This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
3b77aa7034edc0a6eb15c7fb213af029This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
761eafe34246bc9609dce3ba94413deaWhitepaper called Post Exploitation using Meterpreter. It goes into detail on how to leverage Metasploit during a penetration test.
dd551de2c821af9d282c9c942accd99cThese are slides from a talk called Hacking Embedded Devices for Fun and Profit. It uses Sky Broadband as a case study.
f9efc36a6b7bcb29f56ee41189b2cf50Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.
8a5033d9c7adfc19759c96133ff7f0eaThis short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.
601a2786154b417d984dd536b3e6c1a6Whitepaper called Heap, Overflows and Exploitation. Written in Turkish.
df12ca7484c571eb01dc703774f107afWhitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.
b6ec606725fa2f9825409429680eaa18Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
c5b8f7158b3d193cd6c9e9cf005ea3caThis whitepaper is called Local Session Poisoning in PHP Part 3: Bypassing Suhosin's Session Encryption.
dea90a3fffb6ae237c462a524a96eb3cThis whitepaper is called Local Session Poisoning in PHP Part 2: Promiscuous Session Files.
a8c3015377981763344b1a5faa822f7dThis whitepaper is called Local Session Poisoning in PHP Part 1: The Basics of Exploitation and How to Secure a Server.
6518d3accc4f880c502012e632b08bfaWhitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
deff8f50fc6a94e7a1f2a21faafd1708This whitepaper focuses on performing sidejacking with pycookiejsinject. Written in French.
262db71da248e4c6adccb90799a766feWhitepaper called Beyond SQLi: Obfuscate and Bypass. It discusses filter evasion, normal and advanced SQL injection bypassing techniques, and more.
9e7b151e12188442fe45bb9959d31873Nowadays, there is a renewed interest in server-side attacks for hackers. According to SANS, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Victims may be the website owners (e.g. intellectual property theft or loss of customer confidence), their clients (e.g. bank transfer fraud or identity theft) as well as any Internet user, since web application vulnerabilities are now widely exploited to convert trusted websites into malicious ones, thus serving client-side exploits contents to Internet users. This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone in many international organizations.
d8d326545aaa218cc66f98e6863ad4f1Whitepaper called JBoss Exploitation. This paper goes into detail on popping a shell on open JMX consoles.
c381c318bef922e991b3ecedda6b2843This whitepaper discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.
6a314661afd99deedfd1dd237aabc836Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them.
ce00114a7c73e17018ca82de018b612bWhitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.
f16ad0205de570285ca393a7a303389aWhitepaper called Introduction To Hacking Basics. Written in Indonesian.
c9d4701c914028f4495d86a24812d227This whitepaper is an article that covers the basic structure of Metasploit and the need for it as a framework. It provides guidance on the different techniques of information gathering and scans.
2820fcb64a9e7705555c53e64e812c6cWhitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
766f4a856aa3f0e813b475eecaa34efcThis is a brief whitepaper called HTTP Parameter Contamination (HPC) Attack / Research.
b2608b0ad6615d2db4c78b1e09a4df76Whitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
322c439a1fbf4f023f91e7544f8195a6
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed