Twenty Year Anniversary
Showing 1 - 25 of 38 RSS Feed


CryptoPHP - Analysis Of A Hidden Threat Inside Popular Content Management Systems
Posted Nov 20, 2014
Authored by Barry Weymes, Maarten van Dantzig, Yonathan Klijnsma, Lennart Haagsma, Yun Zheng Hu

CryptoPHP is a threat that uses backdoored Joomla, WordPress, and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

tags | paper
MD5 | 4426e472a4179f2beeaf26dbef24f364
Nazca: Detecting Malware Distribution In Large-Scale Networks
Posted Feb 18, 2014
Authored by Prof. Giovanni Vigna, Christopher Kruegel, Stanislav Miskovic, Ruben Torres, Luca Invernizzi, Marco Mellia, Sung-Ju Lee, Sabyasachi Saha

Whitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.

tags | paper
MD5 | 28f74d9399ea0dfdc416e0247083fd64
TP-Link Cross Site Request Forgery Analysis
Posted Oct 30, 2013
Authored by Jakob Lell | Site

This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.

tags | paper, csrf
MD5 | c0a3524a490f09fa505fa967307a389e
CloudFlare Versus Incapsula: Round 2
Posted Oct 30, 2013
Authored by LiquidWorm, Humberto Cabrera, Stefan Petrushevski | Site

This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.

tags | paper, web
MD5 | e34c141844b6ea5bac3471427cb3e902
Worm: VBS/Jenxcus.A Malware Report
Posted Aug 20, 2013
Authored by Rick Flores

This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as VBS/Jenxcus.A.

tags | paper
MD5 | e8f667fd47ee9fff424c5b1fe5f11ee5
TrojanDropper.Win32-Rovnix.l Malware Report
Posted Aug 19, 2013
Authored by Rick Flores

This whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as TrojanDropper.Win32-Rovnix.l.

tags | paper
systems | windows
MD5 | 96aa65eb70f902e0fcafa371aef14249
APT1: Technical Backstage
Posted Apr 9, 2013
Authored by Paul Rascagneres

This is an analysis of APT1 that was inspired by the original work from Mandiant.

tags | paper
MD5 | aa3c3157a2336623d96a7e2fa57fec02
Java Applet CVE-2012-5076 Analysis
Posted Dec 3, 2012
Authored by KAIST CSRC

This document is a detail analysis of the Java applet vulnerability as noted in CVE-2012-5076.

tags | paper, java
advisories | CVE-2012-5076
MD5 | d0ecc314d015826f16c87e2f4c4ea017
CheckPoint / SofaWare Firewall Vulnerability Research
Posted Nov 2, 2012
Authored by ProCheckUp, Richard Brain | Site

This paper is the result of various security assessments performed on several CheckPoint/SofaWare firewalls in both a controlled (computer lab) and production environments during several penetration tests. Several different CheckPoint/SofaWare firewall models were purchased for testing in their computer lab. By having full access to the target devices, it becomes possible to discover new vulnerabilities that could be missed during a standard unauthenticated penetration test.

tags | paper, vulnerability
MD5 | 4a8958e1f542a11320bad75718792819
Adobe Flash Player Integer Overflow Analysis
Posted Oct 12, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site

This whitepaper is a thorough analysis of the Adobe Flash Player integer overflow vulnerability and documented in CVE-2012-1535.

tags | paper, overflow
advisories | CVE-2012-1535
MD5 | 2f7b202a79782317c94735df44d55943
MS IE CVE-2012-4969 Analysis
Posted Oct 10, 2012
Authored by KAIST CSRC

This document is an analysis of the Microsoft Internet Explorer use-after-free vulnerability as noted in CVE-2012-4969.

tags | paper
advisories | CVE-2012-4969
MD5 | cd569ca592a6bd5f3ce9778ff0baf3a2
Oracle Java Applet SunToolkit.getField Method Remote Code Execution
Posted Sep 15, 2012
Authored by Minsu Kim, Hyunwoo Choi, Hyunwook Hong, Changhoon Yoon

This document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.

tags | paper, java, remote, code execution
advisories | CVE-2012-4781
MD5 | a30f6942df60bfd5825077b8aa0e8f00
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
MD5 | 741c90380aa6aebee7cb9f986b50390b
CVE-2012-1889: Security Update Analysis
Posted Jul 23, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.

tags | paper
systems | windows, xp
advisories | CVE-2012-1889
MD5 | a0d1c207cb55892da09387080f48352a
Browser Security Comparison: A Quantitative Approach
Posted Dec 10, 2011
Authored by Ryan Smith, Chris Valasek, Paul Mehta, Charlie Miller, Shawn Moyer, Joshua Drake | Site

Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.

tags | paper
MD5 | 264a3b0c9d9007c6544319b4853db82a
Posted Jun 19, 2008
Authored by Jaime Blasco | Site

A whitepaper called An Approach To Malware Collection Log Visualization.

tags | paper
MD5 | 68451305fcf376b8af541a299bd57cc1
Posted Jul 31, 2007
Authored by Andy Davis - IRMPLC, Phil Huggins | Site

This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.

tags | paper
MD5 | cfb45eac3e565e1e32e3b0effda2bb2c
Posted Jul 20, 2006
Authored by Gadi Evron, Kfir Damari, Ami Chayun | Site

Analysis whitepaper detailing Cyber-terrorism defacement attacks on pro-Israeli servers by Team Evil.

tags | paper
MD5 | cd58676a855e3110470539b1f2e283ce
Posted Apr 29, 2006
Authored by Markus Jansson | Site

A paper discussing the various vulnerabilities in DNS: "The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all."

tags | paper, vulnerability, protocol
MD5 | c8abc61b42b138d3c3d926fb910adcba
Posted Jan 21, 2006

The Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls.

tags | paper, web
MD5 | 4d4eda95d3d204f066c8b918b4bd33df
Posted Nov 15, 2005

GAO Report - Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed.

tags | paper
MD5 | 8eeefc7fddcce2eed5072ec24aaa324e
Posted Dec 30, 2004
Authored by Ben Lentz

Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances.

tags | paper
MD5 | 22e306314aff01e51ae946c5cbdafa36
Posted Nov 15, 2003

A paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one.

tags | paper
MD5 | a814500ef04667c489c0b172464fef6e
Posted Jul 6, 2003
Authored by Brien M. Posey | Site

A paper released by Relevant Technologies discussing ways and means to combat Spam using various filters available.

tags | paper
MD5 | c45d69b733a6f9e11eed6ebf8d0284bb
Posted Feb 2, 2001
Authored by Richard Bejtlich | Site

Network Intrusion Detection of Third Party Effects v1.0.1 - This paper describes "third party effects," generally caused by adversaries spoofing your IP addresses while attacking an unrelated victim. The events are explained from the points of view of the three parties: the first party (the adversary), the second (the victim), and you, the third party (the bystander whose IPs were spoofed.) The paper includes packet captures, diagrams, and material not originally presented in the author's "Interpreting Network Traffic," such as a comparison of SYN vs ACK floods.

tags | paper, spoof
MD5 | 57e6dc93138b9ca825a94fd48e4825b3
Page 1 of 2

Top Authors In Last 30 Days

Recent News

News RSS Feed
Scottish Brewery Recovers From Ransomware Attack
Posted Sep 21, 2018

tags | headline, malware, scotland
Romanian CCTV Ransomware Culprit Admits Guilt
Posted Sep 21, 2018

tags | headline, government, malware, usa, fraud, romania
Thousands Of WordPress Sites Backdoored With Malicious Code
Posted Sep 21, 2018

tags | headline, hacker, malware, flaw, wordpress
Facebook Told To Speed Up Changes Or Face Sanctions
Posted Sep 21, 2018

tags | headline, government, privacy, facebook, social
Equifax Fined By ICO Over Data Breach That Hit Britons
Posted Sep 20, 2018

tags | headline, privacy, britain, data loss, fraud, identity theft
Hackers Steal Credit Cards From Newegg, Researchers Say
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, data loss, fraud
Mirai Botnet Creators Praised For Helping FBI, Won't Serve Prison Time
Posted Sep 19, 2018

tags | headline, hacker, government, malware, usa, botnet, fbi
US State Department Confirms Staff Email Hack
Posted Sep 19, 2018

tags | headline, hacker, government, privacy, email, usa, data loss, cyberwar
Hackers Peddle Thousands Of Air Miles On The Dark Web For Pocket Money
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, fraud
US Judge Allows E-Voting Despite Hack Fears
Posted Sep 19, 2018

tags | headline, government, usa, fraud, flaw
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By