exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed


Kernel Attacks Through User-Mode Callbacks
Posted Feb 26, 2013
Authored by Tarjei Mandt

In this paper, the author discusses the many challenges and problems concerning user-mode callbacks in win32k. In particular, they show how win32k's dependency on global locks in providing a thread-safe environment does not integrate well with the concept of user-mode callbacks. Although many vulnerabilities related to user-mode callbacks have been addressed, their complex nature suggests that more subtle flaws might still be present in win32k. Thus, in an effort to mitigate some of the more prevalent bug classes, they conclusively provide some suggestions as to how users may protect themselves against future kernel attacks.

tags | paper, kernel, vulnerability
SHA-256 | 51d1563fd83b26e69b8116dfefd3de44db9d463eea1972b575297a33f15a2fc2
RDP Exploitation Using Cain
Posted May 21, 2012
Authored by David J. Dodd

This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.

tags | paper
systems | windows
SHA-256 | a751245239f622e54ca2416bab2aef9e2485eae6f6c4782fd8b7a36a98c54142
A Backdoor In The Next Generation Active Directory
Posted Jan 24, 2012
Authored by Dmitriy Evteev

This is a brief whitepaper called A Backdoor in the Next Generation Active Directory.

tags | paper
SHA-256 | dd040be0d2bdc00e6d0cbeedaaf496611de0e99e0335d67ebeebc9aaca01a674
Windows 7/2008 Event Log Forensic And Reversing Analysis
Posted Mar 18, 2011
Authored by ar1vr

Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.

tags | paper
systems | windows
SHA-256 | aef1648589581c22c1a58a83b6b24763434d5609c71498b324de55b9c7a27598
Windows 7 Firewire Attacks
Posted Aug 15, 2009
Authored by Benjamin Boeck

Whitepaper called Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker.

tags | paper
systems | windows
SHA-256 | 3d6158da6ded9cf59e2fd18cf780e070291feb92185af0bb51489f9e56543f44
Posted Dec 3, 2008
Authored by Aodrulez | Site aodrulez.blogspot.com

Whitepaper entitled Reverse Engineering Microsoft F#.

tags | paper
SHA-256 | 4edaef63057c44d9b10082e158d32fd91f25f4a3c1b2b8aa6710a53a6e1909a0
Posted Aug 20, 2008
Authored by Kingcope

Breaking The Windows Server 2003 SP2 Stack.

tags | paper
systems | windows
SHA-256 | 73317169f7a8e0b4380b4fd5dea75b0d952694c47cbc1bff599ba7db60a729f9
Posted May 2, 2008
Authored by Brett Moore | Site insomniasec.com

Access Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test.

tags | paper
SHA-256 | acaaf07911fd3af0f81cc2e11aac7c5e782cc6b509d97994fcf2f209c11ba94e
Posted Mar 12, 2008
Authored by Peter Panholzer | Site sec-consult.com

Physical Security Attacks On Windows Vista - A short whitepaper discussing the firewire unlock attack.

tags | paper
systems | windows
SHA-256 | 5f035da0bc475ea3fd4753cf55841d7118ed5b5a109b008da86072262ddd24dc
Posted Nov 30, 2007
Authored by shinnai | Site shinnai.altervista.org

Whitepaper detailing Microsoft API function pointer hijacking.

tags | paper
SHA-256 | 056bec8064de1bf2562b771532fd532fa7fea977fe12de89101bf552a8806647
Posted Oct 10, 2007
Authored by Kriz

Small write up discussing how ShellExecute() works and how applications must make use of it.

tags | paper
SHA-256 | 7a9b8aea89ccd7fbd91c4adf251cb37df6751074c2749b4e00907f8bac322700
Posted Apr 17, 2007
Authored by Makoto Shiotsuki

Whitepaper discussing Windows DNS cache poisoning by forwarder DNS spoofing.

tags | paper, spoof
systems | windows
SHA-256 | a8edfacf63fc3159336647ddf759fbe145f1138297489817602d348e2b57d3a4
Posted Jan 4, 2007
Authored by Hemil Shah

Small paper that discusses SMB and NetBIOS on Windows and how a user can disable them.

tags | paper
systems | windows
SHA-256 | a4c69c41cf361aeb27b3bc59affd3ab807671e8e08d1873a2cc279845a3b5210
Posted Jan 3, 2007
Authored by Matthieu Suiche | Site msuiche.net

Whitepaper entitled Windows Vista 64bits And Unexported Kernel Symbols.

tags | paper, kernel
systems | windows
SHA-256 | 2b24f359a718212fdce5611bf648c054d5e5be36b5321038430e4c47d5aad39c
Posted Nov 6, 2006
Authored by Craig Heffner | Site craigheffner.com

Short whitepaper discussing API hooking/interception via DLL redirection.

tags | paper
SHA-256 | 4f3b2999eaf8674d18053e9c19ddc2690f09ca07ac557ea9d739cbee813c6366
Posted Oct 4, 2006
Authored by Renaud Lifchitz | Site sysdream.com

Windows Vista includes a new memory protection system called ASLR. Its goal is to escape buffer overflow attacks in vulnerable programs. Ali Rahbar, has made a complete study of this security mechanism, and found a new implementation flaw that allows to bypass this protection.

tags | paper, overflow
systems | windows
SHA-256 | ad6a77fa5b3d6c6bce6fb4adca924de45e844e69503cf4da13df83f15ab40765
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

This multi-part tutorial will present several ways in which you can add functionality to closed source Windows executables through DLLs, PE header modification, and good old assembly code. Adding code to existing code caves, modifying PE headers to create code caves and/or importing DLL functions, adding backdoors to programs, and adding plugin support to closed-source programs are all covered.

tags | paper
systems | windows
SHA-256 | addfbf9225a75334eb73fe19aa2b943d801118f73553f9dc431330aa37f87327
Posted Aug 27, 2006
Authored by Aelphaeis Mangarae | Site securzone.org

Whitepaper discussing the hardening of Windows NT.

tags | paper
systems | windows
SHA-256 | c3dfdf7d4262a082864c40fbf2504b64c0e76d0094696de67110b38577ff0649
Posted Jun 15, 2006
Authored by Ruben Santamarta | Site reversemode.com

Whitepaper discussing the fact that the Microsoft Server Message Block Redirector Driver (mrxsmb.sys) does not verify the user-mode buffer properly, allowing any user to overwrite any desired memory address. The successful exploitation results in Ring0 code execution.

tags | paper, code execution
SHA-256 | 8e72140b6ea3bdc38e8d99a76cc14e568dce6926a301540aba00a78f7cb44a46
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Source code for all the examples used in tutorials 1 through 4 of 'Writing Stack Based Overflows On Windows'.

tags | paper, overflow
systems | windows
SHA-256 | 860b53e6a362f1432b875fd79227494b5d512c72cfa9e23132fc2648cd5ae25e
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part IV: Shellcode creation and exploitation an application remotely.

tags | paper, overflow, shellcode
systems | windows
SHA-256 | 8574a8998f8d62e5c51157c0cfca653779fe111f04fd2362565eb53dd4584fb2
Posted Dec 3, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part III: Walking through a stack based overflow and writing an exploit for a local overflow.

tags | paper, overflow, local
systems | windows
SHA-256 | f90a0115f7445c95c71fa6878bcc43ebb6802fec3409da9bbdfa11726c784353
Posted Nov 4, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part II: Windows Assembly for writing Exploits

tags | paper, overflow
systems | windows
SHA-256 | 458ebf2f8f50c0249db41a0f2babf0e9c981f7c972089ff9b19153fd0210a5ff
Posted Nov 4, 2005
Authored by Nish Bhalla | Site securitycompass.com

Writing Stack Based Overflows on Windows - Part I: Basic Concepts

tags | paper, overflow
systems | windows
SHA-256 | f2eded9aca3088ea4d10a3faf846a8d5c7b7d77f76c4957ad9691750d63e1c75
Posted Oct 25, 2005
Authored by Cesar | Site argeniss.com

Story of a dumb patch - This paper describes a mistake made by Microsoft in patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes of software vendors to not repeat these kind of mistakes.

tags | paper
SHA-256 | a79eb3b5aa2f5d80efad97626f1bd81b439fa096671c52ff737b3558b91a75e0
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By