This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.
e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
This whitepaper covers a new technique that utilizes DLL injection to inject a custom DLL into a running vulnerable process to add a POP POP RET sequence in the scenario that the vulnerable program does not include any null byte free sequences. This is a useful technique to exploit SEH buffer overflow attacks successfully.
74df8ee5ae7f9410a55a3ced1546454f896ed3cdd356c8ffd56a51dee01fc0db
Whitepaper called Web Application Firewall Bypass Methods. Written In Turkish.
de3d6eb771b386a81807a989fe41fcd824480b3c78ac572e1d065e0f3b1e087a
Whitepaper called Polymorph: A Real-Time Network Packet Manipulation Framework.
118f42ea90b2cc6b9facac454524602580cde922f0c07097d8bf647d67feb837
This whitepaper documents shortcomings in various popular web application firewalls (WAFS) and how to trigger cross site scripting attacks regardless of the protections in place. Covered are F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, and Barracuda WAF.
c38f62eb042bf845f286dc56c557e0a4422de464a3d9658b8fd2d013a1a708c2
Whitepaper called How to Bypass SafeSEH and Stack Cookie Protection. Written in Turkish.
e050272b732f5a854bc507f634721ef4c4a1a90ef89177a48991c3eb78e4209f
This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.
d04d9dc9ed267c9142d78a1a35f38d8397df4345faa4d26a2221dd442c5ad695
This is a whitepaper discussing the bypassing of Clamwin Antivirus. Written in Azerbaijan.
98bc6e18cd7a7451a7a16c334edae8e56514a14d1cb46d89f1f663f542990e1d
This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.
65acaee3edb30787203ec67ebd4b8e85f2ced5170a1f786efb797a9df09856b3
This whitepaper discusses bypassing the Comodo firewall using port redirection. Written in Portuguese.
1aae4d3b68d9f1c818f8fd73d03673625c1ed7397ed0155553baed0d97a61b2e
This is a brief whitepaper detailing how to bypass the Avast! sandbox using alternate data streaming.
586680dac0f8f3d57c5eef0b2ad0936aa1ccd4bdf17ed5704a5051a36a13ff3f
This is a whitepaper called Bypassing Spam Filter Using Homographs. Some generation code is also included.
53ce87d77ad354d381340e51d46995bbf63257ebb4dd4ce48fd728ce00168df1
Most modern day Operating Systems include some form of memory protection such as DEP and ASLR. This article focuses on ASLR, its implementation, limitations and finally various techniques which can be used to circumvent the protection.
de3faada87e1bd7b6c844f2b8479cf643993f49918b07823dfb93f24683b904d
This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
db7da31673402422788bf435e51bb26cce80674800f01ecfb89ff9f49608d751
Whitepaper called SafeSEH+SEHOP all-at-once bypass exploitation method principles.
209ec6ec9584ba32640f53ad2c68e710468e453169d11ebbd3a1605912e0684a
Whitepaper called Evading Antimalware Engines via Assembly Ghostwriting.
c69ca241db8929c1badf0a2febd49a571ceddd5755b5f32dd8ef44146ffadb5c
Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.
5c3994059d8384faf17163e5cb49cd471cedb061f14e2c2b7ef3cdb5ce5724aa
Whitepaper called Bypassing IDS with Return Oriented Programming. It heavily discusses and shows the point of leveraging polymorphic shellcode in order to bypass detection.
7b4233a85e4bc362abaaeaf8b2d2687ed81a3db3a7a699bbe6949214aeb66bae
Whitepaper called Bypassing ASLR/DEP. It discusses techniques to bypass these security mechanisms and how custom shellcodes are developed.
19d0d0eeefb330797d6b704b3e34af8e0a45d1f512f2906ecc92ca8068e83e5d
Using the attacks in this paper allows you to bypass all of PHPIDS's rule sets, which defeats all protection PHPIDS can provide. Furthermore, on a default install of PHPIDS the log file can be used to drop a PHP backdoor. This can use PHPIDS as a vital steping stone in turning an LFI vulnerability into remote code execution. The end result is that use of PHPIDS 0.6.5 can make you less secure. All of these issues have been fixed in version 0.7.
4e80f010f2e100b6cc954b44c4b4a7f65f2ce4d15ff9f32967990f6eb5333cab
Whitepaper called Defeating DEP (Data Execution Prevention) through a mapped file.
c08d113619ee176b7898ecf1686249bd2ae760e23e531cd3578f20b4101f6a2b
This whitepaper details the ins and outs of return-oriented programming and DEP bypass.
cd7c52e6aacd9baf229c258107646cd9b87b0fd8eebc7072ca57f5903e148874
Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
f469442a5a92bed1a1086a83f8aebc86f786d426e10337f16a54d94b71969b8e
Whitepaper called Bypassing Anti-Virus Scanners.
8919103e539f8e08d30103803a77e6ad632dce79dedb8e58ee5be3b8dbcbf8c6
Whitepaper called Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode.
dbb6ec4dcc2c9fc40144c8ec59fdeb2ca61452a22cb209fdf2e7903079ab80b1