This is a basic tutorial on web security with WordPress. Written in Indonesian.
69f13561b93e2a06c8bf88bf72456312Whitepaper called Trends in Circumventing Web-Malware Detection. This paper studies the resulting arms race between detection and evasion from the point of view of Google's Safe Browsing infrastructure, an operational web-malware detection system that serves hundreds of millions of users.
98e248077c31accc8637e54faa0d03bdWhitepaper called Social Engineering Toolkit. This article covers backdooring executables and evading antivirus using scripts included with BackTrack.
0e5ccde897c959f10062bed5afebcc21Whitepaper called Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning. This is a follow-up study that reassesses the flash cookie landscape and examines a new tracking vector, HTML5 local storage, and cache-cookies via ETags.
875cd334fd8d44141ce8d8f6e5f680dfWhitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.
05a7bc02c53bdc0f1a0598ded46469bdWhitepaper called Exploring and Patching File Inclusion Vulnerabilities. Written in Arabic.
00525545f51d85ccb282a870b90d47edSmall write-up discussing various issues with T-Mobile's site and security.
017d8d05a0451a9ef16643d065ac8d5dImport address table (IAT) hooking is a well documented technique for intercepting calls to imported functions. However, most methods rely on suspicious API functions and leave several easy to identify artifacts. This paper explores different ways IAT hooking can be employed while circumventing common detection mechanisms.
d0cefc671ad94febb6cd76561c7d9b76This whitepaper gives a short inside of hacking Mifare Classic. Mifare Classic is a inexpensive, entry-level chip, based on ISO/IEC 14443 Type A, 1kB or 4kB. It uses the 13.56 Mhz contactless smartcard standard, proprietary CRYPTO1 with 48 bits keys. There is no protection against cloning or modifications. Anyone with 50 EUR reading can use this weakness against their infrastructure. This cookbook is a proof of concept demonstrating how easy it can be done.
1f2c753030a6cfd8baecc30e68a61bbcThis whitepaper gives a detailed analysis discussing vulnerabilities surrounding the use of SCADA and PLC systems in modern correctional facilities.
4151c016c6d87a2e1fe3b11d920060c5As a part of its ongoing Hacker Intelligence Initiative, Imperva's Application Defense Center (ADC) observed and categorized attacks across 30 applications as well as onion router (TOR) traffic, monitoring more than 10 million individual attacks targeted at web applications over a period of six months. This report discusses and analyzes their findings.
ce98f375f1789b2b3f1b274fd8d33a0fPermutation Oriented Programming (formerly known as Exploit Next Generation) introduces a different and powerful approach to IDS/IPS subversion. It can be applied to almost all vulnerabilities and targets the vulnerability triggers. Slides and various code examples are provided.
83f2424e1306ef46a677f1f0e5769736Whitepaper called What is a vulnerability assessment?
d47e74bceae27c15d2b3218474350a38Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.
2fe7af017754aecc2f68198a7bb61a86Whitepaper called Web Application Finger Printing - Methods/Techniques and Prevention. This paper discusses how automated web application fingerprinting is performed, the visible shortcomings in the approach, and then discusses ways to avoid it.
028fc6c8349bd9406ea3371b78ced25fWhitepaper called From Unexpected Restart To Understand The System. Written in Indonesian.
4b71c70283df1a29a63f944db56cec89Whitepaper called Protecao Client-side: Testando a eficacia das ferramentas de protecao Microsoft para estacoes de trabalho e desktops. It describes how to protect against malicious threats by testing some Microsoft client security tools. Written in Portuguese.
9dbf00127be5f4edcb57d410efdeaf3dThe IETF has just published RFC 6274, entitled "Security Assessment of the Internet Protocol Version 4". It contains a large amount of information on how to improve the security of IPv4 implementations and IPv4 deployments.
6919485928a0a8157f6b4318bc5ed031The recent discussion relating to insecure library loading on the Microsoft Windows platform provoked a significant amount of debate as to whether GNU/Linux and UNIX variants could be vulnerable to similar attacks. Whilst the general consensus of the Slashdot herd appeared to be that this was just another example of Microsoft doing things wrong, the author felt this was unfair and responded with a blog post that sought to highlight an example of where POSIX style linkers get things wrong. Based on the feedback received to that post, the author decided to investigate the issue a little further. This paper is an amalgamation of what was learnt.
c2e33de59c93dcc1dc48a0dd72ca382fWhitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.
f8f8b7c201e9c3aa447babcb07e1be73This is a whitepaper called The Arashi (A.K.A Storm). It discusses ASLR/DEP bypass techniques.
654d0f3070875616c04873f913c7a798Whitepaper called Pentesting in Local Networks Part 1. It discusses performing recon, ARP poisoning, traffic analysis techniques, and more.
38898281f2a6ee37346d3adef4d80b39This brief whitepaper gives an overview of the functional uses of the Metasploit Framework.
ccafd5601a1ca9702e2c6d605633f65aWhitepaper called the Art of Information Gathering / Footprinting. Written in Arabic.
b26c219514cdc2703a628027f7fc8bcdWhitepaper called SSL and HTTP Exposed. It discusses how to perform an HTTPS stripping attack against the TOR network using sslstrip.py and iptables.
ccbad4cfbcafaa23051f5d32c199ad71
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed