Papers News - Úvod  RFC popisy  Knihy  Knihy Recenze  Manuály a Návody  Papers  Video  Slovníčky  Časopisy  Tipy  Studium  


64bit (4)  Cracking (1)  Exploit (29)  Forenzní (1)  Hacking (5)  Linux (6)  Mobil (2)  NFC bezpečnost (1)  Ochrany (2)  Operační paměť (2)  Ostatní (28)  Penetrace (2)  Počítačové útoky (5)  Počítačové viry (13)  Programování (3)  Reverzní inženýrství (5)  Systémy IDS/IPS (1)  Zranitelnosti (23) Magazines (7) 


Datum

Název

Kategorie

Platform

16.1.19Windows Privilege EscalationsVulnerebilityWindows
14.1.19How To Exploit PHP Remotely To Bypass Filters & WAF RulesExploitMultiple
14.1.19MD5 collision of these 2 images is now(*) trivial and instantCryptoMultiple
14.1.19An Internal Pentest Audit Against Active DirectoryPentestWindows
14.1.19Pure In-Memory (Shell)Code Injection In Linux UserlandExploitLinux
14.1.19From blind XXE to root-level file read accessExploitMultiple
14.1.19Searching systematically for PHP disable_functions bypassesVulnerebilityPHP

26.11.18

CORS Attacks

Web Attack

XML

15.11.18

Cache Speculation Side-channels

CPU Attack

8.11.18

Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)

Crypto

21.10.18

Watching You through the Eyes of Celia, a Telepresence Robot

Attack

9.10.18

LOKIDN: a new vector for Homograph Attacks

Attack

9.10.18

Client Side Injection on Web Applications

Exploit

9.10.18

WordPress Penetration Testing using WPScan and MetaSploit

Vulnerebility

9.10.18

Hypervisor From Scratch – Part 4: Address Translation Using Extended Page Table (EPT)

Virtualization

9.10.18

Hypervisor From Scratch – Part 3: Setting up Our First Virtual Machine

Virtualization

9.10.18

Detecting Behavioral Personas with OSINT and Datasploit

Safety

3.10.18

BULK SQL Injection Test on Burp Requests

Exploit

3.10.18

Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)

Magazines

12.9.18

RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3

Security

12.9.18

Sony PlayStation Vita 3.65 / 3.67 / 3.68 - 'h-encore' kernel and user modifications

Vulnerebility

12.9.18

XML External Entity Injection - Explanation and Exploitation

Exploit

12.9.18

Microsoft .NET Framework EoP-MS15-118

Vulnerebility

10.9.18

Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale

Safety

10.9.18

Open Source Intelligence Gathering 201

Security

10.9.18

Obtaining Command Execution through the NetworkManager Daemon

Exploit

10.9.18

Hypervisor From Scratch - Part 2: Entering VMX Operation

Virtualization

10.9.18

How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)

Vulnerebility

10.9.18

Out of Band Exploitation (OOB) CheatSheet

Exploit

10.9.18

Hypervisor From Scratch - Part 1: Basic Concepts & Configure Testing Environment

Virtualization

10.9.18

Finding The Real Origin IPs Hiding Behind CloudFlare or TOR

Safety

10.9.18

Web Application Firewall (WAF) Evasion Techniques #3

Safety

23.8.18

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

CPU Attack

16.8.18

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

IoT

10.8.18

A Deep Dive into macOS MDM (and how it can be compromised)

MacOS

6.8.18

Don’t @ Me Hunting Twitter Bots at Scale

Social

29.7.18

Analyzing potential bounds check bypass vulnerabilities

Vulnerebility

18.7.18

Abusing Kerberos - Kerberoasting

Safety

18.7.18

VLAN Hopping Attack

Attack

18.7.18

Exploiting the Obvious - Bluetooth Trust Relationships

Exploit

18.7.18

Sony Playstation 4 (PS4) - PS4 5.05 BPF Double Free Kernel Exploit Writeup

Exploit

18.7.18

Symbolic deobfuscation: from virtualized code back to the original

Virtualization

26.6.18

Case Study: Security of Modern Bluetooth Keyboards

Security

7.6.18

SEVered: Subverting AMD’s Virtual Machine Encrypti

Virtualization

12.5.18

Throwhammer: Rowhammer Attacks over the Network and Defenses

Hardware Attack

9.5.18

POP SS Vulnerability

Vulnerebility

4.5.18

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

GPU Attack

3.5.18

Windows Kernel Exploitation Tutorial Part 8: Use After Free

Exploit

1.5.18

Trusted Cyber Physical Systems

Cyber

2.4.18

Sony Playstation 4 (PS4) - PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Exploit

2.4.18

Error based SQL Injection in "Order By" clause (MSSQL)

Exploit

2.4.18

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Exploit

27.3.18

BranchScope Attack

CPU Attack

27.3.18

Cross Site Scripting ‘XSS’ in a Nutshell

Exploit

22.3.18

Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable

Exploit

22.3.18

WEB APPLICATION PENETRATION TESTING

Penetrace

13.3.18

18 State of Security Operations: Report of the Capabilities and Maturity of Cyber Defense Organizations Worldwide

Report

13.3.18

Severe Security Advisory on AMD Processors

CPU Attack

13.3.18

aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via SecurityCameras & Infrared (IR)

Attack

13.3.18

USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB

Attack

13.3.18

Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers

Attack

13.3.18

GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

Attack

13.3.18

MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication

Attack

5.3.18

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

Mobil

4.3.18

SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution

CPU Attack

4.3.18

Sony Playstation 4 (PS4) - WebKit 'setAttributeNodeNS' User After Free Write-up

Hacking

4.3.18

The Easiest Metasploit Guide You’ll Ever Read

Penetrace

4.3.18

Parasiting web server process with webshells in permissive environments

Malware

4.3.18

Mobile Application Hacking Diary Ep.2

Hacking

4.3.18

MySQL UDF Exploitation

Exploit

17.2.18

From APK to Golden Ticket

Security

17.2.18

MySQL UDF Exploitation

Exploit

17.2.18

The Easiest Metasploit Guide You’ll Ever Read

Vulnerebility

17.2.18

Zero day Zen garden: Windows Exploit Development

Exploit

13.2.18

TCP Starvation

Vulnerebility

2.2.18

Jailbreaking iOS 11.1.2: An adventure into the XNU kernel

Vulnerebility

2.2.18

ARM Exploitation for IoT

Exploit

2.2.18

HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation

Exploit

2.2.18

Hardcore SAP Penetration Testing

Penetrace

4.1.18

Meltdown Attack

CPU Hardware

4.1.18

Spectre attack

CPU Hardware

3.1.18

PoC||GTFO Proof Concept Get The Fuck Ou 0x14

Exploit

3.1.18

nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect

Exploit

3.1.18

Introduction to Manual Backdooring

Malware

3.1.18

BluedIoT: When a mature and immature technology mixes, becomes an “idiot” situation

IoT

3.1.18

Local File Disclosure using SQL Injection

Exploit

3.1.18

Stealing Windows Credentials Using Google Chrome

Hacking

3.1.18

PoC||GTFO Proof Concept Get The Fuck 0x15

Exploit

3.1.18

HOW TO EXPLOIT ETERNALBLUE TO GET A METERPRETER SESSION ON WINDOWS SERVER 2012 R2

Exploit

3.1.18

HOW TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON WINDOWS SERVER 2016

Exploit

3.1.18

Code Injection – HTML Injection

Exploit

3.1.18

Hidden Network: Detecting Hidden Networks created with USB Devices

Security

3.1.18

Fully Undetectable Malware

Malware

3.1.18

Of Mice and Keyboards On the Security of Modern Wireless Desktop Sets

Security

3.1.18

DirtyTooth: it’s only Rock’n’Roll, but I like it!

Security

3.1.18

Kernel Driver mmaphandler exploitation

Exploit

3.1.18

Command Injection/Shell Injection

Exploit

3.1.18

Exploiting Node.js deserialization bug for Remote Code Execution (CVE-2017-5941)

Vulnerebility

3.1.18

Art of Anti Detection – 3 Shellcode Alchemy

Security

3.1.18

Art of Anti Detection – 2 PE Backdoor Manufacturing

Security

3.1.18

ATTACKING RDP How to Eavesdrop on Poorly Secured RDP Connections

Attack

3.1.18

Alternative for Information_Schema.Tables in MySQL

Exploit

3.1.18

Injecting SQLite database based application

Exploit

3.1.18

RSA ASYMMETRIC POLYMORPHIC SHELLCODE

Exploit

3.1.18

CVE-2017-7344 Fortinet FortiClient Windows privilege escalation at logon

Vulnerebility

3.1.18

MySQL Out-of-Band Hacking

Hacking

3.1.18

MySQL Injection in Update, Insert and Delete

Exploit

3.1.18

Local File Inclusion (LFI) Testing Techniques

Security

12.12.2017

Bleichenbacher attack

Attack

8.12.2017

Spinner: Semi-Automatic Detection of Pinning without Hostname Verification

Krypto

16.11.2017

Terdot Zeus based malware strikes back with a blast from the past

Malware

8.11.2017

Standardizing Bad Cryptographic Practice

Krypto

2.11.2017

A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs

Safety

26.10.2017

Top-of-mind Threats and Their Impact on Endpoint Security Decisions

Threats

24.10.2017

Practical state recovery attacks against legacy RNG implementations

Krypto

16.10.2017

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Wi-Fi

6.10.2017

Another Flip in the Wall of Rowhammer Defenses

Operační paměť

4.10.2017

“Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell”

APT

28.9.2017

Phrack: VM escape - QEMU Case Study

Magazines

28.9.2017

Phrack: Team Shellphish - Cyber Grand Shellphish

Magazines

28.9.2017

Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622

Magazines

28.9.2017

Phrack #69

Magazines

28.9.2017

Phrack #68

Magazines

28.9.2017

Phrack #67

Magazines

28.9.2017

Phrack #66

Magazines

27.9.2017

Cardiac Scan: A Non-Contact and Continuous Heart-Based User

Hacking

30.8.2017

Command Injection/Shell Injection

Exploint

28.8.2017

Abusing Token Privileges For LPE

Exploint

5.8.2017

How to exploit ETERNALROMANCE/SYNERGY on Windows Server 2016

Tool

5.8.2017

Hidden Network: Detecting Hidden Networks created with USB Devices

Tool

5.8.2017

How to Exploit ETERNALBLUE on Windows Server 2012 R2

Tool

5.8.2017

64 bits Linux Stack Based Buffer Overflow

64bit

5.8.2017

64-bit calc.exe Stack Overflow Root Cause Analysis

64bit

5.8.2017

64-bit Linux Stack Based Buffer Overflow

64bit

5.8.2017

64-bit calc.exe Stack Overflow Root Cause Analysis

64bit

5.8.2017

CUDA Cracking

Cracking

5.8.2017

Whitepaper : Exploiting Transparent User Identification

Exploint

5.8.2017

Metasploit -The Exploit Learning Tree

Exploint

5.8.2017

nginx Exploit Documentation About a Generic Way to Exploit Linux Targets

Exploint

5.8.2017

Post XSS Exploitation: Advanced Attacks and Remedies

Exploint

 

5.8.2017

Windows "Meterpreter"less Post Exploitation

Exploint

 

5.8.2017

Novell GroupWise Untrusted Pointer Dereference Exploitation

Exploint

5.8.2017

JDWP Arbitrary Java Code Execution Exploitation

Exploint

5.8.2017

A Short Guide on ARM Exploitation

Exploint

 

5.8.2017

Abusing, Exploiting and Pwning with Firefox Add-ons

Exploint

 

5.8.2017

Windows Heap Overflow Exploitation

Exploint

5.8.2017

Exploitation notes on CVE-2014-0160

Exploint

5.8.2017

TP-Link TD-W89 Config File Download / Exploiting the Host

Exploint

 

5.8.2017

Radio-Frequency Identification Exploitation

Exploint

 

5.8.2017

JDWP Arbitrary Java Code Execution Exploitation

Exploint

5.8.2017

Exploiting CVE-2014-4113 on Windows 8.1

Exploint

5.8.2017

Exploit-Sources (Part One)

Exploint

 

5.8.2017

Anatomy of Exploit - World of Shellcode

Exploint

 

5.8.2017

Backdooring with netcat shellcode

Exploint

5.8.2017

Zine: D-Link DSR Router Series - Remote Root Shell

Exploint

5.8.2017

Reverse Engineering of x86 Linux Shellcodes the Easy Way

Exploint

 

5.8.2017

Radio-Frequency Identification Exploitation

Exploint

 

5.8.2017

Exploitation notes on CVE-2014-0160

Exploint

 

5.8.2017

Windows Heap Overflow Exploitation

Exploint

 

5.8.2017

Heap Spraying - ActiveX Controls Under Attack

Exploint

5.8.2017

SQL Injection in Insert, Update and Delete Statements

Exploint

5.8.2017

Uploading PHP Shell Through SQL Injection

Exploint

 

5.8.2017

TP-Link TD-W89 Config File Download / Exploiting the Host

Exploint

 

5.8.2017

Hacking Trust Relationships Between SIP Gateways

Hacking

5.8.2017

Developing MIPS Exploits to Hack Routers

Hacking

5.8.2017

Hacking Blind

Hacking

5.8.2017

Dynamic-Link Library Hijacking

Hacking

5.8.2017

Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial

Linux

5.8.2017

Linux Stack Based Buffer Overflows

Linux

5.8.2017

Understanding C Integer Boundaries (Overflows & Underflow)

Linux

5.8.2017

Linux Format String Exploitation

Linux

5.8.2017

Linux Integer Overflow and Underflow

Linux

5.8.2017

Linux Off By One Vulnerabilities

Linux

5.8.2017

Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis

Mobil

5.8.2017

Mobile Application Hacking Diary Ep.1

Mobil

5.8.2017

Analyzing Near Field Communication (NFC) Security

NFC bezpečnost

5.8.2017

Bypassing AvastSandBox Using Alternate Data Streaming

Ochrany

5.8.2017

Bypassing SSL Pinning on Android via Reverse Engineering

Ochrany

5.8.2017

Manipulating Memory for Fun & Profit

Operační paměť

5.8.2017

Adventures in Automotive Networks and Control Units

Other

5.8.2017

CloudFlare vs Incapsula (WAF) : Round 2 (PDF)

Other

5.8.2017

CloudFlare vs Incapsula vs ModSecurity

Other

5.8.2017

Flash JIT – Spraying info leak gadgets

Other

5.8.2017

From Write to root on AIX

Other

5.8.2017

Fuzzing: An introduction to Sulley Framework

Other

5.8.2017

GAME ENGINES: A 0-DAY’S TALE

Other

5.8.2017

Methodology: Security plan for wireless networks

Other

5.8.2017

Smashing the stack, an example from 2013

Other

5.8.2017

SQL Injection in Insert, Update and Delete Statements

Other

5.8.2017

The Audit DSOs of the RTLD

Other

5.8.2017

Uploading PHP Shell Through SQL Injection 

Other

5.8.2017

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Other

5.8.2017

Android KeyStore Stack Buffer Overflow

Other

5.8.2017

Whatsapp Forensic/Stealer (Android) POC Paper

Forenzní

5.8.2017

Socket Learning

Other

5.8.2017

NMAP - Port-Scanning: A Practical Approach Modified for better

Other

5.8.2017

Asterisk Phreaking How-To

Other

5.8.2017

Searching SHODAN For Fun And Profit

Other

5.8.2017

Breaking the Sandbox

Other

5.8.2017

Back To The Future: Unix Wildcards Gone Wild

Other

5.8.2017

Deep Dive into ROP Payload Analysis

Other

5.8.2017

Bypassing SSL Pinning on Android via Reverse Engineering

Other

5.8.2017

Introduction to Android Malware Analysis

Other

5.8.2017

CloudFlare vs Incapsula (WAF) : Round 2 (PDF)

Other

5.8.2017

The Audit DSOs of the RTLD

Other

5.8.2017

Whatsapp Forensic/Stealer (Android) PoC Paper

Other

5.8.2017

Methodology: Security plan for wireless networks

Other

5.8.2017

HTML5 Security Cheat Sheet

Other

5.8.2017

A Pentester's Guide to Hacking OData

Penetrace

5.8.2017

Metasploit -The Exploit Learning Tree

Penetrace

5.8.2017

Chip and Skim: cloning EMV cards with the pre-play attack

Počítačový útok

5.8.2017

Story of a Client-Side Attack

Počítačový útok

5.8.2017

Heap Spraying - ActiveX Controls Under Attack

Počítačový útok

5.8.2017

Dynamic-Link Library Hijacking

Počítačový útok

5.8.2017

Smashing the stack, an example from 2013

Počítačový útok

5.8.2017

Win32-Worm:VBS/Jenxcus.A Malware Report

Počítačové viry

5.8.2017

Win32-China Chopper CnC/Webshell Malware Report

Počítačové viry

5.8.2017

Win32-Rovnix Malware Report

Počítačové viry

5.8.2017

DFIRCON APT Malware Analysis

Počítačové viry

5.8.2017

DFIRCON APT Malware analýza - část 2

Počítačové viry

5.8.2017

DFIRCON APT Malware analýza (anglická verze)

Počítačové viry

5.8.2017

DFIRCON APT Malware Analysis - Part 2

Počítačové viry

5.8.2017

Flow Control Obfuscations v malware

Počítačové viry

5.8.2017

Control Flow Obfuscations in Malwares

Počítačové viry

5.8.2017

Introduction to Android Malware Analysis

Počítačové viry

5.8.2017

Outsmarted - Why Malware Works in the Face of Antivirus Software

Počítačové viry

5.8.2017

DFIRCON APT Malware Analysis

Počítačové viry

5.8.2017

Control Flow Obfuscations in Malwares

Počítačové viry

5.8.2017

Return Oriented Programming (ROP FTW)

Programování

5.8.2017

Understanding C Integer Boundaries (Overflows & Underflow)

Programování

5.8.2017

Windows rcrypt PE EXE/DDL Packer Writeup 

Programování

5.8.2017

Reversing & Malware Analysis Training Articles

Reverzní inženýrství

5.8.2017

Reversing & Malware Analysis Training Presentations

Reverzní inženýrství

5.8.2017

Reverse Engineering of x86 Linux Shellcodes the Easy Way

Reverzní inženýrství

5.8.2017

Reversing Encrypted Callbacks and COM Interfaces

Reverzní inženýrství

5.8.2017

Reversing Encrypted Callbacks and COM Interfaces

Reverzní inženýrství

5.8.2017

Manipulating Memory for Fun & Profit

Systémy IDS/IPS

5.8.2017

CVE-2012-5076 Technical Analysis Report

Zranitelnosti

5.8.2017

CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis

Zranitelnosti

5.8.2017

CVE-2012-4969 Technical Analysis Report

Zranitelnosti

5.8.2017

Checkpoint/SofaWare Firewall Vulnerability Research

Zranitelnosti

5.8.2017

Atlassian Confluence 4.3.5 - Multiple Vulnerabilities

Zranitelnosti

5.8.2017

Microsoft Windows Help Systems Vulnerabilities. 

Zranitelnosti

5.8.2017

Atlassian Confluence 4.3.5 - Multiple Vulnerabilities

Zranitelnosti

5.8.2017

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Zranitelnosti

5.8.2017

Zine: D-Link DSR Series Router - Remote Root Shell

Zranitelnosti

5.8.2017

WinRar 4.20 - File Extension Spoofing (0Day)

Zranitelnosti

5.8.2017

Checkpoint/SofaWare Firewall Vulnerability Research

Zranitelnosti

5.8.2017

Technical Information on Vulnerabilities of Hypercall Handlers

Zranitelnosti

5.8.2017

Privilege Escalation via Client Management Software

Zranitelnosti

5.8.2017

Ghost Vulnerability CVE-2015-0235 White Paper

Zranitelnosti

5.8.2017

Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability)

Zranitelnosti

5.8.2017

The Ultimate XSS Protection Cheat Sheet for Developers

Zranitelnosti

5.8.2017

Microsoft Windows Help Systems Vulnerabilities.

Zranitelnosti

5.8.2017

Fuzzing & Software Vulnerabilities Part 1 - Turkish

Zranitelnosti

5.8.2017

Escaping VMware Workstation through COM1

Zranitelnosti

5.8.2017

WordPress 3.6 - Crafted String URL Redirect Restriction Bypass

Zranitelnosti

5.8.2017

Windows rcrypt PE EXE/DDL Packer Writeup

Zranitelnosti

5.8.2017

WinRar 4.20 - File Extension Spoofing (0Day)

Zranitelnosti

5.8.2017

Privilege Escalation via Client Management Software - Part II

Zranitelnosti