081c9ed082df4f7e9d69db609f8de7bd83cb6ceeee9dc
Windows Meterpreter-less Post Exploitation
Posted Jun 7, 2013
Authored by Sanoop Thomas

This whitepaper explores the post exploitation of Metasploit using a generic shell rather than the meterpreter shell.

tags | paper, shell
SHA-256 | 90af38e7b5b9001e07a318bfb68c614d438e23240e28c77f04d62899a4c03353
WebSockets Penetration Testing
Posted Apr 26, 2013
Authored by Robert Koch

This is a whitepaper called On WebSockets in Penetration Testing. It goes into detail discussing the vulnerability attack surface with WebSockets and the complications involved for penetration testing.

tags | paper
SHA-256 | a8b8492359ecd117e96f3ad36d86915bffba40beab8909428765442c3848ab6b
Data-Clone - A New Way To Attack Android Apps
Posted Mar 18, 2013
Authored by 80vul | Site 80vul.com

This papers discusses a new way to attack Android applications for bypassing password authentication.

tags | paper
SHA-256 | 4132d9e71ac1fd9c393ea9bc250f95b0a17cdfbbd0646e28fbc5128e126e40e9
The Pentester's Guide To Akamai
Posted Mar 14, 2013
Authored by Darren McDonald | Site nccgroup.com

This paper summarizes the findings from NCC's research into Akamai while providing advice to companies wishing to gain the maximum security when leveraging their solutions.

tags | paper
SHA-256 | 87bf6bdbd4a217dca83340b5158fe1ee1bc60e71894efd187434a3521fc29c37
Attacking Xerox's Multifunction Printers Patch Process
Posted Feb 28, 2013
Authored by Deral Heiland | Site foofus.net

Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.

tags | paper, root
SHA-256 | 3688be93b27c1a23060fa014deca9150f7f3ac8484e3acd5427b36fec7c66906
How To Hack A Website With Metasploit
Posted Feb 20, 2013
Authored by Sumedt Jitpukdebodin | Site r00tsec.blogspot.com

This article discusses how to use Metasploit for scanning, crawling, and attacking web applications.

tags | paper, web
SHA-256 | f1cc7c7ac8d8fc3a74105e7d8d02584bf9e083b1aa1fc066326798f75e73ec12
Page 3 of 14
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close