This whitepaper illustrates exploitation of an insufficient data validation vulnerability in the Chromium framework.
b518b651332d5b50eee9efb4b357a5e396fada0eba42899f6a54932aabdff483
This research paper explains how to take advantage of windows services, how to mimic display names to deploy malicious beacons or even Meterpreter sessions.
e1a4a62a90edd81fc9429eb3e16e8be7198bf5bc28a6abec8b729d347a942b26
This e-book gives an overview of how to approach assessing WordPress plugins for vulnerabilities and common vectors of attack.
e66d1b3feb40251693712a7381b3bf18fb112a40e5a99d570e55530e8cadfbfa
This is a research paper that gives an overview of cracking pi-hole password hashes.
687155fdc445a42788cc41d3f903e89b54bbc18bb85f359808d45b10b2e51fe3
Whitepaper called Truth of Cross Site Scripting. It gives an overview of types of cross site scripting and how the attacks are achieved.
289402d119429de05aaa98fba905a55adee29689c0309d7affdd2e784a584b23
Whitepaper called Windows Win32k Elevation of Privilege Vulnerability. It details exploitation and an overview of CVE-2021-1732.
a9380503b2a681de62499f1daeafb145966439dc2c08d757cb57d440409aaee2
Whitepaper giving an overview of a remote code execution vulnerability that exists in CMS Made Simple version 2.2.13.
e8e543b0e7f3d1f441248d328301c18373431ac24f8ad36bc50bc9bebcac44d8
Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ec
This is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
599c840a9119e2c8108281701779707886926208b2da13457cc0150074c5afdf
This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.
6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6
Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.
0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216
This whitepaper discusses Pass The Hash attacks as well as the tooling needed to perform the attacks.
ec69b15d93c1429aef8bc4c36038e8b2055bb2f82cb8cb843752e4ecc59664ae
Whitepaper called Hacking HTTP CORS.
b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cb
Whitepaper called Root Detection Bypass with frida-push and Objection for iOS and Android. Written in Turkish.
45f36c6bf6ed685564a83d35c56a32d92feeddf07e9da89b13871d883ea28671
This document covers all the basics of the Kerberoasting attack scenario.
b1100054cd4edc0cd0e59268145f39abcbafebb328532a057a664c8d0aaf6292
This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.
6eb50e642bf60986949377d3cf9480a50a174c8fad96ba2c4c26a7647052ca46
This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670c
This is a brief whitepaper that discusses wordlists, where to get them, and when to use them.
89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31
This is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92
This is a whitepaper called WordPress Plugins Analysis.
d0c46ffe0b264d4c36f2a1a05d4c226cc68de98deaf9573d56409ad0026d1d33
In this paper, the authors show that under realistic assumptions, it is indeed possible to bypass TRR directly from JavaScript, allowing attackers to exploit the resurfaced Rowhammer bug inside the browser. In addition, their analysis reveals new requirements for practical TRR evasion. For instance, they discovered that activating many rows in rapid succession as shown in TRRespass may not always be sufficient to produce bit flips. The scheduling of DRAM accesses also plays an important role.
47dfe422ce30e7bc84f40aade82f759d07d143dca97cf56e443b984812de680a
The video gaming industry is a popular target for various threat actors. Players as well as studios and publishers themselves are at risk for both opportunistic and targeted cyber-attacks - tactics range from leveraging fake APKs of popular mobile games, to compromising accounts for resale. Even APT (Advanced Persistent Threat) actors have been known to target the video gaming industry.This report will examine a hacking tool being promoted for use against gamers by masquerading as a cheat for Call of Duty: Warzone. This particular tool is considered a dropper, a piece of malware that is used to install or deliver an additional payload, such as credential stealing malware, on a target system or device. A dropper is a means to an end, rather than the end itself - but still is a critical link in the chain. The dropper examined in this report, "Cod Dropper v0.1", can be customized to install other, more destructive, malware onto the targets' machines.
5e38513aae0103e12649461665c14fa46a5772acb881d5395611526d1a436917
This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37beb
This whitepaper provides information about how you can hack JWT tokens for fun and profit.
7368748618b4cd6f33d0da05f3cabc301392721ae3b26c2284f7a0e648b15957
Whitepaper that discusses XXE exploitation via file uploads.
7c6849a41692d2abfdae193b26658ffc1ed539af111174b955d5ba020dc87949