Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 13:17:03 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2205652665&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fgeneral%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2205652665.1338211023.1338211023.1338211023.1%3B%2B__utmz%3D32867617.1338211023.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112992/draft-gont-opsec-dhcpv6-shield-00.txt http://packetstormsecurity.org/files/112992/draft-gont-opsec-dhcpv6-shield-00.txt http://packetstormsecurity.org/files/112992/DHCPv6-Shield-Protecting-Against-Rogue-DHCPv6-Servers.html Wed, 23 May 2012 17:22:22 GMT This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks. http://packetstormsecurity.org/files/112965/Failure_to_restrict_access_tool.pdf http://packetstormsecurity.org/files/112965/Failure_to_restrict_access_tool.pdf http://packetstormsecurity.org/files/112965/Failure-To-Restrict-Access.html Wed, 23 May 2012 02:33:16 GMT This is a brief whitepaper discussing methods of validating a lack of access restriction for various pages on sites. It discusses everything from visual viewing and comparison between cookies used and using an implementation of the Damerau-Levensthein model. They also have a tool for download. http://packetstormsecurity.org/files/112588/Finding_LFI_and_RFI.pdf http://packetstormsecurity.org/files/112588/Finding_LFI_and_RFI.pdf http://packetstormsecurity.org/files/112588/Finding-RFI-And-LFI-Exploiting-And-Patching.html Tue, 08 May 2012 21:50:00 GMT This is a brief whitepaper that discusses finding remote and local file inclusion vulnerabilities and how to exploit and patch them. http://packetstormsecurity.org/files/112539/nullsec-pe-crypter.pdf http://packetstormsecurity.org/files/112539/nullsec-pe-crypter.pdf http://packetstormsecurity.org/files/112539/Hyperion-Implementation-Of-A-PE-Crypter.html Tue, 08 May 2012 16:11:11 GMT This paper reveals the theoretical aspects behind run-time crypters and describes a reference implementation for Portable Executables. http://packetstormsecurity.org/files/112482/iosapp-insecurity.pdf http://packetstormsecurity.org/files/112482/iosapp-insecurity.pdf http://packetstormsecurity.org/files/112482/iOS-Application-In-Security.html Sun, 06 May 2012 01:48:08 GMT This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance. http://packetstormsecurity.org/files/112394/malware_analysis1.pdf http://packetstormsecurity.org/files/112394/malware_analysis1.pdf http://packetstormsecurity.org/files/112394/Reverse-Engineering-Malware-Part-1.html Wed, 02 May 2012 02:02:29 GMT Whitepaper called Reverse Engineering Malware Part 1. http://packetstormsecurity.org/files/112392/paspas-assembleur.pdf http://packetstormsecurity.org/files/112392/paspas-assembleur.pdf http://packetstormsecurity.org/files/112392/Pas-A-Pas-Vers-LAssembleur.html Tue, 01 May 2012 11:11:11 GMT Pas A Pass Vers L'Assembleur is a whitepaper that discusses the basics of writing and working with assembler. Written in French. http://packetstormsecurity.org/files/112316/Actuality_of_SMBRelay_in_Modern_Windows_Networks.pdf http://packetstormsecurity.org/files/112316/Actuality_of_SMBRelay_in_Modern_Windows_Networks.pdf http://packetstormsecurity.org/files/112316/Actuality-Of-SMBRelay-In-Modern-Windows-Networks.html Sat, 28 Apr 2012 18:22:22 GMT Whitepaper called Actuality of SMBRelay in Modern Windows Networks. http://packetstormsecurity.org/files/112162/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00.txt http://packetstormsecurity.org/files/112162/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00.txt http://packetstormsecurity.org/files/112162/Security-Implicaitons-Of-IPv6-On-IPv4-Networks.html Tue, 24 Apr 2012 20:22:22 GMT This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues. http://packetstormsecurity.org/files/112152/531.txt http://packetstormsecurity.org/files/112152/531.txt http://packetstormsecurity.org/files/112152/Cross-Site-Scripting-Payloads.html Tue, 24 Apr 2012 11:11:11 GMT Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc. http://packetstormsecurity.org/files/112060/draft-gont-opsec-ipv6-host-scanning-00.txt http://packetstormsecurity.org/files/112060/draft-gont-opsec-ipv6-host-scanning-00.txt http://packetstormsecurity.org/files/112060/Host-Scanning-In-IPv6-Networks.html Sat, 21 Apr 2012 00:20:29 GMT IPv6 offers a much larger address space than that of its IPv4 counterpart. The standard /64 IPv6 subnets can (in theory) accommodate approximately 1.844 * 10^19 hosts, thus resulting in a much lower host density (#hosts/#addresses) than their IPv4 counterparts. As a result, it is widely assumed that it would take a tremendous effort to perform host scanning attacks against IPv6 networks, and therefore IPv6 host scanning attacks have long been considered unfeasible. This document analyzes the IPv6 address configuration policies implemented in most popular IPv6 stacks, and identifies a number of patterns in the resulting addresses lead to a tremendous reduction in the host address search space, thus dismantling the myth that IPv6 host scanning attacks are unfeasible. http://packetstormsecurity.org/files/112044/my_research1.pdf http://packetstormsecurity.org/files/112044/my_research1.pdf http://packetstormsecurity.org/files/112044/Exploring-Windows-Backdoors.html Fri, 20 Apr 2012 04:44:44 GMT This is a whitepaper called Exploring Windows Backdoors - Bypassing Firewalls on Webhosting Providers. http://packetstormsecurity.org/files/111916/SEC_Consult_The_Source_Is_A_Lie_V1.0_PUBLIC.pdf http://packetstormsecurity.org/files/111916/SEC_Consult_The_Source_Is_A_Lie_V1.0_PUBLIC.pdf http://packetstormsecurity.org/files/111916/The-Source-Is-A-Lie.html Tue, 17 Apr 2012 20:35:36 GMT Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered. http://packetstormsecurity.org/files/111960/javascript-deobfuscate.pdf http://packetstormsecurity.org/files/111960/javascript-deobfuscate.pdf http://packetstormsecurity.org/files/111960/JavaScript-Deobfuscation.html Mon, 16 Apr 2012 11:11:11 GMT Whitepaper called JavaScript Deobfuscation - A Manual Approach. http://packetstormsecurity.org/files/111841/telco-crypto.pdf http://packetstormsecurity.org/files/111841/telco-crypto.pdf http://packetstormsecurity.org/files/111841/Telco-SMTP-To-SMS-MMS-Crypto.html Fri, 13 Apr 2012 20:26:09 GMT Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services. http://packetstormsecurity.org/files/111708/malware-removal.pdf http://packetstormsecurity.org/files/111708/malware-removal.pdf http://packetstormsecurity.org/files/111708/Malware-Removal-Guide-For-Windows.html Tue, 10 Apr 2012 04:19:43 GMT Malware Removal Guide for Windows was written to help remove most malicious software on a Windows operation system. http://packetstormsecurity.org/files/111659/blind-date.pdf http://packetstormsecurity.org/files/111659/blind-date.pdf http://packetstormsecurity.org/files/111659/Blind-Date-With-Your-Girlfriend.html Tue, 10 Apr 2012 01:21:38 GMT This is a whitepaper called Blind Date With Your Girlfriend. It is a brief tutorial that explains how to use Metasploit to hack a Windows box. http://packetstormsecurity.org/files/111658/dissecting-ohday.pdf http://packetstormsecurity.org/files/111658/dissecting-ohday.pdf http://packetstormsecurity.org/files/111658/MS11-046-Dissecting-A-0-Day.html Sat, 07 Apr 2012 02:09:41 GMT This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires. http://packetstormsecurity.org/files/111590/creditcard-anatomy.pdf http://packetstormsecurity.org/files/111590/creditcard-anatomy.pdf http://packetstormsecurity.org/files/111590/Anatomy-Of-A-Credit-Card.html Wed, 04 Apr 2012 17:22:22 GMT Whitepaper called Anatomy of a Credit Card. http://packetstormsecurity.org/files/111529/dns-spoofing.pdf http://packetstormsecurity.org/files/111529/dns-spoofing.pdf http://packetstormsecurity.org/files/111529/DNS-Spoofing.html Wed, 04 Apr 2012 01:50:21 GMT Whitepaper called DNS Spoofing. Written in Portuguese. http://packetstormsecurity.org/files/111478/voiphacking.pdf http://packetstormsecurity.org/files/111478/voiphacking.pdf http://packetstormsecurity.org/files/111478/VOIP-Hacking.html Sun, 01 Apr 2012 11:11:11 GMT This is a short whitepaper on VOIP hacking. It more or less just goes over setting up Asterisk and using VOIP. http://packetstormsecurity.org/files/111460/draft-gont-6man-stable-privacy-addresses-01.txt http://packetstormsecurity.org/files/111460/draft-gont-6man-stable-privacy-addresses-01.txt http://packetstormsecurity.org/files/111460/Generating-Stable-Privacy-Enhanced-Addresses-With-IPv6.html Sat, 31 Mar 2012 14:22:22 GMT This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. http://packetstormsecurity.org/files/111407/howsecure-smartcard.pdf http://packetstormsecurity.org/files/111407/howsecure-smartcard.pdf http://packetstormsecurity.org/files/111407/How-Secure-Is-Contactless-Smartcard-Technology.html Fri, 30 Mar 2012 23:42:47 GMT This is a brief whitepaper discussing the security of contactless smartcard technology. http://packetstormsecurity.org/files/111335/basic-pentest.pdf http://packetstormsecurity.org/files/111335/basic-pentest.pdf http://packetstormsecurity.org/files/111335/Basic-Pentesting-Steps.html Thu, 29 Mar 2012 01:01:01 GMT Whitepaper called Basic Pentesting Steps. Written in Portuguese. http://packetstormsecurity.org/files/111237/wordpress-themes.pdf http://packetstormsecurity.org/files/111237/wordpress-themes.pdf http://packetstormsecurity.org/files/111237/Analyzing-WordPress-Themes.html Tue, 27 Mar 2012 15:22:22 GMT This paper is about discovering vulnerabilities inside the files that make up WordPress themes. It also discusses reverse engineering of encoded PHP files, common tools, exploits, and dangerous copyright protection mechanisms.