This whitepaper illustrates exploitation of an insufficient data validation vulnerability in the Chromium framework.
b518b651332d5b50eee9efb4b357a5e396fada0eba42899f6a54932aabdff483This research paper explains how to take advantage of windows services, how to mimic display names to deploy malicious beacons or even Meterpreter sessions.
e1a4a62a90edd81fc9429eb3e16e8be7198bf5bc28a6abec8b729d347a942b26This e-book gives an overview of how to approach assessing WordPress plugins for vulnerabilities and common vectors of attack.
e66d1b3feb40251693712a7381b3bf18fb112a40e5a99d570e55530e8cadfbfaThis is a research paper that gives an overview of cracking pi-hole password hashes.
687155fdc445a42788cc41d3f903e89b54bbc18bb85f359808d45b10b2e51fe3Whitepaper called Truth of Cross Site Scripting. It gives an overview of types of cross site scripting and how the attacks are achieved.
289402d119429de05aaa98fba905a55adee29689c0309d7affdd2e784a584b23Whitepaper called Windows Win32k Elevation of Privilege Vulnerability. It details exploitation and an overview of CVE-2021-1732.
a9380503b2a681de62499f1daeafb145966439dc2c08d757cb57d440409aaee2Whitepaper giving an overview of a remote code execution vulnerability that exists in CMS Made Simple version 2.2.13.
e8e543b0e7f3d1f441248d328301c18373431ac24f8ad36bc50bc9bebcac44d8Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ecThis is a whitepaper that details exploitation of the XAMPP file overwrite vulnerability.
599c840a9119e2c8108281701779707886926208b2da13457cc0150074c5afdfThis paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.
6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.
0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216This whitepaper discusses Pass The Hash attacks as well as the tooling needed to perform the attacks.
ec69b15d93c1429aef8bc4c36038e8b2055bb2f82cb8cb843752e4ecc59664aeWhitepaper called Hacking HTTP CORS.
b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cbWhitepaper called Root Detection Bypass with frida-push and Objection for iOS and Android. Written in Turkish.
45f36c6bf6ed685564a83d35c56a32d92feeddf07e9da89b13871d883ea28671This document covers all the basics of the Kerberoasting attack scenario.
b1100054cd4edc0cd0e59268145f39abcbafebb328532a057a664c8d0aaf6292This documents discusses using the ffuf tool, which stands for Fuzz Faster U Fool.
6eb50e642bf60986949377d3cf9480a50a174c8fad96ba2c4c26a7647052ca46This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670cThis is a brief whitepaper that discusses wordlists, where to get them, and when to use them.
89e78120ceaeb9a64b5808490e77eb00fad19d19fe3106904104df63dfb37a31This is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92This is a whitepaper called WordPress Plugins Analysis.
d0c46ffe0b264d4c36f2a1a05d4c226cc68de98deaf9573d56409ad0026d1d33In this paper, the authors show that under realistic assumptions, it is indeed possible to bypass TRR directly from JavaScript, allowing attackers to exploit the resurfaced Rowhammer bug inside the browser. In addition, their analysis reveals new requirements for practical TRR evasion. For instance, they discovered that activating many rows in rapid succession as shown in TRRespass may not always be sufficient to produce bit flips. The scheduling of DRAM accesses also plays an important role.
47dfe422ce30e7bc84f40aade82f759d07d143dca97cf56e443b984812de680aThe video gaming industry is a popular target for various threat actors. Players as well as studios and publishers themselves are at risk for both opportunistic and targeted cyber-attacks - tactics range from leveraging fake APKs of popular mobile games, to compromising accounts for resale. Even APT (Advanced Persistent Threat) actors have been known to target the video gaming industry.This report will examine a hacking tool being promoted for use against gamers by masquerading as a cheat for Call of Duty: Warzone. This particular tool is considered a dropper, a piece of malware that is used to install or deliver an additional payload, such as credential stealing malware, on a target system or device. A dropper is a means to an end, rather than the end itself - but still is a critical link in the chain. The dropper examined in this report, "Cod Dropper v0.1", can be customized to install other, more destructive, malware onto the targets' machines.
5e38513aae0103e12649461665c14fa46a5772acb881d5395611526d1a436917This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37bebThis whitepaper provides information about how you can hack JWT tokens for fun and profit.
7368748618b4cd6f33d0da05f3cabc301392721ae3b26c2284f7a0e648b15957Whitepaper that discusses XXE exploitation via file uploads.
7c6849a41692d2abfdae193b26658ffc1ed539af111174b955d5ba020dc87949
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed