This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks.
56f4a21ac08ccb68e395b2dfbaf811cbThis is a brief whitepaper discussing methods of validating a lack of access restriction for various pages on sites. It discusses everything from visual viewing and comparison between cookies used and using an implementation of the Damerau-Levensthein model. They also have a tool for download.
69ab06734848cee07954db4cbbbc802dThis is a brief whitepaper that discusses finding remote and local file inclusion vulnerabilities and how to exploit and patch them.
6052e626e53f1812604f5f5ae8b4ce79This paper reveals the theoretical aspects behind run-time crypters and describes a reference implementation for Portable Executables.
94a494d729dcbfcdadd3afaa08927569This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
8527c3e88bfed9bdffcf0bcf1dbd7036Whitepaper called Reverse Engineering Malware Part 1.
5a024a46d9813b832462a13a9362ba84Pas A Pass Vers L'Assembleur is a whitepaper that discusses the basics of writing and working with assembler. Written in French.
765d78d1ae235ee0f37724f30c058a00Whitepaper called Actuality of SMBRelay in Modern Windows Networks.
81653f8d5eb1f2a90fee0f43369d9388This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues.
4c30e6e9159627379ef776d8274b192dVulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc.
a1bef07ff4bd5d4358baf87d3e3c349fIPv6 offers a much larger address space than that of its IPv4 counterpart. The standard /64 IPv6 subnets can (in theory) accommodate approximately 1.844 * 10^19 hosts, thus resulting in a much lower host density (#hosts/#addresses) than their IPv4 counterparts. As a result, it is widely assumed that it would take a tremendous effort to perform host scanning attacks against IPv6 networks, and therefore IPv6 host scanning attacks have long been considered unfeasible. This document analyzes the IPv6 address configuration policies implemented in most popular IPv6 stacks, and identifies a number of patterns in the resulting addresses lead to a tremendous reduction in the host address search space, thus dismantling the myth that IPv6 host scanning attacks are unfeasible.
7647136296cf7d7fcc2c61206d14cbd6This is a whitepaper called Exploring Windows Backdoors - Bypassing Firewalls on Webhosting Providers.
dc6f6cef040a7a562bff70b2ea29f9e8Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.
95c7b6fb02b2acae134655f38d6826c1Whitepaper called JavaScript Deobfuscation - A Manual Approach.
394491af70ed0366a12d7c638a9593c7Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.
c29898edd3a98bd1b649f060126d2bfeMalware Removal Guide for Windows was written to help remove most malicious software on a Windows operation system.
5155c3ed65cae8b71ab47f255dd143c8This is a whitepaper called Blind Date With Your Girlfriend. It is a brief tutorial that explains how to use Metasploit to hack a Windows box.
581638862cff171206c8c5b82a36fcbcThis whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.
567f1b6b9081cd25538a9957f2416ec8Whitepaper called Anatomy of a Credit Card.
98e1268d250239c216012621ce8bcccfWhitepaper called DNS Spoofing. Written in Portuguese.
7bdb983b4ae751b09c49de1290cdf2d9This is a short whitepaper on VOIP hacking. It more or less just goes over setting up Asterisk and using VOIP.
1631be83d54c93b48c103a842e625161This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the benefits of stable addresses can be achieved without sacrificing the privacy of users.
38b4c27a5caa9d018464a2a4dea98298This is a brief whitepaper discussing the security of contactless smartcard technology.
bec6389370e339eaae8653020480ad03Whitepaper called Basic Pentesting Steps. Written in Portuguese.
ebda5c1727e0395bee2e656071182ff1This paper is about discovering vulnerabilities inside the files that make up WordPress themes. It also discusses reverse engineering of encoded PHP files, common tools, exploits, and dangerous copyright protection mechanisms.
5db141a79f177a46eeefb27ea5a7acc7
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed