Whitepaper called SAP Security: Attacking SAP Clients.
3bd7284955fb33ecfa20fb0df06d78f5This whitepaper discusses getting a shell via local file inclusion using the proc/self/environ method.
b21e5fd6d51b66572eeaebe2c779902aThis is a brief tutorial on remote and local file inclusion attacks. Written in German.
4330fbc70880fd99b62bba63ce356840Whitepaper discussing a large amount of PHP filesystem attack vectors. Take Two.
0c125a5cd90c2e3c34acaeebc94d1e98Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.
e3af39385998611d3c8c240c4d54b972Whitepaper called Returning into libc. Written in Portuguese.
76993732696495155311f0108f1d3d93This is a small write up discussing hacking CSRF tokens using CSS history hacking.
0a81986bd41e76eff28f1b1dc95b8c1aThis is a whitepaper called Image Authentication Injection. Proof of concept code is included.
5b56211d92e72bbae2a3d4e8d547eb9fWhitepaper called The Art of Grey-Box Attack. It discusses how to use various tools from the hacker community while owning Microsoft Windows and various Unix systems.
603436d7b0c28eef3dccd69d28a0f172Whitepaper called From 0 To 0 Day On Symbian - Finding Low Level Vulnerabilities On Symbian Smartphones.
c1cb013822fd2846a8426bfcb98c5d69Whitepaper called One Click Ownage. It discusses getting a reverse shell through SQL injection. Related scripts are in the compressed archive.
5346f755b10cf7dd728a06f273277395Whitepaper called State Of The Art Post Exploitation In Hardened PHP Environments.
ef0fb2267f141def533d4aa6d3da4b53Whitepaper called PE Infection - How to Inject a DLL.
8418d1c77e2d5dec5426bbd6ef12bb55Whitepaper called Assault on PHP Applications.
ee9257590ede5a32328e567f8a22e82cSplit and Join - Bypassing Web Application Firewalls with HTTP Parameter Pollution.
89adcb37c36354146abb3fb3257e1035Whitepaper called Understanding SQL Injection. Written in Portuguese.
9a48f599510d430bf04f7b2827cfd6a0Whitepaper called Hijacking LKM's Event Handler.
a5e80807e96ac7dc98189af01219670eWhitepaper called PDF Silent HTTP Form Repurposing Attacks.This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it.
c479c678c56f00b1d37c49038f79e6c6Why certain SWF encryption techniques can backfire Or Tetris For Fun and Profit.
5d7a7fd0ec6d1b901deda520415d7eb5Whitepaper called SAP Penetration Testing with Sapyto.
9fb585ec3a434c84249863823bc476faWhitepaper called Advanced SQL Injection To Operating System Full Control.
d72fdf8cf8dd42617d2d8926ddd8a61bWhitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).
98b92d80a44cb14ddf0e4fdde94bde10This whitepaper, .NET Framework rootkits - backdoors inside your framework, covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it is supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.
48c455e09098bed5b6fa3a1276fab042PHP Fuzzing In Action - 20 Ways To Fuzz PHP Source Code.
3d008daa66d2d541133ffd73d92c9c4dWhitepaper called Amenizando Recusa de Servico Remota. Written in Portuguese.
31459f93500629922b93139b3dafed7f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed