Blog Papers

Blog Papers

^{Poslední aktualizace 02.10.2014}

64bit ⁽²⁾Cracking ⁽¹⁾Exploit ⁽¹⁴⁾Forenzní ⁽¹⁾Hacking ⁽¹⁾Linux ⁽⁶⁾Mobil ⁽²⁾NFC bezpečnost ⁽¹⁾Ochrany ⁽²⁾Operační paměť ⁽¹⁾Ostatní ⁽¹³⁾Penetrace ⁽²⁾Počítačové útoky ⁽⁵⁾Počítačové viry ⁽⁹⁾Programování ⁽³⁾Reverzní inženýrství ⁽⁴⁾Systémy IDS/IPS ⁽¹⁾Zranitelnosti ⁽¹¹⁾

64bit

64 bits Linux Stack Based Buffer Overflow 64-bit calc.exe Stack Overflow Root Cause Analysis 64-bit Linux Stack Based Buffer Overflow 64-bit calc.exe Stack Overflow Root Cause Analysis

Cracking

Exploint

Whitepaper : Exploiting Transparent User Identification Metasploit -The Exploit Learning Tree nginx Exploit Documentation About a Generic Way to Exploit Linux Targets Post XSS Exploitation: Advanced Attacks and Remedies
Windows "Meterpreter"less Post Exploitation Novell GroupWise Untrusted Pointer Dereference Exploitation JDWP Arbitrary Java Code Execution Exploitation A Short Guide on ARM Exploitation Abusing, Exploiting and Pwning with Firefox Add-ons Windows Heap Overflow Exploitation Exploitation notes on CVE-2014-0160 TP-Link TD-W89 Config File Download / Exploiting the Host Radio-Frequency Identification Exploitation JDWP Arbitrary Java Code Execution Exploitation Exploiting CVE-2014-4113 on Windows 8.1 Exploit-Sources (Part One) Anatomy of Exploit - World of Shellcode Backdooring with netcat shellcode Zine: D-Link DSR Router Series - Remote Root Shell Reverse Engineering of x86 Linux Shellcodes the Easy Way Radio-Frequency Identification Exploitation Exploitation notes on CVE-2014-0160 Windows Heap Overflow Exploitation Heap Spraying - ActiveX Controls Under Attack SQL Injection in Insert, Update and Delete Statements Uploading PHP Shell Through SQL Injection TP-Link TD-W89 Config File Download / Exploiting the Host

Hacking

Hacking Trust Relationships Between SIP Gateways Developing MIPS Exploits to Hack Routers Hacking Blind Dynamic-Link Library Hijacking

Linux

Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial Linux Stack Based Buffer Overflows Understanding C Integer Boundaries (Overflows & Underflow) Linux Format String Exploitation Linux Integer Overflow and Underflow Linux Off By One Vulnerabilities

Mobil

Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis Mobile Application Hacking Diary Ep.1

NFC bezpečnost

Analyzing Near Field Communication (NFC) Security

Ochrany

Bypassing AvastSandBox Using Alternate Data Streaming Bypassing SSL Pinning on Android via Reverse Engineering

Operační paměť

Manipulating Memory for Fun & Profit

Ostatní

Adventures in Automotive Networks and Control Units CloudFlare vs Incapsula (WAF) : Round 2 (PDF) CloudFlare vs Incapsula vs ModSecurity Flash JIT – Spraying info leak gadgets From Write to root on AIX Fuzzing: An introduction to Sulley Framework GAME ENGINES: A 0-DAY’S TALE Methodology: Security plan for wireless networks Smashing the stack, an example from 2013 SQL Injection in Insert, Update and Delete Statements The Audit DSOs of the RTLD Uploading PHP Shell Through SQL Injection WordPress 3.6 - Crafted String URL Redirect Restriction Bypass Android KeyStore Stack Buffer Overﬂow Whatsapp Forensic/Stealer (Android) POC Paper Socket Learning NMAP - Port-Scanning: A Practical Approach Modified for better Asterisk Phreaking How-To Searching SHODAN For Fun And Profit Breaking the Sandbox Back To The Future: Unix Wildcards Gone Wild Deep Dive into ROP Payload Analysis Bypassing SSL Pinning on Android via Reverse Engineering Introduction to Android Malware Analysis CloudFlare vs Incapsula (WAF) : Round 2 (PDF) The Audit DSOs of the RTLD Whatsapp Forensic/Stealer (Android) PoC Paper HTML5 Security Cheat Sheet Methodology: Security plan for wireless networks

Penetrace

A Pentester's Guide to Hacking OData Metasploit -The Exploit Learning Tree

Počítačový útok

Chip and Skim: cloning EMV cards with the pre-play attack Story of a Client-Side Attack Heap Spraying - ActiveX Controls Under Attack Dynamic-Link Library Hijacking Smashing the stack, an example from 2013

Počítačové viry

Win32-Worm:VBS/Jenxcus.A Malware Report Win32-China Chopper CnC/Webshell Malware Report Win32-Rovnix Malware Report DFIRCON APT Malware Analysis DFIRCON APT Malware analýza - část 2 DFIRCON APT Malware analýza (anglická verze) Flow Control Obfuscations v malware Control Flow Obfuscations in Malwares Introduction to Android Malware Analysis Outsmarted - Why Malware Works in the Face of Antivirus Software DFIRCON APT Malware Analysis DFIRCON APT Malware Analysis - Part 2 Control Flow Obfuscations in Malwares

Programování

Return Oriented Programming (ROP FTW) Understanding C Integer Boundaries (Overflows & Underflow) Windows rcrypt PE EXE/DDL Packer Writeup

Reverzní inženýrství

Reversing & Malware Analysis Training Articles Reversing & Malware Analysis Training Presentations Reverse Engineering of x86 Linux Shellcodes the Easy Way Reversing Encrypted Callbacks and COM Interfaces Reversing Encrypted Callbacks and COM Interfaces

Systémy IDS/IPS

Manipulating Memory for Fun & Profit

Zranitelnosti

CVE-2012-5076 Technical Analysis Report CVE-2012-1535: Adobe Flash Player Integer Overflow Vulnerability Analysis CVE-2012-4969 Technical Analysis Report Checkpoint/SofaWare Firewall Vulnerability Research Atlassian Confluence 4.3.5 - Multiple Vulnerabilities Microsoft Windows Help Systems Vulnerabilities. Atlassian Confluence 4.3.5 - Multiple Vulnerabilities WordPress 3.6 - Crafted String URL Redirect Restriction Bypass Zine: D-Link DSR Series Router - Remote Root Shell WinRar 4.20 - File Extension Spoofing (0Day) Checkpoint/SofaWare Firewall Vulnerability Research Technical Information on Vulnerabilities of Hypercall Handlers Privilege Escalation via Client Management Software Ghost Vulnerability CVE-2015-0235 White Paper Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability) The Ultimate XSS Protection Cheat Sheet for Developers Microsoft Windows Help Systems Vulnerabilities. Fuzzing & Software Vulnerabilities Part 1 - Turkish Escaping VMware Workstation through COM1 WordPress 3.6 - Crafted String URL Redirect Restriction Bypass Windows rcrypt PE EXE/DDL Packer Writeup WinRar 4.20 - File Extension Spoofing (0Day) Privilege Escalation via Client Management Software - Part II