Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".
1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93ef
Whitepaper titled Circumventing the VA kernel patch For Fun and Profit.
44d8fe292dd2dfdf649b23bd3d8ed9ec98592fff15344d63452c38fc5b4fec57
Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
7dc8e38caef9108f721a21493544a4ba21ddafddf32210c7962320556e319394
Write up discussing Oracle database IDS evasion techniques for SQL*Net.
64438722e11b55e629becc5c145742b7146f0ec202c91870108b9aec9564fdad
Formal write up discussing how arbitrary HTTP requests can be crafted using Flash 7/8 with Internet Explorer.
255a3d2253e2f6988647d919e94f2316e545debac79aa3bd39fd8c4906113f23
Whitepaper discussing the bypassing of script filter with variable-width encodings.
3f758cdb2a9ed75213ae2fa409be10c8c8b216d0491636c6a61a4c332194a72f
Whitepaper titled "Bypassing Oracle dbms_assert".
9f7cfa0b9fa6a325fd9b6f069b22b6795f046e87d923264ea157ee119a0bce84
Whitepaper titled "Forging HTTP Request Headers With Flash".
ea05b3536fe449fc3fedd3dda363fbd5f77eefea62b709a6e4e00a23c016c940
Whitepaper discussing intrusion detection system evasion. It specifically focuses on polymorphic attacks using scmorphism. This document is written in Brazilian Portuguese.
4c01788c64835335cd4d03cfe30a9b30ba0acb96462888063ab547453608b1d0
Whitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.
0edd124aeb55cb3125140eb5cdb86f78449fba1ac22466a4b4325fdf39c92857
Host Fingerprinting and Firewalking With hping - This paper discusses some of the techniques that can be effectively used in host fingerprinting, especially when a host is behind a firewall. Various tools are discussed with hping as a primary focus.
4551fc357bc99a5d90e564c450d8eddd4597186a144d53e9b6e875d61830337f
This whitepaper discusses five creative methods used to overcome various stack protection patches. It focuses on the VA (Virtual Address) space randomization patch that has been integrated into the Linux 2.6 kernel. These methods are not limited to this patch, but rather provide a different approach to the buffer overflow exploiting scheme.
e9f9fca0cde5490a18a26b4d4fb35eaa3fbf6d5db5c35bb6958afad8ec2a7705
x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.
b0c251d6ab0e7d35b001203d842192143611eb73e2e95273a80273ed88afccba
This short paper discusses the method of overwriting a pointer used in a function for the sake of overwriting the associated entry in the Global Offset Table (GOT) which in turn allows for execution flow redirection.
033e7b997e6c0a12776532b8041054d9510d1006941fd5f1cd4d4aaf953be37c
Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
ba3ca0b2cbb2323bf730283ba3e93983b93c16bf657c4a78442e1241f594c2e5
Whitepaper detailing a new way to bypass Microsoft Windows heap protection mechanisms. The methodology explained here is different from the method introduced by Alexander Anisimov.
9a61e882adb5edb01d3de81fa7a37d2cd965a7b01614922c1ceb92e45f8a1500
This technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling.
5ea1e8c04c45276464698ca627370626105e043dcb550f659141545d10bf8160
Cool whitepaper discussing the return into libc attacks used to bypass non-executable stacks.
1ba3c2707f91d623e72b2c5a1148eab35db801819661c3567ab2521765535e5f
This tutorial is an overview of how javascript can be used to bypass html forms and how it can be used to override cookie/session authentication.
f33ef88eca88474ed96f2530c0a55fe5a5ea9ba9b220adc864b72f8b931e4932
White paper discussing blind injection in MySQL databases.
2568609b99d72b2cded11f3ef730395e9c1b010fef3f60bb18963ee2330d136d
The MaxPatrol team has discovered that it is possible to defeat Microsoft Windows XP SP2 heap protection and data execution prevention mechanisms. Full analysis with code provided.
c13c505bd994bd2235753bb15f5a5a562e7f3bccf6d96db1ffa0b5e9e67ca4ab
Whitepaper discussing SQL injection attacks that gives an illustrated overview showing the process of how these attacks are performed.
6919bd7b19365fb970cbb380dd2326a04eff29ffa171b4193991ff4c5c8b30d1
Small paper describing how to add a quick backdoor into the setuid code for the Linux 2.4 kernel series.
d6a0b3435bc1259c10ef9e200f0493134aa6cc54884d849d2d3fd905ee01a0ee
Presentation: Bypassing client application protection techniques with notepad.
e4f987378606cf9b7a1349994610bfb96d53d4405cc8e13e837a7a2766319313
White paper discussing ways to evade detection of polymorphic shellcode.
c51038375bba89296e3a5ecd7c323517a48352d78973a8c34851e6720c2189f0