This whitepaper touches on various scanning tools and how to use them. It gives an overview of hping, scapy, unicornscan, nmap, and nessus.
8128327a88a5c5ef7592058f15992966Whitepaper called Intro to SQL Injection and Countermeasures.
68db188cf8aab372f9306915334ea57dWhitepaper called Attacking the Washington, D.C. Internet Voting System. In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. The authors of this paper participated in a challenge to break the security of the system and in doing so, elected Bender from Futurama to the school board.
bf259421383085dfe1dea44f3ea2912aWhitepaper called Metasploit: Low Level View. It touches on topics such as code injection and malware detection evasion / Metasploit encoders.
0559a81662deefef0464d9ae73e2544cThis whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
3b77aa7034edc0a6eb15c7fb213af029This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
761eafe34246bc9609dce3ba94413deaWhitepaper called Post Exploitation using Meterpreter. It goes into detail on how to leverage Metasploit during a penetration test.
dd551de2c821af9d282c9c942accd99cThese are slides from a talk called Hacking Embedded Devices for Fun and Profit. It uses Sky Broadband as a case study.
f9efc36a6b7bcb29f56ee41189b2cf50Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.
8a5033d9c7adfc19759c96133ff7f0eaThis short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.
601a2786154b417d984dd536b3e6c1a6Whitepaper called Heap, Overflows and Exploitation. Written in Turkish.
df12ca7484c571eb01dc703774f107afWhitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.
b6ec606725fa2f9825409429680eaa18Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
c5b8f7158b3d193cd6c9e9cf005ea3caThis whitepaper is called Local Session Poisoning in PHP Part 3: Bypassing Suhosin's Session Encryption.
dea90a3fffb6ae237c462a524a96eb3cThis whitepaper is called Local Session Poisoning in PHP Part 2: Promiscuous Session Files.
a8c3015377981763344b1a5faa822f7dThis whitepaper is called Local Session Poisoning in PHP Part 1: The Basics of Exploitation and How to Secure a Server.
6518d3accc4f880c502012e632b08bfaWhitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
deff8f50fc6a94e7a1f2a21faafd1708This whitepaper focuses on performing sidejacking with pycookiejsinject. Written in French.
262db71da248e4c6adccb90799a766feWhitepaper called Beyond SQLi: Obfuscate and Bypass. It discusses filter evasion, normal and advanced SQL injection bypassing techniques, and more.
9e7b151e12188442fe45bb9959d31873Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
d8d326545aaa218cc66f98e6863ad4f1Whitepaper called JBoss Exploitation. This paper goes into detail on popping a shell on open JMX consoles.
c381c318bef922e991b3ecedda6b2843This whitepaper discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.
6a314661afd99deedfd1dd237aabc836Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them.
ce00114a7c73e17018ca82de018b612bWhitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.
f16ad0205de570285ca393a7a303389aWhitepaper called Introduction To Hacking Basics. Written in Indonesian.
c9d4701c914028f4495d86a24812d227
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed