Exploit the possiblities
Showing 1 - 25 of 814 RSS Feed


Bypassing Browser Security Policies For Fun And Profit
Posted Nov 6, 2017
Authored by Rafay Baloch

In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.

tags | paper, spoof
MD5 | ae67f5ff17aa89a494c33e64468b75e0
Hacksys Extreme Vulnerable Windows Driver Analysis Part 1
Posted Oct 19, 2017
Authored by Alireza Chegini

Whitepaper called Hacksys Extreme Vulnerable Windows Driver Analysis. Part 1 of a series. Written in Arabic.

tags | paper
systems | windows
MD5 | c6aaef0e16af84719f2f55fdbf70e8db
Code Injection - HTML Injection
Posted Sep 4, 2017
Authored by Shritam Bhowmick

Whitepaper that discussions both code and html injection attacks.

tags | paper
MD5 | 8a32755f82e4b581a5491e4fbe4cb3af
Offensive And Defensive PowerShell
Posted Aug 28, 2017
Authored by Halil Dalabasmaz

Whitepaper called Offensive and Defensive PowerShell. Written in Turkish.

tags | paper
MD5 | 7be9cc28ce3b4845f5306c8fc586420d
Hidden Network: Detecting Hidden Networks Created With USB Devices
Posted Jul 13, 2017
Authored by Francisco Jose Ramirez Vicente, Pablo Gonzalez Perez

Whitepaper called Hidden Network: Detecting Hidden Networks created with USB Devices.

tags | paper
MD5 | 40432b7a852ac9dc2303afdfbd464da4
SYN Flood Attack For IP Cisco Phone
Posted Jul 3, 2017
Authored by Regis Deldicque

Whitepaper called SYN Flood Attack for IP Cisco Phone. Written in French.

tags | paper
systems | cisco
MD5 | d236839b9f4ea29e19d287fe756a995a
Fully Undetectable Malware
Posted Jun 26, 2017
Authored by Alessandro Groppo

Whitepaper called Fully Undetectable Malware. Translated to English.

tags | paper
MD5 | d68cb4f5d9b821df21203ba5a14b4e8a
Introduction To Honeypots
Posted Jun 24, 2017
Authored by Ahmed Al Mutairi

This whitepaper gives an introduction to honeypots. Written in Arabic.

tags | paper
MD5 | fec929e7e01e1bfea85418af51150cf1
Web Application Penetration Testing Techniques
Posted Jun 15, 2017
Authored by Ahmed Al Mutairi

This is a brief whitepaper written in Arabic that gives some examples of tools that can be used to hack systems.

tags | paper
MD5 | 572bf4e683d8f97acf40bb8d297c0758
Exploit Shellcode Development
Posted Jun 13, 2017
Authored by Fatih Emiral

Whitepaper called Exploit Shellcode Development. Written in Turkish.

tags | paper, shellcode
MD5 | 46d75f2c7f2809cec71ad9419f75edc1
Introduction To Manual Backdooring
Posted May 25, 2017
Authored by abatchy17

Whitepaper called Introduction to Manual Backdooring.

tags | paper
MD5 | 30829082cfceb91b0d00c9a317f9509a
Microsoft Azure Cloud Audit Using Powershell
Posted May 23, 2017
Authored by Parag Kamra

This brief whitepaper discusses using Powershell to audit Microsoft Azure Cloud.

tags | paper
MD5 | 562a9d145b27b96c4f8e9dd276fc0cbe
Stealing Windows Credentials Using Google Chrome
Posted May 18, 2017
Authored by Bosko Stankovic

This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

tags | paper
systems | windows
MD5 | a16cf3db1d86c6bd43dd6a775f759374
DNS Backchannel
Posted May 12, 2017
Authored by Finn Steglich

This whitepaper discussing using the Domain Name System (DNS) to communicate with hosts in separated networks using the open source tool outis.

tags | paper
MD5 | 65b92759a9b48cee3f0a1add8bbab003
BluedIoT: When A Mature And Immature Technology Mixes, Becomes An Idiot Situation
Posted May 3, 2017
Authored by Gerard Fuguet

Whitepaper called BluedIoT: When a mature and immature technology mixes, becomes an "idiot" situation.

tags | paper
MD5 | 354a4d6912f8718e27ab4e72caee78c9
A Review Of Fuzzing Tools And Methods
Posted Apr 8, 2017
Authored by James Fell

This paper reviews fuzzing and its context within the field of information security research. We firstly examine how vulnerabilities come to exist in software and how security researchers find them. After a brief overview of common vulnerability types and methods of static analysis, we look in more depth at the field of fuzzing. Competing approaches to fuzzing are examined, from simple random inputs all the way to using genetic algorithms and taint analysis. The importance of measuring code coverage to evaluate the completeness of a fuzzing campaign is examined. Finally, previous work on fuzz testing of web browsers is reviewed.

tags | paper, web, vulnerability
MD5 | 05ec78341cba442fad300cb679ddfbf5
Art Of Anti Detection 3
Posted Mar 20, 2017
Authored by Ege Balci

Whitepaper called Art of Anti Detection 3 - Shellcode Alchemy.

tags | paper, shellcode
MD5 | 64ff3c0796f34131b1d9f45424cafb8b
RSA Asymmetric Polymorphic Shellcode
Posted Feb 27, 2017
Authored by Jesus Garcia

Whitepaper called RSA Asymmetric Polymorphic Shellcode. It discusses how to encrypt and decrypt the opcodes of the shellcode, how the program that decrypts the shellcode was built and how to get the opcodes, and much more.

tags | paper, shellcode
MD5 | 6ef6ad85f67a041f723657484409f983
Analysis Of The Ivyl Sample Kernel Rootkit
Posted Feb 21, 2017
Authored by x90c

This is a whitepaper providing an analysis of the Ivyl sample kernel rootkit. Written in Korean.

tags | paper, kernel
MD5 | 4baeea8a46ff0f645b75fb0fa6a0314f
Exploiting Node.js Deserialization Bug For Remote Code Execution
Posted Feb 9, 2017
Authored by Ajin Abraham

Whitepaper called Exploiting Node.js Deserialization Bug for Remote Code Execution.

tags | paper, remote, code execution
advisories | CVE-2017-5941
MD5 | e708ac9d98283882b75c7545b17f3579
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
MD5 | b7f93b900e475675844e4bcace0d312d
MySQL OOB Hacking
Posted Jan 29, 2017
Authored by Osanda Malith

This is a paper that discussing MySQL OOB hacking techniques under Windows.

tags | paper
systems | windows
MD5 | f927be9e4e0c76f1ea9267c22544c206
Alternative For Information_Schema.Tables In MySQL
Posted Jan 29, 2017
Authored by Osanda Malith

Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.

tags | paper, sql injection
MD5 | 8e6048a99360f0516cf7cb6a2eae3e08
An Overview Of Some Popular Network Anonymity Systems
Posted Jan 25, 2017
Authored by James Fell

This essay takes a look at a selection of network anonymity systems including VPNs, Tor, Freenet and I2P. The different systems are explained and then compared and contrasted with each other. A number of issues are considered for each system including ease of use, popularity, strength of anonymity provided, and potential attacks on the system.

tags | paper
MD5 | edf4b50c5f22ff22e631de9cd3c9e745
Top N Sniff
Posted Jan 20, 2017
Site curesec.com

The goal of this guide is to provide a reliable and fast way for creating a lan tap for red team assessments of networks. While this was the authors' main target this tap is also quite helpful if you want to have a great device for your daily analysis of network attached computers. Before they started with their implementation they made a list of things which were mandatory. The hardware had to be small, have at least two lan ports and wifi, cheap and opensource included or available.

tags | paper
MD5 | ac7778ad5599acc94c816cf3ecd6e044
Page 1 of 33

Top Authors In Last 30 Days

Recent News

News RSS Feed
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By