Section: .. / papers / bypass /
| /// File Name: |
0x00_vs_ASP_File_Uploads.pdf |
Description:
|
White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
| | Author: | Brett Moore SA | | Homepage: | http://www.security-assessment.com | | File Size: | 139745 | | Last Modified: | Jul 13 08:52:00 2004 |
| MD5 Checksum: | cad2ad76c53cad21e6285f854026b213 |
|
| /// File Name: |
aslr-bypass.txt |
Description:
|
Whitepaper discussing an ASLR bypassing methodology on the Linux 2.6.17/20 kernel.
| | Author: | sorrow | | Homepage: | http://fhm.noblogs.org/ | | File Size: | 10023 | | Last Modified: | Sep 5 11:36:02 2008 |
| MD5 Checksum: | 69eac3945ce943b762c014d7d22bb2ba |
|
| /// File Name: |
Blind_XPath_Injection_20040518.pdf |
Description:
|
This paper describes a Blind XPath Injection attack that enables an attacker to extract a complete XML document used for XPath querying, without prior knowledge of the XPath query.
| | Author: | Amit Klein | | Homepage: | http://www.sanctuminc.com | | File Size: | 46391 | | Last Modified: | May 19 21:03:40 2004 |
| MD5 Checksum: | e7b01772daac419ef8451d1e2780969c |
|
| /// File Name: |
BluezHCIDpwned.txt |
Description:
|
Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
| | Author: | Kevin Finisterre | | File Size: | 6517 | | Last Modified: | Aug 18 03:48:10 2005 |
| MD5 Checksum: | b72ff079514eeeedc49d026f205fb05b |
|
| /// File Name: |
bypass-dep.pdf |
Description:
|
Whitepaper called Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 SP2.
| | Author: | David Kennedy | | Homepage: | http://www.securestate.com/ | | File Size: | 508631 | | Last Modified: | Jun 11 17:26:29 2009 |
| MD5 Checksum: | 88722c8393820193c531964be64b5bb8 |
|
| /// File Name: |
bypassEPA.pdf |
Description:
|
Article discussing how to bypass the Execution Path Analysis used by the PatchFinder utility, avoiding Windows 2k/XP rootkit detection.
| | Author: | Edgar Barbosa | | File Size: | 108266 | | Last Modified: | Feb 16 15:09:00 2004 |
| MD5 Checksum: | 1b7c12d5a2c92ff9de2469db1560d07a |
|
| /// File Name: |
Bypassing-DBMS_ASSERT.pdf |
Description:
|
Whitepaper called Bypassing Oracle DBMS_ASSERT (in certain situations). Originally written in July of 2008 but is just being released now.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 17792 | | Last Modified: | Aug 25 19:51:38 2009 |
| MD5 Checksum: | 2ebf0727b0106460bbbc700063cb4301 |
|
| /// File Name: |
bypassing-win-heap-protections.pdf |
Description:
|
Whitepaper detailing a new way to bypass Microsoft Windows heap protection mechanisms. The methodology explained here is different from the method introduced by Alexander Anisimov.
| | Author: | Nicolas Falliere | | File Size: | 89925 | | Last Modified: | Aug 17 02:58:28 2005 |
| MD5 Checksum: | bbe8f8d36f5ad8e3f1c34915ce9660aa |
|
| /// File Name: |
Bypassing_NAC_Solutions_Whitepaper...> |
Description:
|
Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
| | Author: | Ofir Arkin | | Homepage: | http://www.insightix.com/resources/whitepapers/bypassing.aspx | | File Size: | 889707 | | Last Modified: | Sep 26 19:28:58 2006 |
| MD5 Checksum: | 7d510a73435ecac3bb94797d2379039f |
|
| /// File Name: |
bypassScript.txt |
Description:
|
Whitepaper discussing the bypassing of script filter with variable-width encodings.
| | Author: | Cheng Peng Su | | File Size: | 7104 | | Last Modified: | Aug 18 01:34:51 2006 |
| MD5 Checksum: | d6ee6506d4d8e6e0d0032a49e253c3a6 |
|
| /// File Name: |
casestudy-DEPbypass.pdf |
Description:
|
Bypassing DEP with WPM and ROP Case Study - Audio Converter by D.R. Software.
| | Author: | Sud0 | | File Size: | 341862 | | Last Modified: | Jun 7 23:15:17 2010 |
| MD5 Checksum: | 0f909efeee056cdc9d9283d2dc1b3247 |
|
| /// File Name: |
Cisco_IOS_Exploitation_Techniques.p..> |
Description:
|
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
| | Author: | Gyan Chawdhary | | Homepage: | http://www.irmplc.com/ | | File Size: | 596924 | | Last Modified: | Jun 27 20:28:17 2007 |
| MD5 Checksum: | de1e5098e579eb286a1dbc30729d80a5 |
|
| /// File Name: |
Creating_Backdoors_in_Cisco_IOS_usi..> |
Description:
|
This short technical briefing describes a technique using Tcl to create a backdoor within IOS that would allow a remote attacker to execute privileged commands on a networking device.
| | Author: | Andy Davis - IRMPLC | | Homepage: | http://www.irmplc.com/ | | File Size: | 538499 | | Last Modified: | Nov 27 22:35:11 2007 |
| MD5 Checksum: | c36b7968fecc31dca537fcdf4e5975d8 |
|
| /// File Name: |
defeating-xpsp2-heap-protection.pdf |
Description:
|
The MaxPatrol team has discovered that it is possible to defeat Microsoft Windows XP SP2 heap protection and data execution prevention mechanisms. Full analysis with code provided.
| | Author: | Alexander Anisimov | | Homepage: | http://www.ptsecurity.com/ | | File Size: | 91734 | | Last Modified: | Jan 29 03:27:55 2005 |
| MD5 Checksum: | acfd948da84a412b6743310864395ea6 |
|
| /// File Name: |
exploiting-rpc.pdf |
Description:
|
Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.
| | Author: | David Routin | | File Size: | 465941 | | Last Modified: | Apr 19 01:03:21 2007 |
| MD5 Checksum: | 5f99244bffdda5a0293024b78fe24c9d |
|
| /// File Name: |
Forge-Amit.txt |
Description:
|
Whitepaper titled "Forging HTTP Request Headers With Flash".
| | Author: | Amit Klein | | File Size: | 14839 | | Last Modified: | Jul 26 04:03:46 2006 |
| MD5 Checksum: | 6b97464da5cf5a4ea42215c97ec35944 |
|
| /// File Name: |
fortify-trick.txt |
Description:
|
Fortify (FORTIFY_SOURCE as used with gdb) suffers from a little trick that allows for reading of arbitrary address space.
| | Author: | Dan Rosenberg | | File Size: | 2159 | | Last Modified: | Apr 27 21:55:57 2010 |
| MD5 Checksum: | d8d53c926f4714c404d8adaf19edcabc |
|
| /// File Name: |
GOT_Hijack.txt |
Description:
|
This short paper discusses the method of overwriting a pointer used in a function for the sake of overwriting the associated entry in the Global Offset Table (GOT) which in turn allows for execution flow redirection.
| | Author: | c0ntex | | Homepage: | http://www.open-security.org | | File Size: | 16696 | | Last Modified: | Aug 28 15:59:30 2005 |
| MD5 Checksum: | ffbeb2e8b0768454f781f66654e95478 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
