Knowledge Base

draft-gont-6man-nd-extension-headers-02 – Security Implications of the Use of IPv6 Extension Headers with IPv6 Neighbor Discovery.

pass-back-attack – Short read on exploiting poorly configured printers to get network login creds.

ExpressionLanguageInjection – Good read on using ELi in java apps

Hiding web back doors – This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits.

Android Browser Cross-Application Scripting – Long read on braking out of android app sandbox’s w/o listing tons of privs for the app.

Efficient Denial of Service Attacks on Web Application Platforms – Fun read on using hash collisions to DoS a web app.

Reflection Scan: an Off-Path Attack on TCP – Long read on a newish TCP attack.

Reflective DLL Injection – short read on a newish DLL injection attack.

flag-execution – a great paper called flag execution for easy local privilege escalation. It covers a new attack vector.

non-http_CSRF – Great short read is a reminder that CSRF affects more than websites

dnsp_port_exhaustion – Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.

RHSA-2011-1356-01 – Whitepaper on bypassing IDS with Return Oriented Programming. It heavily discusses and shows the point of leveraging polymorphic shellcode in order to bypass detection.

JBossWhitepaper – This paper goes into detail on popping a shell on open JMX consoles.

Process-Hollowing – Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process.

Android – A whitepaper on the basics of Android and reverse engineering of Android applications.

clickjacking-for-shells – Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.

recursive-overflows – These are slides from a presentation called Jumping the Guard Page for Fun and Profit – Recursive Stack Overflows.

LFI_With_PHPInfo_Assitance – Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.

attaging – Whitepaper called Using QR Tags to Attack Smart Phones (Attaging). It discusses the threatscape related to arbitrary scanning of these tags and using Metasploit to exploit them

Anonymous Care Package lite.tar – How tos and apps for citizens of Anonymous.

Anonymous_-_ Survival_Guide_for_Citizens_in_a_Revolution – The name says it all.

network-drivers – a really long read, but interesting paper on exploiting wireless/ethernet NIC’s

qrcode-goesbad – fun short read on js attacks using qrcodes

dangling-pointer – Good read on the mostly ignored dangling pointer exploitation

param-contam – This is a brief whitepaper called HTTP Parameter Contamination (HPC) Attack / Research.

blind-sqli-regexp-attack – nice short read on using regex to aid in attacking a blind sql injection bug.

Close Encounters of the Third Kind – great read on DOM based XSS

a new way to detect firefox extensions – A dry but short read on detecting firefox extensions using javascript

tabnabbing – nice short read on tabnabbing, what it is and how to use it.

Attacktin webservers via .htaccess – Nice short read on attacking web servers via uploaded .htaccess files.

Generic cross-browser cross-domain theft – A awesome read on generic cross-browser cross-domain theft.

SMB_Decloaking – A nice short read on using SMB to decloak your targets.

cross_domain_search_timing – A good read on cross domain search timing attacks and how powerful they can be.

INLINE_UTF-7_E4X_JAVASCRIPT_HIJACKING – Nice short little read on inline UTF-7 E4X javascript hijacking.

Context-Assessing_Cloud_Node_Security-Whitepaper – A long winded paper on possible cloud service attack vectors

hacking-skiddies – A fun paper on hacking the bad guys 😀

17010 – PHP LFI to Arbitrary Code Execution via rfc1867 File Upload Temporary Files

righttoleften-override – great paper on how right to left override unicode can be used for multiple spoofing cases.

formjacking – Some interesting research on a rather new attack vector called formjacking.

Blind SQL Injection Inference through Underflow Error – Good read on advanced blind SQL injections.

abuse_http_status_codes – Abusing HTTP Status Codes to Expose Private Information.

html5whitepaper.pdf – Awesome paper on client side SQL injection.

TransparentProxyAbuse.pdf.tar – Great info on how socket capable browser plugins result in transparent proxy abuse.

AttackingServerSideXMLParsers.pdf – Nice short read on exploiting server side XML parsers.

fdny_fe.pdf – FDNY forced entry guide, lots of great tips here!

AMitM.pdf.tar – A in-depth look at MITM attacks thats focus on web apps and browsers.

Evading_AV_Signatures.pdf.tar – A good paper full of tips and tricks for evading anti-viruses.

bypassing-browser.pdf.tar – Paper called Bypassing Browser Memory Protections.

Windows_Kernel-mode_OS_Cookies_subverted.pdf.tar – Exploiting the otherwise non-exploitable – Windows Kernel-mode GS Cookies subverted.

session-hijackbasic.txt.tar – A nice short paper on session hijacking basics.

hacking-withmhtml.txt.tar – Write-up called Hacking with MHTML protocol handler. This discusses cross site scripting via uploading a mhtml file, cross site scripting via mthml-file string injection, bypassing X-Frame-Options, an Adobe Reader cross site scripting issue, and more.

assoc-abuse.pdf.tar – Whitepaper called The Abuse of ASSOC Explained.

BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf.tar – white paper from blackhat briefings europe on advanced SQL injection to operating system full control.

tinyurlhacking.txt.tar – Interesting little bit on using url shortening services to get sensitive info like passwords and such.

022805.txt.tar – The Insecure Indexing Vulnerability. Attacks Against Local Search Engines.

ecdguide.pdf.tar – A new guide published on shows how one can plan and execute an act of civil disobedience. It covers the various tools which are available for launching an ECD, examples of past ECDs, how to anonymously participate in ECDs, and much more.

We do not encourage anybody to use this information towards any illegal ends. This is provided for informational and educational purposes only.

document.pdf.tar – killer paper on DoSing sites using SQL!

0x00_vs_ASP_File_Uploads.pdf.tar – paper on exploiting asp upload scripts with null bytes.

279.pdf.tar – great paper on exploiting activex.

one_in_every_family.pdf.tar – good paper on exploiting DNS ­based trust relationships.

citi-tr-91-4.pdf.tar – nice paper on sec weaknesses in the Andrew File System and how to exploit them.

Aspect_File_Download_Injection.pdf.tar – detailed look at file download injection “downloading files you shouldn’t have rights to”

121106.pdf.tar – great research on injecting data to mail servers via web apps.

ApplicationLevelDoSAttacksv06.pdf.tar – A good read on DoS attacks at the app layer.

Cross-protocol-XSS.txt.tar – Cross-protocol XSS with non-standard service ports – a great read.

OWASP_IL_2009_ReDoS.ppt.tar – Great read for DoS attacks via regex.

printer-insecurity-issue_1149.pdf.tar – A great read on printer sec, not really all that detailed but it will give you ideas of where to start.

nmap-suid.txt.tar – Great text about the dangers of a SUIDed nmap and its a great example of how to exploit apps that have been SUIDed from

AppsecEU09_CarettoniDiPaola_v0.8.pdf.tar – Paper on http parameter pollution info.

Response_Header_Name_Injection.txt.tar – Response Header Name Injection Attack
From: Cyrill Brunschwiler

252.pdf.tar – A run down of security vulnerabilities in SOHO Routers
By: SourceSec Dev Team

Leave a Reply

Your email address will not be published. Required fields are marked *