Section: .. / papers / bypass /
| /// File Name: |
sybase-bypass.pdf |
Description:
|
Whitepaper discussing Sybase SQL injection and bypassing mod_security. Written in German.
| | Author: | T. Kerbl | | Homepage: | http://www.sec-consult.com/ | | File Size: | 131934 | | Last Modified: | Aug 18 20:02:00 2008 |
| MD5 Checksum: | 2b5e62af1a1d46a6e397815bc096a922 |
|
| /// File Name: |
Creating_Backdoors_in_Cisco_IOS_usi..> |
Description:
|
This short technical briefing describes a technique using Tcl to create a backdoor within IOS that would allow a remote attacker to execute privileged commands on a networking device.
| | Author: | Andy Davis | | Homepage: | http://www.irmplc.com/ | | File Size: | 538499 | | Last Modified: | Nov 27 22:35:11 2007 |
| MD5 Checksum: | c36b7968fecc31dca537fcdf4e5975d8 |
|
| /// File Name: |
sql-inject.pdf |
Description:
|
Whitepaper discussing uncommon SQL injection attacks.
| | Author: | N3T D3VIL | | File Size: | 159732 | | Last Modified: | Aug 15 00:01:30 2007 |
| MD5 Checksum: | 3ccee41b5d5a4751f2955084693506be |
|
| /// File Name: |
Cisco_IOS_Exploitation_Techniques.p..> |
Description:
|
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
| | Author: | Gyan Chawdhary | | Homepage: | http://www.irmplc.com/ | | File Size: | 596924 | | Last Modified: | Jun 27 20:28:17 2007 |
| MD5 Checksum: | de1e5098e579eb286a1dbc30729d80a5 |
|
| /// File Name: |
xss-bypass.txt |
Description:
|
Cross site scripting filtration bypass.
| | Author: | Arham Muhammad | | File Size: | 9942 | | Last Modified: | Jun 10 20:10:59 2007 |
| MD5 Checksum: | 49e66fffe3b0413e8dd5b5e4103a6f2c |
|
| /// File Name: |
exploiting-rpc.pdf |
Description:
|
Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.
| | Author: | David Routin | | File Size: | 465941 | | Last Modified: | Apr 19 01:03:21 2007 |
| MD5 Checksum: | 5f99244bffdda5a0293024b78fe24c9d |
|
| /// File Name: |
w32.bypass.abstract.en.pdf |
Description:
|
This document is a technical abstract of paper "Win32/Bypass: Anulando la deteccion de ficheros". The main objective is to explain techniques used to bypass security measures of many antivirus programs.
| | Author: | FraMe | | Homepage: | http://www.kernelpanik.org/ | | File Size: | 82126 | | Last Modified: | Mar 20 01:07:01 2007 |
| MD5 Checksum: | daee698ea86fd64cb575a08fc75d866f |
|
| /// File Name: |
Top_10_Ajax_SH_v1.1.pdf |
Description:
|
Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".
| | Author: | Shreeraj Shah | | File Size: | 44884 | | Last Modified: | Dec 6 00:48:51 2006 |
| MD5 Checksum: | 038020f7d532137619a96c59296463db |
|
| /// File Name: |
vapatch.txt |
Description:
|
Whitepaper titled Circumventing the VA kernel patch For Fun and Profit.
| | Author: | phetips | | File Size: | 11033 | | Last Modified: | Oct 8 23:35:14 2006 |
| MD5 Checksum: | 9bfacc871b7957473a7fbe17bf7cebd1 |
|
| /// File Name: |
Bypassing_NAC_Solutions_Whitepaper...> |
Description:
|
Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
| | Author: | Ofir Arkin | | Homepage: | http://www.insightix.com/resources/whitepapers/bypassing.aspx | | File Size: | 889707 | | Last Modified: | Sep 26 19:28:58 2006 |
| MD5 Checksum: | 7d510a73435ecac3bb94797d2379039f |
|
| /// File Name: |
ids_evasion_oracle_sqlnet.pdf |
Description:
|
Write up discussing Oracle database IDS evasion techniques for SQL*Net.
| | Author: | Joxean Koret | | File Size: | 143377 | | Last Modified: | Aug 27 19:40:24 2006 |
| MD5 Checksum: | d59cda5242ec3439f74c6f7b13fb69ad |
|
| /// File Name: |
HeaderFlash.txt |
Description:
|
Formal write up discussing how arbitrary HTTP requests can be crafted using Flash 7/8 with Internet Explorer.
| | Author: | Amit Klein | | File Size: | 3041 | | Last Modified: | Aug 27 13:50:03 2006 |
| MD5 Checksum: | 211b836130d25cc1e62f50c3f63cdcdb |
|
| /// File Name: |
bypassScript.txt |
Description:
|
Whitepaper discussing the bypassing of script filter with variable-width encodings.
| | Author: | Cheng Peng Su | | File Size: | 7104 | | Last Modified: | Aug 18 01:34:51 2006 |
| MD5 Checksum: | d6ee6506d4d8e6e0d0032a49e253c3a6 |
|
| /// File Name: |
Forge-Amit.txt |
Description:
|
Whitepaper titled "Forging HTTP Request Headers With Flash".
| | Author: | Amit Klein | | File Size: | 14839 | | Last Modified: | Jul 26 04:03:46 2006 |
| MD5 Checksum: | 6b97464da5cf5a4ea42215c97ec35944 |
|
| /// File Name: |
Monografia_Rodrigo.pdf |
Description:
|
Whitepaper discussing intrusion detection system evasion. It specifically focuses on polymorphic attacks using scmorphism. This document is written in Brazilian Portuguese.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.bsdaemon.org | | File Size: | 388465 | | Last Modified: | May 6 17:18:32 2006 |
| MD5 Checksum: | bece5c8d229c43ace859d0f1a227b70f |
|
| /// File Name: |
WLSI.zip |
Description:
|
Whitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.
| | Author: | Cesar Cerrudo | | Homepage: | http://www.argeniss.com/ | | File Size: | 264525 | | Last Modified: | Mar 14 23:22:33 2006 |
| MD5 Checksum: | e6e381e24020aea49b16759a19981d23 |
|
| /// File Name: |
HostFingerprinting.pdf |
Description:
|
Host Fingerprinting and Firewalking With hping - This paper discusses some of the techniques that can be effectively used in host fingerprinting, especially when a host is behind a firewall. Various tools are discussed with hping as a primary focus.
| | Author: | Naveed Afzal | | File Size: | 46668 | | Last Modified: | Nov 30 13:37:55 2005 |
| MD5 Checksum: | 3e2bea990221c86fe51e24c4388388c4 |
|
| /// File Name: |
smackthestack.txt |
Description:
|
This whitepaper discusses five creative methods used to overcome various stack protection patches. It focuses on the VA (Virtual Address) space randomization patch that has been integrated into the Linux 2.6 kernel. These methods are not limited to this patch, but rather provide a different approach to the buffer overflow exploiting scheme.
| | Author: | Izik | | File Size: | 29182 | | Last Modified: | Oct 8 14:15:15 2005 |
| MD5 Checksum: | 5c55f894eced79356c37c86ac0fd889e |
|
| /// File Name: |
no-nx.pdf |
Description:
|
x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.
| | Author: | Sebastian Krahmer | | File Size: | 84050 | | Last Modified: | Oct 6 00:32:54 2005 |
| MD5 Checksum: | 8df650e08759b301398f03475970e1b2 |
|
| /// File Name: |
GOT_Hijack.txt |
Description:
|
This short paper discusses the method of overwriting a pointer used in a function for the sake of overwriting the associated entry in the Global Offset Table (GOT) which in turn allows for execution flow redirection.
| | Author: | c0ntex | | Homepage: | http://www.open-security.org | | File Size: | 16696 | | Last Modified: | Aug 28 15:59:30 2005 |
| MD5 Checksum: | ffbeb2e8b0768454f781f66654e95478 |
|
| /// File Name: |
ThePharmingGuide.pdf |
Description:
|
Exploiting well known flaws in DNS services and the way in which hostnames are resolved to IP addresses, Phishers have upped the ante in the cyberwar for control of a customer's online identity for financial gain. A grouping of attack vectors now referred to as "Pharming", affects the fundamental way in which a customer's computer locates and connects to an organizations online offering. This paper, extending the original material of "The Phishing Guide", examines in depth the workings of the name services of which Internet-based customers are dependent upon, and how they can be exploited by Pharmers to conduct identity theft and financial fraud on a massive scale.
| | Author: | NGSSoftware Insight Security Research | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 1611352 | | Last Modified: | Aug 25 01:16:22 2005 |
| MD5 Checksum: | f1eb60baaa656bb670be1bb0a390c3a1 |
|
| /// File Name: |
BluezHCIDpwned.txt |
Description:
|
Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
| | Author: | Kevin Finisterre | | File Size: | 6517 | | Last Modified: | Aug 18 03:48:10 2005 |
| MD5 Checksum: | b72ff079514eeeedc49d026f205fb05b |
|
| /// File Name: |
bypassing-win-heap-protections.pdf |
Description:
|
Whitepaper detailing a new way to bypass Microsoft Windows heap protection mechanisms. The methodology explained here is different from the method introduced by Alexander Anisimov.
| | Author: | Nicolas Falliere | | File Size: | 89925 | | Last Modified: | Aug 17 02:58:28 2005 |
| MD5 Checksum: | bbe8f8d36f5ad8e3f1c34915ce9660aa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
