Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 13:08:01 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1145798320&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fbypass%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1145798320.1338210481.1338210481.1338210481.1%3B%2B__utmz%3D32867617.1338210481.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/111880/bypassing-aslr.pdf http://packetstormsecurity.org/files/111880/bypassing-aslr.pdf http://packetstormsecurity.org/files/111880/Bypassing-Address-Space-Layout-Randomization.html Mon, 16 Apr 2012 22:45:08 GMT Most modern day Operating Systems include some form of memory protection such as DEP and ASLR. This article focuses on ASLR, its implementation, limitations and finally various techniques which can be used to circumvent the protection. http://packetstormsecurity.org/files/111411/bypassing-tolower.pdf http://packetstormsecurity.org/files/111411/bypassing-tolower.pdf http://packetstormsecurity.org/files/111411/Bypassing-tolower-Filters-In-Buffer-Overflows.html Fri, 30 Mar 2012 23:48:47 GMT This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well. http://packetstormsecurity.org/files/108551/SafeSEH_SEHOP_principles.pdf http://packetstormsecurity.org/files/108551/SafeSEH_SEHOP_principles.pdf http://packetstormsecurity.org/files/108551/SafeSEH-SEHOP-All-At-Once-Bypass-Exploitation-Method-Principles.html Wed, 11 Jan 2012 07:07:30 GMT Whitepaper called SafeSEH+SEHOP all-at-once bypass exploitation method principles. http://packetstormsecurity.org/files/105705/evading-antimalware.pdf http://packetstormsecurity.org/files/105705/evading-antimalware.pdf http://packetstormsecurity.org/files/105705/Evading-Antimalware-Engines-Via-Assembly-Ghostwriting.html Wed, 12 Oct 2011 01:56:07 GMT Whitepaper called Evading Antimalware Engines via Assembly Ghostwriting. http://packetstormsecurity.org/files/105700/NES-BypassWin7KernelAslr.pdf http://packetstormsecurity.org/files/105700/NES-BypassWin7KernelAslr.pdf http://packetstormsecurity.org/files/105700/Bypassing-Windows-7-Kernel-ASLR.html Wed, 12 Oct 2011 01:42:34 GMT Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1. http://packetstormsecurity.org/files/105535/rop-ids.txt http://packetstormsecurity.org/files/105535/rop-ids.txt http://packetstormsecurity.org/files/105535/Bypassing-IDS-With-Return-Oriented-Programming.html Tue, 04 Oct 2011 21:30:38 GMT Whitepaper called Bypassing IDS with Return Oriented Programming. It heavily discusses and shows the point of leveraging polymorphic shellcode in order to bypass detection. http://packetstormsecurity.org/files/105478/ASLR-DEP.pdf http://packetstormsecurity.org/files/105478/ASLR-DEP.pdf http://packetstormsecurity.org/files/105478/Bypassing-ASLR-DEP.html Sat, 01 Oct 2011 12:12:12 GMT Whitepaper called Bypassing ASLR/DEP. It discusses techniques to bypass these security mechanisms and how custom shellcodes are developed. http://packetstormsecurity.org/files/104493/Bypassing-PHPIDS-0.6.5.pdf http://packetstormsecurity.org/files/104493/Bypassing-PHPIDS-0.6.5.pdf http://packetstormsecurity.org/files/104493/Bypassing-PHPIDS-0.6.5.html Fri, 26 Aug 2011 18:15:58 GMT Using the attacks in this paper allows you to bypass all of PHPIDS's rule sets, which defeats all protection PHPIDS can provide. Furthermore, on a default install of PHPIDS the log file can be used to drop a PHP backdoor. This can use PHPIDS as a vital steping stone in turning an LFI vulnerability into remote code execution. The end result is that use of PHPIDS 0.6.5 can make you less secure. All of these issues have been fixed in version 0.7. http://packetstormsecurity.org/files/104038/Defeating_DEP_through_a_mapped_file.pdf http://packetstormsecurity.org/files/104038/Defeating_DEP_through_a_mapped_file.pdf http://packetstormsecurity.org/files/104038/Defeating-DEP-Through-A-Mapped-File.html Sun, 14 Aug 2011 23:22:22 GMT Whitepaper called Defeating DEP (Data Execution Prevention) through a mapped file. http://packetstormsecurity.org/files/103676/ropdep-bypass.pdf http://packetstormsecurity.org/files/103676/ropdep-bypass.pdf http://packetstormsecurity.org/files/103676/Return-Oriented-Programming-DEP-Bypass.html Wed, 03 Aug 2011 02:15:25 GMT This whitepaper details the ins and outs of return-oriented programming and DEP bypass. http://packetstormsecurity.org/files/102813/defeating_data_execution_prevention_and_aslr_in_windows_xp_sp3.pdf http://packetstormsecurity.org/files/102813/defeating_data_execution_prevention_and_aslr_in_windows_xp_sp3.pdf http://packetstormsecurity.org/files/102813/Defeating-Data-Execution-Prevention-And-ASLR-In-Windows-XP-SP3.html Tue, 05 Jul 2011 14:52:37 GMT Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques. http://packetstormsecurity.org/files/99853/bypassing-av.pdf http://packetstormsecurity.org/files/99853/bypassing-av.pdf http://packetstormsecurity.org/files/99853/Bypassing-Anti-Virus-Scanners.html Tue, 29 Mar 2011 21:32:28 GMT Whitepaper called Bypassing Anti-Virus Scanners. http://packetstormsecurity.org/files/98020/anti-evasion.pdf http://packetstormsecurity.org/files/98020/anti-evasion.pdf http://packetstormsecurity.org/files/98020/Antivirus-Firewall-Evasion-Techniques-Evolution-Of-Download-Deploy-Shellcode.html Mon, 31 Jan 2011 18:22:22 GMT Whitepaper called Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode. http://packetstormsecurity.org/files/97326/bypassing-browser.pdf http://packetstormsecurity.org/files/97326/bypassing-browser.pdf http://packetstormsecurity.org/files/97326/Bypassing-Browser-Memory-Protections.html Thu, 06 Jan 2011 12:12:12 GMT Whitepaper called Bypassing Browser Memory Protections. http://packetstormsecurity.org/files/97240/Evading_AV_Signatures.pdf http://packetstormsecurity.org/files/97240/Evading_AV_Signatures.pdf http://packetstormsecurity.org/files/97240/Evading-Antivirus-Signatures.html Tue, 04 Jan 2011 09:02:02 GMT Whitepaper called Evading AV Signatures - Derailing Antivirus. http://packetstormsecurity.org/files/93000/binarymodify.pdf http://packetstormsecurity.org/files/93000/binarymodify.pdf http://packetstormsecurity.org/files/93000/Binary-Code-Modification.html Tue, 24 Aug 2010 00:58:26 GMT Whitepaper called Binary Code Modification. Written in Turkish. http://packetstormsecurity.org/files/90381/casestudy-DEPbypass.pdf http://packetstormsecurity.org/files/90381/casestudy-DEPbypass.pdf http://packetstormsecurity.org/files/90381/Bypassing-DEP-With-WPM-And-ROP-Case-Study.html Tue, 08 Jun 2010 03:15:17 GMT Bypassing DEP with WPM and ROP Case Study - Audio Converter by D.R. Software. http://packetstormsecurity.org/files/88993/fortify-trick.txt http://packetstormsecurity.org/files/88993/fortify-trick.txt http://packetstormsecurity.org/files/88993/Foritfy-Arbitrary-Memory-Address-Space.html Wed, 28 Apr 2010 01:55:57 GMT Fortify (FORTIFY_SOURCE as used with gdb) suffers from a little trick that allows for reading of arbitrary address space. http://packetstormsecurity.org/files/84469/AntiBypass.pdf http://packetstormsecurity.org/files/84469/AntiBypass.pdf http://packetstormsecurity.org/files/84469/Injection-Techniques-To-Anti-Bypass.html Wed, 30 Dec 2009 21:20:40 GMT Whitepaper called Injection Techniques to Anti Bypass. http://packetstormsecurity.org/files/80695/workaround-xss.txt http://packetstormsecurity.org/files/80695/workaround-xss.txt http://packetstormsecurity.org/files/80695/XSS-Workaround-For-strip_tags-And-addslashes.html Wed, 26 Aug 2009 19:05:11 GMT This paper documents a cross site scripting workaround for strip_tags and addslashes. http://packetstormsecurity.org/files/80625/Bypassing-DBMS_ASSERT.pdf http://packetstormsecurity.org/files/80625/Bypassing-DBMS_ASSERT.pdf http://packetstormsecurity.org/files/80625/Bypassing-Oracle-DBMS_ASSERT.html Tue, 25 Aug 2009 23:51:38 GMT Whitepaper called Bypassing Oracle DBMS_ASSERT (in certain situations). Originally written in July of 2008 but is just being released now. http://packetstormsecurity.org/files/78274/bypass-dep.pdf http://packetstormsecurity.org/files/78274/bypass-dep.pdf http://packetstormsecurity.org/files/78274/Bypassing-Hardware-Based-DEP.html Thu, 11 Jun 2009 21:26:29 GMT Whitepaper called Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 SP2. http://packetstormsecurity.org/files/78273/pbania-evading-nemu2009.pdf http://packetstormsecurity.org/files/78273/pbania-evading-nemu2009.pdf http://packetstormsecurity.org/files/78273/Evading-Network-Level-Emulation.html Thu, 11 Jun 2009 21:23:17 GMT Whitepaper called Evading network-level emulation. http://packetstormsecurity.org/files/77723/Reverse_Engineering.pdf http://packetstormsecurity.org/files/77723/Reverse_Engineering.pdf http://packetstormsecurity.org/files/77723/Bypassing-Authentication-With-Reverse-Engineering.html Thu, 21 May 2009 23:38:23 GMT Whitepaper called Bypassing Authentication with Reverse Engineering in Linux x86. Written in French. http://packetstormsecurity.org/files/77289/bypass-auth.pdf http://packetstormsecurity.org/files/77289/bypass-auth.pdf http://packetstormsecurity.org/files/77289/Bypassing-Authentication-With-Buffer-Overflows.html Tue, 05 May 2009 23:14:57 GMT Whitepaper called Bypassing Authentication With Buffer Overflows. Written in French.