Whitepaper called Shell Code Injection To Process. Written in Turkish.
9caf5ab14b0324dd2531325a849b788eWhitepaper called DNS Service Oriented Denial of Service / Distributed Denial of Service Attacks. Written in Turkish.
65e8a925c1f765f5b5d447b24ea5fde3This whitepaper analyzes the MIDI remote code execution vulnerability found in the Windows Multimedia Library. Written in Turkish.
86b73a0bd44eecf2f0ae4fc449aeb170This is a brief whitepaper discussing how to set up QT Mobile Hotspot and YAMAS applications to man in the middle connections using your phone.
6756a8aa5d75c60ab30be7b7312b4fc3This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
4bd9d141dba29f999534d68fbcf120f5This is a short whitepaper written in French that is called Votre Premiere Exploitation de BOF.
978fb90d0bb2ace7992457cf683b21fdThis is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.
782903866dd7d55143c6835188eda2feThis is a short whitepaper that discusses common vulnerabilities in online payment systems.
f4267b132dd0f54dcdfcfb54738eda4eThe paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments. The victim responds to each segment in the sequence (the sequence is reflected by the victim) if the segments satisfy a certain condition tested by the attacker. The responses do not reach the attacker directly, but induce extra load on a routing queue shared between the victim and the attacker. Increased processing time of packets traversing the queue reveal that the tested condition was true. The paper concentrates on the TCP, but the approach is generic and can be effective against other protocols that allow to construct requests which are conditionally answered by the victim.
3f661f7510db6f7555090f64d98e634eThis is a brief whitepaper that discusses an overview of cloud computing and some high level security issues associated with it.
80f9e90e49daa507276c25a5cc3e0c1eIPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.
bddd807b8490984a05656623cd777ccdWhitepaper called Buffer Overflows: Anatomy of an Exploit. A look at how systems are exploited and why these exploits exist.
5ed1c91a3ec36484f952cddff2c5778aThis Internet Draft focuses on providing advice to RA-Guard implementations, rather than on the evasion techniques that have been found effective against most popular implementations of RA-Guard.
1b5c636801345cb01aca19632ee04573Whitepaper called Linux Kernel Hooking, Data Manipulations and Making Root Exploits. Written in Turkish.
28fae139bde9a4dc5de620503482207dWhitepaper called Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. Unlike other theoretical studies, this paper lays down the steps involved in implementing these attacks in real time networks. These real time attacks are measured and analyzed using network traffic monitors. In addition to that, this project also details various defense strategies that could be enabled on Cisco routers in order to mitigate these attacks. The detection and mitigation mechanisms designed here are effective for small network topologies and can also be extended to analogous large domains.
a7d283e69e99422e2fe86041f1af3f16This is a brief whitepaper discussing how to exploit a webDAV enabled server.
9f254c048e06b9bde5c3fa60cc95b55bWhitepaper called Hardware Involved Software Attacks. Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.
71ecd2fe1142751766ab25085720c584This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.
05040c813b44124bbd7a6080eb4585c3This is a whitepaper called Armitage - Hacking Made Easy Part 1. It covers using the Armitage GUI for Metasploit when performing pentesting.
bcfdd3b262050f31835bee0c94b5c897This is a brief write up discussing time-based NoSQL injection attacks using javascript.
91d28ae50067e7a25392529916fe2966This Internet Draft specifies the security implications of predictable fragment identification values in IPv6. It primarily focuses on countermeasures and mitigations.
ea42370891c626496f81f24e5a922d19This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the same manageability benefits can be achieved without sacrificing the privacy of users.
0b0fef7bec3954389f6b4bcfd6749ba6Whitepaper called Active Directory Offline Hash Dump and Forensic Analysis. The author participated in a project where it was required to extract the password hashes from an offline NTDS.DIT file. After searching the Internet for an available tool, the author found that there was no open source tool. Because of that the author decided to research the internals of password encryption and storage of Active Directory and create a tool for the forensic community.
176aa1514d9d4807c99e9f7ff82945f7This whitepaper is an analysis of Facebook spam exploited through browser add-ons and extensions.
7b27352c3661281e6cc856a2b7896b3bWhitepaper called Unprotecting the Crypter, a Generic Approach. It discusses how crypters work and unpacking malware.
3491d2fba4fa6ac325f6f33e4dd600a1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed