Papers News - Úvod  RFC popisy  Knihy  Manuály a Návody  Papers  Video  Slovníčky  Časopisy  Tipy  Techblog  Škola (42)


64bit (4)  Cracking (1)  Exploit (29)  Forenzní (1)  Hacking (5)  Linux (6)  Mobil (2)  NFC bezpečnost (1)  Ochrany (2)  Operační paměť (2)  Ostatní (28)  Penetrace (2)  Počítačové útoky (5)  Počítačové viry (13)  Programování (3)  Reverzní inženýrství (5)  Systémy IDS/IPS (1)  Zranitelnosti (23) Magazines (7) 


Datum

Název

Kategorie

Platform

12.6.19

RAMBleed attack

RAM Attack

Hardware

15.5.19

Project Almanac: A Time-Traveling Solid-State Dri

Malware

 

15.5.19

ZombieLoad: Cross-Privilege-Boundary Data Sampli

CPU

Hardware

15.5.19

RIDL: Rogue In-Flight Data Load

CPU

Hardware

15.5.19

Fallout: Reading Kernel Writes From User Space

CPU

Hardware

11.5.19

Dragonblood: A Security Analysis of WPA3’s SAE Handsha

Wifi

Hardware

29.3.19

Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane

LTE

 

6.3.19

SPOILER CPU Vulnerebility

CPU

Hardware

1.2.19

New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols

Mobil

 

16.1.19

Windows Privilege Escalations

Vulnerebility

Windows

14.1.19

How To Exploit PHP Remotely To Bypass Filters & WAF Rules

Exploit

Multiple

14.1.19

MD5 collision of these 2 images is now(*) trivial and instant

Crypto

Multiple

14.1.19

An Internal Pentest Audit Against Active Directory

Pentest

Windows

14.1.19

Pure In-Memory (Shell)Code Injection In Linux Userland

Exploit

Linux

14.1.19

From blind XXE to root-level file read access

Exploit

Multiple

14.1.19

Searching systematically for PHP disable_functions bypasses

Vulnerebility

PHP

26.11.18

CORS Attacks

Web Attack

XML

15.11.18

Cache Speculation Side-channels

CPU Attack

8.11.18

Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)

Crypto

21.10.18

Watching You through the Eyes of Celia, a Telepresence Robot

Attack

9.10.18

LOKIDN: a new vector for Homograph Attacks

Attack

9.10.18

Client Side Injection on Web Applications

Exploit

9.10.18

WordPress Penetration Testing using WPScan and MetaSploit

Vulnerebility

9.10.18

Hypervisor From Scratch – Part 4: Address Translation Using Extended Page Table (EPT)

Virtualization

9.10.18

Hypervisor From Scratch – Part 3: Setting up Our First Virtual Machine

Virtualization

9.10.18

Detecting Behavioral Personas with OSINT and Datasploit

Safety

3.10.18

BULK SQL Injection Test on Burp Requests

Exploit

3.10.18

Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)

Magazines

12.9.18

RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3

Security

12.9.18

Sony PlayStation Vita 3.65 / 3.67 / 3.68 - 'h-encore' kernel and user modifications

Vulnerebility

12.9.18

XML External Entity Injection - Explanation and Exploitation

Exploit

12.9.18

Microsoft .NET Framework EoP-MS15-118

Vulnerebility

10.9.18

Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale

Safety

10.9.18

Open Source Intelligence Gathering 201

Security

10.9.18

Obtaining Command Execution through the NetworkManager Daemon

Exploit

10.9.18

Hypervisor From Scratch - Part 2: Entering VMX Operation

Virtualization

10.9.18

How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)

Vulnerebility

10.9.18

Out of Band Exploitation (OOB) CheatSheet

Exploit

10.9.18

Hypervisor From Scratch - Part 1: Basic Concepts & Configure Testing Environment

Virtualization

10.9.18

Finding The Real Origin IPs Hiding Behind CloudFlare or TOR

Safety

10.9.18

Web Application Firewall (WAF) Evasion Techniques #3

Safety

23.8.18

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

CPU Attack

16.8.18

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

IoT

10.8.18

A Deep Dive into macOS MDM (and how it can be compromised)

MacOS

6.8.18

Don’t @ Me Hunting Twitter Bots at Scale

Social

29.7.18

Analyzing potential bounds check bypass vulnerabilities

Vulnerebility

18.7.18

Abusing Kerberos - Kerberoasting

Safety

18.7.18

VLAN Hopping Attack

Attack

18.7.18

Exploiting the Obvious - Bluetooth Trust Relationships

Exploit

18.7.18

Sony Playstation 4 (PS4) - PS4 5.05 BPF Double Free Kernel Exploit Writeup

Exploit

18.7.18

Symbolic deobfuscation: from virtualized code back to the original

Virtualization

26.6.18

Case Study: Security of Modern Bluetooth Keyboards

Security

7.6.18

SEVered: Subverting AMD’s Virtual Machine Encrypti

Virtualization

12.5.18

Throwhammer: Rowhammer Attacks over the Network and Defenses

Hardware Attack

9.5.18

POP SS Vulnerability

Vulnerebility

4.5.18

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

GPU Attack

3.5.18

Windows Kernel Exploitation Tutorial Part 8: Use After Free

Exploit

1.5.18

Trusted Cyber Physical Systems

Cyber

2.4.18

Sony Playstation 4 (PS4) - PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Exploit

2.4.18

Error based SQL Injection in "Order By" clause (MSSQL)

Exploit

2.4.18

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Exploit

27.3.18

BranchScope Attack

CPU Attack

27.3.18

Cross Site Scripting ‘XSS’ in a Nutshell

Exploit

22.3.18

Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable

Exploit

22.3.18

WEB APPLICATION PENETRATION TESTING

Penetrace

13.3.18

18 State of Security Operations: Report of the Capabilities and Maturity of Cyber Defense Organizations Worldwide

Report

13.3.18

Severe Security Advisory on AMD Processors

CPU Attack

13.3.18

aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via SecurityCameras & Infrared (IR)

Attack

13.3.18

USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB

Attack

13.3.18

Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers

Attack

13.3.18

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

Attack

13.3.18

MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication

Attack

5.3.18

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

Mobil

4.3.18

SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution

CPU Attack

4.3.18

Sony Playstation 4 (PS4) - WebKit 'setAttributeNodeNS' User After Free Write-up

Hacking

4.3.18

The Easiest Metasploit Guide You’ll Ever Read

Penetrace

4.3.18

Parasiting web server process with webshells in permissive environments

Malware

4.3.18

Mobile Application Hacking Diary Ep.2

Hacking

4.3.18

MySQL UDF Exploitation

Exploit

17.2.18

From APK to Golden Ticket

Security

17.2.18

MySQL UDF Exploitation

Exploit

17.2.18

The Easiest Metasploit Guide You’ll Ever Read

Vulnerebility

17.2.18

Zero day Zen garden: Windows Exploit Development

Exploit

13.2.18

TCP Starvation

Vulnerebility

2.2.18

Jailbreaking iOS 11.1.2: An adventure into the XNU kernel

Vulnerebility

2.2.18

ARM Exploitation for IoT

Exploit

2.2.18

HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation

Exploit

2.2.18

Hardcore SAP Penetration Testing

Penetrace

4.1.18

Meltdown Attack

CPU Hardware

4.1.18

Spectre attack

CPU Hardware

3.1.18

PoC||GTFO Proof Concept Get The Fuck Ou 0x14

Exploit

3.1.18

nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect

Exploit

3.1.18

Introduction to Manual Backdooring

Malware

3.1.18

BluedIoT: When a mature and immature technology mixes, becomes an “idiot” situation

IoT

3.1.18

Local File Disclosure using SQL Injection

Exploit

3.1.18

Stealing Windows Credentials Using Google Chrome

Hacking

3.1.18

PoC||GTFO Proof Concept Get The Fuck 0x15

Exploit

3.1.18

HOW TO EXPLOIT ETERNALBLUE TO GET A METERPRETER SESSION ON WINDOWS SERVER 2012 R2

Exploit

3.1.18

HOW TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON WINDOWS SERVER 2016

Exploit

3.1.18

Code Injection – HTML Injection

Exploit

3.1.18

Hidden Network: Detecting Hidden Networks created with USB Devices

Security

3.1.18

Fully Undetectable Malware

Malware

3.1.18

Of Mice and Keyboards On the Security of Modern Wireless Desktop Sets

Security

3.1.18

DirtyTooth: it’s only Rock’n’Roll, but I like it!

Security

3.1.18

Kernel Driver mmaphandler exploitation

Exploit

3.1.18

Command Injection/Shell Injection

Exploit

3.1.18

Exploiting Node.js deserialization bug for Remote Code Execution (CVE-17-5941)

Vulnerebility

3.1.18

Art of Anti Detection – 3 Shellcode Alchemy

Security

3.1.18

Art of Anti Detection – 2 PE Backdoor Manufacturing

Security

3.1.18

ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections

Attack

3.1.18

Alternative for Information_Schema.Tables in MySQL

Exploit

3.1.18

Injecting SQLite database based application

Exploit

3.1.18

RSA ASYMMETRIC POLYMORPHIC SHELLCODE

Exploit

3.1.18

CVE-17-7344 Fortinet FortiClient Windows privilege escalation at logon

Vulnerebility

3.1.18

MySQL Out-of-Band Hacking

Hacking

3.1.18

MySQL Injection in Update, Insert and Delete

Exploit

3.1.18

Local File Inclusion (LFI) Testing Techniques

Security

12.12.17

Bleichenbacher attack

Attack

8.12.17

Spinner: Semi-Automatic Detection of Pinning without Hostname Verification

Krypto

16.11.17

Terdot Zeus based malware strikes back with a blast from the past

Malware

8.11.17

Standardizing Bad Cryptographic Practice

Krypto

2.11.17

A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs

Safety

26.10.17

Top-of-mind Threats and Their Impact on Endpoint Security Decisions

Threats

24.10.17

Practical state recovery attacks against legacy RNG implementations

Krypto

16.10.17

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Wi-Fi

6.10.17

Another Flip in the Wall of Rowhammer Defenses

Operační paměť

4.10.17

“Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell”

APT

28.9.17

Phrack: VM escape - QEMU Case Study

Magazines

28.9.17

Phrack: Team Shellphish - Cyber Grand Shellphish

Magazines

28.9.17

Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622

Magazines

28.9.17

Phrack #69

Magazines

28.9.17

Phrack #68

Magazines

28.9.17

Phrack #67

Magazines

28.9.17

Phrack #66

Magazines

27.9.17

Cardiac Scan: A Non-Contact and Continuous Heart-Based User

Hacking

30.8.17

Command Injection/Shell Injection

Exploint

28.8.17

Abusing Token Privileges For LPE

Exploint

5.8.17

How to exploit ETERNALROMANCE/SYNERGY on Windows Server 2016

Tool

5.8.17

Hidden Network: Detecting Hidden Networks created with USB Devices

Tool

5.8.17

How to Exploit ETERNALBLUE on Windows Server 2012 R2

Tool

5.8.17

64 bits Linux Stack Based Buffer Overflow

64bit

5.8.17

64-bit calc.exe Stack Overflow Root Cause Analysis

64bit

5.8.17

64-bit Linux Stack Based Buffer Overflow

64bit

5.8.17

64-bit calc.exe Stack Overflow Root Cause Analysis

64bit

5.8.17

CUDA Cracking

Cracking

5.8.17

Whitepaper : Exploiting Transparent User Identification

Exploint

5.8.17

Metasploit -The Exploit Learning Tree

Exploint

5.8.17

nginx Exploit Documentation About a Generic Way to Exploit Linux Targets

Exploint

5.8.17

Post XSS Exploitation: Advanced Attacks and Remedies

Exploint

 

5.8.17

Windows "Meterpreter"less Post Exploitation

Exploint

 

5.8.17

Novell GroupWise Untrusted Pointer Dereference Exploitation

Exploint

5.8.17

JDWP Arbitrary Java Code Execution Exploitation

Exploint

5.8.17

A Short Guide on ARM Exploitation

Exploint

 

5.8.17

Abusing, Exploiting and Pwning with Firefox Add-ons

Exploint

 

5.8.17

Windows Heap Overflow Exploitation

Exploint

5.8.17

Exploitation notes on CVE-2014-0160

Exploint

5.8.17

TP-Link TD-W89 Config File Download / Exploiting the Host

Exploint

 

5.8.17

Radio-Frequency Identification Exploitation

Exploint

 

5.8.17

JDWP Arbitrary Java Code Execution Exploitation

Exploint

5.8.17

Exploiting CVE-2014-4113 on Windows 8.1

Exploint

5.8.17

Exploit-Sources (Part One)

Exploint

 

5.8.17

Anatomy of Exploit - World of Shellcode

Exploint

 

5.8.17

Backdooring with netcat shellcode

Exploint

5.8.17

Zine: D-Link DSR Router Series - Remote Root Shell

Exploint

5.8.17

Reverse Engineering of x86 Linux Shellcodes the Easy Way

Exploint

 

5.8.17

Radio-Frequency Identification Exploitation

Exploint

 

5.8.17

Exploitation notes on CVE-2014-0160

Exploint

 

5.8.17

Windows Heap Overflow Exploitation

Exploint

 

5.8.17

Heap Spraying - ActiveX Controls Under Attack

Exploint

5.8.17

SQL Injection in Insert, Update and Delete Statements

Exploint

5.8.17

Uploading PHP Shell Through SQL Injection

Exploint

 

5.8.17

TP-Link TD-W89 Config File Download / Exploiting the Host

Exploint

 

5.8.17

Hacking Trust Relationships Between SIP Gateways

Hacking

5.8.17

Developing MIPS Exploits to Hack Routers

Hacking

5.8.17

Hacking Blind

Hacking

5.8.17

Dynamic-Link Library Hijacking

Hacking

5.8.17

Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial

Linux

5.8.17

Linux Stack Based Buffer Overflows

Linux

5.8.17

Understanding C Integer Boundaries (Overflows & Underflow)

Linux

5.8.17

Linux Format String Exploitation

Linux

5.8.17

Linux Integer Overflow and Underflow

Linux

5.8.17

Linux Off By One Vulnerabilities

Linux

5.8.17

Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis

Mobil

5.8.17

Mobile Application Hacking Diary Ep.1

Mobil

5.8.17

Analyzing Near Field Communication (NFC) Security

NFC bezpečnost

5.8.17

Bypassing AvastSandBox Using Alternate Data Streaming

Ochrany

5.8.17

Bypassing SSL Pinning on Android via Reverse Engineering

Ochrany

5.8.17

Manipulating Memory for Fun & Profit

Operační paměť

5.8.17

Adventures in Automotive Networks and Control Units

Other

5.8.17

CloudFlare vs Incapsula (WAF) : Round 2 (PDF)

Other

5.8.17

CloudFlare vs Incapsula vs ModSecurity

Other

5.8.17

Flash JIT – Spraying info leak gadgets

Other

5.8.17

From Write to root on AIX

Other

5.8.17

Fuzzing: An introduction to Sulley Framework

Other

5.8.17

GAME ENGINES: A 0-DAY’S TALE

Other

5.8.17

Methodology: Security plan for wireless networks

Other

5.8.17

Smashing the stack, an example from 2013

Other

5.8.17

SQL Injection in Insert, Update and Delete Statements

Other

5.8.17

The Audit DSOs of the RTLD

Other

5.8.17

Uploading PHP Shell Through SQL Injection 

Other

5.8.17

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Other

5.8.17

Android KeyStore Stack Buffer Overflow

Other

5.8.17

Whatsapp Forensic/Stealer (Android) POC Paper

Forenzní

5.8.17

Socket Learning

Other

5.8.17

NMAP - Port-Scanning: A Practical Approach Modified for better

Other

5.8.17

Asterisk Phreaking How-To

Other

5.8.17

Searching SHODAN For Fun And Profit

Other

5.8.17

Breaking the Sandbox

Other

5.8.17

Back To The Future: Unix Wildcards Gone Wild

Other

5.8.17

Deep Dive into ROP Payload Analysis

Other

5.8.17

Bypassing SSL Pinning on Android via Reverse Engineering

Other

5.8.17

Introduction to Android Malware Analysis

Other

5.8.17

CloudFlare vs Incapsula (WAF) : Round 2 (PDF)

Other

5.8.17

The Audit DSOs of the RTLD

Other

5.8.17

Whatsapp Forensic/Stealer (Android) PoC Paper

Other

5.8.17

Methodology: Security plan for wireless networks

Other

5.8.17

HTML5 Security Cheat Sheet

Other

5.8.17

A Pentester's Guide to Hacking OData

Penetrace

5.8.17

Metasploit -The Exploit Learning Tree

Penetrace

5.8.17

Chip and Skim: cloning EMV cards with the pre-play attack

Počítačový útok

5.8.17

Story of a Client-Side Attack

Počítačový útok

5.8.17

Heap Spraying - ActiveX Controls Under Attack

Počítačový útok

5.8.17

Dynamic-Link Library Hijacking

Počítačový útok

5.8.17

Smashing the stack, an example from 2013

Počítačový útok

5.8.17

Win32-Worm:VBS/Jenxcus.A Malware Report

Počítačové viry

5.8.17

Win32-China Chopper CnC/Webshell Malware Report

Počítačové viry

5.8.17

Win32-Rovnix Malware Report

Počítačové viry

5.8.17

DFIRCON APT Malware Analysis

Počítačové viry

5.8.17

DFIRCON APT Malware analýza - část 2

Počítačové viry

5.8.17

DFIRCON APT Malware analýza (anglická verze)

Počítačové viry

5.8.17

DFIRCON APT Malware Analysis - Part 2

Počítačové viry

5.8.17

Flow Control Obfuscations v malware

Počítačové viry

5.8.17

Control Flow Obfuscations in Malwares

Počítačové viry

5.8.17

Introduction to Android Malware Analysis

Počítačové viry

5.8.17

Outsmarted - Why Malware Works in the Face of Antivirus Software

Počítačové viry

5.8.17

DFIRCON APT Malware Analysis

Počítačové viry

5.8.17

Control Flow Obfuscations in Malwares

Počítačové viry

5.8.17

Return Oriented Programming (ROP FTW)

Programování

5.8.17

Understanding C Integer Boundaries (Overflows & Underflow)

Programování

5.8.17

Windows rcrypt PE EXE/DDL Packer Writeup 

Programování

5.8.17

Reversing & Malware Analysis Training Articles

Reverzní inženýrství

5.8.17

Reversing & Malware Analysis Training Presentations

Reverzní inženýrství

5.8.17

Reverse Engineering of x86 Linux Shellcodes the Easy Way

Reverzní inženýrství

5.8.17

Reversing Encrypted Callbacks and COM Interfaces

Reverzní inženýrství

5.8.17

Reversing Encrypted Callbacks and COM Interfaces

Reverzní inženýrství

5.8.17

Manipulating Memory for Fun & Profit

Systémy IDS/IPS

5.8.17

CVE-2012-5076 Technical Analysis Report

Zranitelnosti

5.8.17

CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis

Zranitelnosti

5.8.17

CVE-2012-4969 Technical Analysis Report

Zranitelnosti

5.8.17

Checkpoint/SofaWare Firewall Vulnerability Research

Zranitelnosti

5.8.17

Atlassian Confluence 4.3.5 - Multiple Vulnerabilities

Zranitelnosti

5.8.17

Microsoft Windows Help Systems Vulnerabilities. 

Zranitelnosti

5.8.17

Atlassian Confluence 4.3.5 - Multiple Vulnerabilities

Zranitelnosti

5.8.17

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Zranitelnosti

5.8.17

Zine: D-Link DSR Series Router - Remote Root Shell

Zranitelnosti

5.8.17

WinRar 4.20 - File Extension Spoofing (0Day)

Zranitelnosti

5.8.17

Checkpoint/SofaWare Firewall Vulnerability Research

Zranitelnosti

5.8.17

Technical Information on Vulnerabilities of Hypercall Handlers

Zranitelnosti

5.8.17

Privilege Escalation via Client Management Software

Zranitelnosti

5.8.17

Ghost Vulnerability CVE-2015-0235 White Paper

Zranitelnosti

5.8.17

Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability)

Zranitelnosti

5.8.17

The Ultimate XSS Protection Cheat Sheet for Developers

Zranitelnosti

5.8.17

Microsoft Windows Help Systems Vulnerabilities.

Zranitelnosti

5.8.17

Fuzzing & Software Vulnerabilities Part 1 - Turkish

Zranitelnosti

5.8.17

Escaping VMware Workstation through COM1

Zranitelnosti

5.8.17

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Zranitelnosti

5.8.17

Windows rcrypt PE EXE/DDL Packer Writeup

Zranitelnosti

5.8.17

WinRar 4.20 - File Extension Spoofing (0Day)

Zranitelnosti

5.8.17

Privilege Escalation via Client Management Software - Part II

Zranitelnosti