Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 10:42:03 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1826694949&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fwin%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1826694949.1338201723.1338201723.1338201723.1%3B%2B__utmz%3D32867617.1338201723.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP-Exploitation-Using-Cain.html Mon, 21 May 2012 10:33:22 GMT This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain. http://packetstormsecurity.org/files/109046/nextgenad-backdoor.pdf http://packetstormsecurity.org/files/109046/nextgenad-backdoor.pdf http://packetstormsecurity.org/files/109046/A-Backdoor-In-The-Next-Generation-Active-Directory.html Tue, 24 Jan 2012 18:25:45 GMT This is a brief whitepaper called A Backdoor in the Next Generation Active Directory. http://packetstormsecurity.org/files/99479/windows-reversing.pdf http://packetstormsecurity.org/files/99479/windows-reversing.pdf http://packetstormsecurity.org/files/99479/Windows-7-2008-Event-Log-Forensic-And-Reversing-Analysis.html Fri, 18 Mar 2011 23:19:06 GMT Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis. http://packetstormsecurity.org/files/80337/windows7_firewire_physical_attacks.pdf http://packetstormsecurity.org/files/80337/windows7_firewire_physical_attacks.pdf http://packetstormsecurity.org/files/80337/Windows-7-Firewire-Attacks.html Sat, 15 Aug 2009 00:39:23 GMT Whitepaper called Firewire-based Physical Security Attacks on Windows 7, EFS and BitLocker. http://packetstormsecurity.org/files/72546/fsharp-reverse.pdf http://packetstormsecurity.org/files/72546/fsharp-reverse.pdf http://packetstormsecurity.org/files/72546/fsharp-reverse.pdf.html Wed, 03 Dec 2008 01:10:59 GMT Whitepaper entitled Reverse Engineering Microsoft F#. http://packetstormsecurity.org/files/69227/breakingstack.txt http://packetstormsecurity.org/files/69227/breakingstack.txt http://packetstormsecurity.org/files/69227/breakingstack.txt.html Wed, 20 Aug 2008 06:03:28 GMT Breaking The Windows Server 2003 SP2 Stack. http://packetstormsecurity.org/files/65967/Access-Through-Access.pdf http://packetstormsecurity.org/files/65967/Access-Through-Access.pdf http://packetstormsecurity.org/files/65967/Access-Through-Access.pdf.html Fri, 02 May 2008 18:46:48 GMT Access Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test. http://packetstormsecurity.org/files/64402/Vista_Physical_Attacks.pdf http://packetstormsecurity.org/files/64402/Vista_Physical_Attacks.pdf http://packetstormsecurity.org/files/64402/Vista_Physical_Attacks.pdf.html Wed, 12 Mar 2008 20:22:46 GMT Physical Security Attacks On Windows Vista - A short whitepaper discussing the firewire unlock attack. http://packetstormsecurity.org/files/61372/shinnai-msapi.pdf http://packetstormsecurity.org/files/61372/shinnai-msapi.pdf http://packetstormsecurity.org/files/61372/shinnai-msapi.pdf.html Fri, 30 Nov 2007 05:47:18 GMT Whitepaper detailing Microsoft API function pointer hijacking. http://packetstormsecurity.org/files/59961/shellexecute.txt http://packetstormsecurity.org/files/59961/shellexecute.txt http://packetstormsecurity.org/files/59961/shellexecute.txt.html Wed, 10 Oct 2007 06:21:23 GMT Small write up discussing how ShellExecute() works and how applications must make use of it. http://packetstormsecurity.org/files/56012/dns-poison.txt http://packetstormsecurity.org/files/56012/dns-poison.txt http://packetstormsecurity.org/files/56012/dns-poison.txt.html Tue, 17 Apr 2007 16:31:02 GMT Whitepaper discussing Windows DNS cache poisoning by forwarder DNS spoofing. http://packetstormsecurity.org/files/53401/Sharing_mechanism_in_windows.pdf http://packetstormsecurity.org/files/53401/Sharing_mechanism_in_windows.pdf http://packetstormsecurity.org/files/53401/Sharing_mechanism_in_windows.pdf.html Thu, 04 Jan 2007 04:11:03 GMT Small paper that discusses SMB and NetBIOS on Windows and how a user can disable them. http://packetstormsecurity.org/files/53370/Windows_Vista_64bits_and_unexported_kernel_symbols.pdf http://packetstormsecurity.org/files/53370/Windows_Vista_64bits_and_unexported_kernel_symbols.pdf http://packetstormsecurity.org/files/53370/Windows_Vista_64bits_and_unexported_kernel_symbols.pdf.html Wed, 03 Jan 2007 01:48:13 GMT Whitepaper entitled Windows Vista 64bits And Unexported Kernel Symbols. http://packetstormsecurity.org/files/51650/intercept_apis_dll_redirection.pdf http://packetstormsecurity.org/files/51650/intercept_apis_dll_redirection.pdf http://packetstormsecurity.org/files/51650/intercept_apis_dll_redirection.pdf.html Mon, 06 Nov 2006 04:49:41 GMT Short whitepaper discussing API hooking/interception via DLL redirection. http://packetstormsecurity.org/files/50579/Analysis-of-Microsoft-Windows-Vistas-ASLR.pdf http://packetstormsecurity.org/files/50579/Analysis-of-Microsoft-Windows-Vistas-ASLR.pdf http://packetstormsecurity.org/files/50579/Analysis-of-Microsoft-Windows-Vistas-ASLR.pdf.html Wed, 04 Oct 2006 19:23:55 GMT Windows Vista includes a new memory protection system called ASLR. Its goal is to escape buffer overflow attacks in vulnerable programs. Ali Rahbar, has made a complete study of this security mechanism, and found a new implementation flaw that allows to bypass this protection. http://packetstormsecurity.org/files/49738/win_mod.zip http://packetstormsecurity.org/files/49738/win_mod.zip http://packetstormsecurity.org/files/49738/win_mod.zip.html Thu, 07 Sep 2006 08:09:00 GMT This multi-part tutorial will present several ways in which you can add functionality to closed source Windows executables through DLLs, PE header modification, and good old assembly code. Adding code to existing code caves, modifying PE headers to create code caves and/or importing DLL functions, adding backdoors to programs, and adding plugin support to closed-source programs are all covered. http://packetstormsecurity.org/files/49433/NTharden.pdf http://packetstormsecurity.org/files/49433/NTharden.pdf http://packetstormsecurity.org/files/49433/NTharden.pdf.html Sun, 27 Aug 2006 23:00:39 GMT Whitepaper discussing the hardening of Windows NT. http://packetstormsecurity.org/files/47440/mrxsmb-ring0-advisory.pdf http://packetstormsecurity.org/files/47440/mrxsmb-ring0-advisory.pdf http://packetstormsecurity.org/files/47440/mrxsmb-ring0-advisory.pdf.html Thu, 15 Jun 2006 08:12:59 GMT Whitepaper discussing the fact that the Microsoft Server Message Block Redirector Driver (mrxsmb.sys) does not verify the user-mode buffer properly, allowing any user to overwrite any desired memory address. The successful exploitation results in Ring0 code execution. http://packetstormsecurity.org/files/42057/StackOverflow-Examples.txt http://packetstormsecurity.org/files/42057/StackOverflow-Examples.txt http://packetstormsecurity.org/files/42057/StackOverflow-Examples.txt.html Sat, 03 Dec 2005 07:33:58 GMT Source code for all the examples used in tutorials 1 through 4 of 'Writing Stack Based Overflows On Windows'. http://packetstormsecurity.org/files/42056/StackBasedOverflows-Windows-Part4.pdf http://packetstormsecurity.org/files/42056/StackBasedOverflows-Windows-Part4.pdf http://packetstormsecurity.org/files/42056/StackBasedOverflows-Windows-Part4.pdf.html Sat, 03 Dec 2005 07:32:27 GMT Writing Stack Based Overflows on Windows - Part IV: Shellcode creation and exploitation an application remotely. http://packetstormsecurity.org/files/42055/StackBasedOverflows-Windows-Part3.pdf http://packetstormsecurity.org/files/42055/StackBasedOverflows-Windows-Part3.pdf http://packetstormsecurity.org/files/42055/StackBasedOverflows-Windows-Part3.pdf.html Sat, 03 Dec 2005 07:30:58 GMT Writing Stack Based Overflows on Windows - Part III: Walking through a stack based overflow and writing an exploit for a local overflow. http://packetstormsecurity.org/files/41255/StackBasedOverflows-Windows-Part2.pdf http://packetstormsecurity.org/files/41255/StackBasedOverflows-Windows-Part2.pdf http://packetstormsecurity.org/files/41255/StackBasedOverflows-Windows-Part2.pdf.html Fri, 04 Nov 2005 01:02:53 GMT Writing Stack Based Overflows on Windows - Part II: Windows Assembly for writing Exploits http://packetstormsecurity.org/files/41254/StackBasedOverflows-Windows-Part1.pdf http://packetstormsecurity.org/files/41254/StackBasedOverflows-Windows-Part1.pdf http://packetstormsecurity.org/files/41254/StackBasedOverflows-Windows-Part1.pdf.html Fri, 04 Nov 2005 01:01:43 GMT Writing Stack Based Overflows on Windows - Part I: Basic Concepts http://packetstormsecurity.org/files/40893/MSBugPaper.pdf http://packetstormsecurity.org/files/40893/MSBugPaper.pdf http://packetstormsecurity.org/files/40893/MSBugPaper.pdf.html Tue, 25 Oct 2005 18:47:17 GMT Story of a dumb patch - This paper describes a mistake made by Microsoft in patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes of software vendors to not repeat these kind of mistakes.