Papers and Reports

Papers HOME PAPERS(523) REPORTS(264) CONFERENCE(22) WHITEPAPERS(20) KNIHY(24) RFC popisy(9411) SLOVNÍČEK(9) Podpůrné materiály(16)

Date	Name
2022-02-17	OPENSSLDIR Privilege Escalation CVE-2021-2307 - Paper	Windows
2022-01-19	Abusing LAPS - Paper	Windows
2022-01-19	LightSpeed Cache Vulnerability - Paper	Multiple
16.3.21	Exploitation and Sanitization of Hidden Data in PDF Files	Multiple
12.3.21	Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript	Multiple
11.3.21	Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses	Multiple
11.3.21	Practical Keystroke Timing Attacks in Sandboxed JavaScript	Multiple
6.3.21	SPEAR PHISHING TARGETING ICS SUPPLY CHAIN – ANALYSIS	ICS
5.3.21	RANSOMWARE UNCOVERED 2020—2021	Ransomware
2.3.21	Embracing a Zero Trust Security Model	BigBrother
2.3.21	China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions	BigBrother
2.3.21	A Global Perspective of the SideWinder APT	APT
27.02.2021	Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem	Multiple
25.02.2021	Characterizing CNAME Cloaking-Based Tracking on the Web	Multiple
25.02.2021	Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks	Multiple
25.02.2021	LazyScripter: From Empire to double RAT	Multiple
24.02.2021	Attacks bypassing the signature validation in PDF	Multiple
24.02.2021	Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks	Multiple
24.02.2021	Shadow Attacks: Hiding and Replacing Content in Signed PDFs	Multiple
20.02.2021	The EMV Standard: Break, Fix, Verify	Multiple
20.02.2021	Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions∗	Multiple
18.02.2021	The Modern Hacker's Outreach - Paper	Multiple
17.02.2021	Encrypted Linux x86-64 Loadable Kernel Modules - Paper	Linux
16.02.2021	Firmware Analysis and Simulation - Paper	Multiple
16.02.2021	API Security Overview - Paper	Multiple
15.02.2021	Mobile App Security Overview - Paper	Multiple
14.02.2021	Exploit WordPress Plugin Vulnerabilities Using Static Source Code Analysis - Paper	PHP
13.02.2021	Secure Coding References - Paper	Multiple
12.02.2021	HeartBleed Attack - Paper	Multiple
11.02.2021	Object Prototype Pollution - Paper	Multiple
10.02.2021	Parallels Remote Application Server (RAS) 18 IP Disclosure - Paper	Windows
09.02.2021	A Hands-On Introduction to Insecure Deserialization - Paper	Python
08.02.2021	Understanding and Exploiting Zerologon - Paper	Windows
07.02.2021	Practical PHP Security - Paper	PHP
06.02.2021	Wireshark for Noobs - Paper	Multiple
05.02.2021	Ethical Hacking and Penetration Testing Guide - Paper (Turkish)	Multiple
04.02.2021	A hands-on approach to Linux Privilege Escalation - Paper	Linux
03.02.2021	Practical Insight Into Injections - Paper	Multiple
02.02.2021	Deep Insight into Social Engineering - Paper	Multiple
01.02.2021	Who is targeted by email-based phishing and malware?	Multiple
2021-12-16	DNS SPOOFING - Paper (spanish)	Multiple
2021-12-16	CurveBall Windows CryptoAPI Spoofing - Paper	Windows
2021-12-10	Polkit CVE-2021-3560 - Paper	Linux
2021-12-09	Mail Information Gathering AppScript - Paper	Multiple
2021-12-09	Microsoft MSHTML Remote Code Execution - Paper	Windows
2021-11-29	Apache HTTP Server 2.4.50 Path Traversal and Code Execution - Paper	Linux
2021-11-29	Polkit Authentication bypass Local Privesc - Paper	Linux
2021-11-22	Print Nightmare - Paper	Windows
2021-11-08	My neighbor's flat smells like data - Paper	Multiple
2021-10-26	Analyzing Java heap dumps - Paper	Java
2021-10-21	Brute-force Login and Bypass Account lockout on elabFTW 1.8.5 - Paper	Multiple
2021-09-30	Deserialization of Untrusted Data in jsoniter - Paper	Java
2021-09-24	OWASP TimeGap Theory Handbook - Paper	Multiple
2021-09-21	Securing Authentication and Authorization - Paper	Multiple
2021-09-01	HiveNightmare aka SeriousSAM - Paper	Windows
2021-08-25	Local administrator is not just with Razer.. it is possible for ALL - Paper	Windows
2021-08-16	Attacking optical character recognition system - Paper	Multiple
2021-08-16	PIP Vulnerability in Android 11 - Paper	Android
2021-08-05	Pass-the-Hash Attack Over Named Pipes Against ESET Server Security - Paper	Multiple
2021-07-30	Demystifying Nmap Scans on packet level - Paper	Multiple
2021-07-27	Exploiting PHP_SESSION_UPLOAD_PROGRESS - Paper	PHP
2021-06-28	Smart Contract Automated Testing Guidelines - Paper	Multiple
2021-06-25	JNLP Injection to Muli-OS Code Execution - Paper	Multiple
2021-06-16	Spoofing Downloaded Filename's Extension in Chromium - Paper	Windows
2021-06-15	XML External Entity via MP3 File Upload on WordPress - Paper	Linux
2021-06-14	Smuggling via Windows services display name - Paper	Windows
2021-06-09	How to: Find WordPress Plugin Vulnerabilities - Paper	Multiple
2021-06-07	Truth Of Cross Site Scripting (XSS) - Paper	Multiple
2021-06-07	Cracking pi-hole passwords - Paper	Linux
2021-06-04	ES File Explorer File Manager 4.1.9.7.4 - Paper	Android
2021-06-04	Heap-Based Buffer Overflow in Sudo (Baron Samedit) - Paper	Linux
2021-06-04	CMS Made Simple v2.2.13 - Paper	Linux
2021-06-03	Xampp File Overwrite - Paper	Windows
2021-06-01	Ubuntu OverlayFS Local Privesc - Paper	Linux
2021-05-19	ExifTool Djvu Code Execution - Paper	Multiple
2021-05-04	HTTP CORS Hacking - Paper	Multiple
2021-04-22	HTTP Host header attacks - Paper	Multiple
2021-04-21	WordPress Plugin Analysis - Paper	Multiple
2021-03-31	Exploitation XXE via File Uploads - Paper	Multiple
2021-03-30	GRAPHQL ATTACK - Paper	Multiple
2021-03-26	Exploiting XXE to SSRF - Paper	Multiple
2021-03-26	Apache Ghostcat CVE 2020-1938 - Paper	Multiple
2021-03-26	Hacking JWT tokens for fun and Profit - Paper	Multiple
2021-03-17	Sony Playstation 4 (PS4) 7.55 - 'Jailbreak' Kernel Loader 'SOCK_RAW' 'IP6_EXTHDR_CHECK'	Hardware
2021-03-17	Breaking the Business Logic - Paper	Multiple
2021-03-03	Chrome Browser FileReader (UAF) - Paper	Windows
2021-03-03	SMBGhost (SMBv3 Vulnerability) - Paper	Windows
2021-02-19	Persistent XSS on NEO LMS and MATRIX LMS - Paper	Multiple
2021-01-13	Practical Insight Into Injections - Paper	Multiple
2021-01-13	Deep Insight into Social Engineering - Paper	Multiple
2021-01-12	A hands-on approach to Linux Privilege Escalation - Paper	Linux
2021-01-11	Wireshark for Noobs - Paper	Multiple
2021-01-08	Practical PHP Security - Paper	PHP
2021-01-06	Understanding and Exploiting Zerologon - Paper	Windows
2021-01-04	A Hands-On Introduction to Insecure Deserialization - Paper	Python
2021-01-04	Parallels Remote Application Server (RAS) 18 IP Disclosure - Paper	Windows
2020-10-17	Overlapping IP Fragments - Paper	Multiple
2020-10-17	Spraying owa & Abusing MSSQL - Paper	Windows
2020-10-17	iOS Swift Anti-Jailbreak Bypass with Frida - Paper	iOS
2020-10-17	Nos-Santos-Izquierdo Field - Paper	Multiple
2020-10-17	Abusing COM & DCOM objects - Paper	Multiple
2020-10-17	SMB Enumeration&Exploitation&Hardening - Paper	Multiple
2020-10-17	Bypass Certificate Pinning in modern Android application via custom Root CA - Paper	Multiple
2020-09-17	UEFI Secure Boot Customization	Boot
2020-09-16	Zerologon: Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)	Vulnerebility
2020-09-13	CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack	Attack
2020-09-10	Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)	Attack
2020-08-28	The EMV Standard: Break, Fix, Verify	Attack
2020-07-27	CVE 2020-6418 - Paper	Multiple
2020-07-26	I Got My EyeOn You - Security Vulnerabilities in D-Link's Baby Monitor - Paper	Hardware
2020-07-26	Assembly “wrapping”: a technique for anti-disassembly - Paper	Multiple
2020-07-14	I Got My EyeOn You_Security Vulnerabilities in D-Link Baby Monitor - Paper	Hardware
2020-07-14	APK Testing Report - Paper	Android
2020-07-06	Assembly wrapping: anti-disassembly technique - Paper	Multiple
2020-07-02	WhatsApp Remote Code Execution - Paper	Android
2020-06-27	Sony Playstation 2 (PS2): FreeDVDBoot - Hacking the PlayStation 2 through its DVD player	Hardware
2020-06-25	Exploit Command Injection Router via reverse firmware technique - Paper	Hardware
2020-06-18	Writing an Quick Packet Sniffer with Python & Scapy - Paper	Multiple
2020-06-16	English paper Abusing Windows Data Protection API	Windows
2020-06-15	Detect SQL Injection WordPress Plugin using regex	PHP
2020-06-15	Reverse Engineering Android Application - Paper	Android
2020-06-09	Exploiting Unrestricted File Upload via Plugin Uploader in WordPress - Paper	PHP
2020-06-09	Firmware Analysis	Hardware
2020-06-04	Sniffing VoIP calls using Raspberry pi - Paper	Multiple
2020-05-21	OAuth 2.0 Implementation and Security - Paper	Multiple
2020-05-21	Hunting Red Team Activities with Forensic Artifacts - Paper	Multiple
2020-05-12	Command Execution Using Silver Tickets - Paper	Windows
2020-05-01	Bypassing Root Detection Mechanism - Paper [Persian]	Android
2020-05-01	@luigi_auriemma: Security Vulnerabilities In Multiplayer Games From 2001 to 2012	Multiple
2020-04-15	Exploiting CAN-Bus using Instrument Cluster Simulator - Paper	Hardware
30.7.20	BootHole	Vulnerebility
5.7.20	DABANGG: Time for Fearless Flush based Cache Attacks	CPU
27.5.20	The “Silent Night” Zloader/Zb	Malware
22.5.2020	NXNSAttack: Recursive DNS Inefficiencies and Vulnerability	Attack
2020-05-20	BIAS attack	Vulnerebility
2020-05-14	Attacks on Smart Manufacturing Systems	ICS
2020-04-10	Azure Cloud Penetration Testing - Paper	Windows
2020-04-06	Active Directory DCSync - Paper	Windows
2020-04-03	From Zero Credentials to Full Domain Compromise - Paper	Windows
2020-03-30	Pentesting Zen Load Balancer - Paper	Multiple
2020-03-25	Solving Computer Forensic Case using Autopsy - Paper	Multiple
2020-03-18	Manually Exploiting Intel AMT Vulnerability CVE 2017-5689 [Paper]	Hardware
2020-03-09	Windows Account Penetration Testing - [Persian]	Windows
2020-03-06	Skippipe _ Skipping the watermark in digital content - Paper	Multiple
2020-03-05	Fuzzing VIM with AFL++ - Paper	Linux
2020-03-04	BlueTeam vs RedTeam: How to run encrypted elf binary in memory and go undetected	Linux
2020-03-02	Research on DevSecOps Approach - Paper	Multiple
2020-03-02	Deciphering the SWIFT DRIDEX relationship in Bank - Paper	Multiple
2020-02-24	The ShellShock Attack [Paper]	Linux
2020-02-24	Network Protocol Cheatsheet [Paper]	Multiple
2020-02-24	SCADA Modbus Vulns - [Turkish]	Hardware
2020-02-24	Java Deserialization - [Paper]	Java
2020-02-21	WordPress Security [Turkish]	PHP
2020-02-20	Penetration Testing Labs (Turkish)	Multiple
2020-02-20	Paper work on MQTT and CoAP Protocols	Multiple
2020-02-20	Android Pentest Tutorial Step by Step [Persian]	Android
2020-02-19	Paper on MQTT Protocol	Hardware
2020-02-19	Nmap Scanning - Getting started in windows OS	Windows
2020-02-17	Whitepaper about Pegasus attack on WhatsApp	Multiple
2020-02-17	[Whitepaper] WAF bypass via Bluecoat security appliance	Multiple
2020-02-17	[Paper] Windows Forensics	Windows
9.3.20	Take A Way: Exploring the Security Implications of AMD’s Cache Way Predicto	CPU
3.3.20	SurfingAttack	Attack
26.2.20	Kr00k Vulnerebility	Wifi
25.2.20	IMP4GT: IMPersonation Attacks in 4G NeTwork	4G
2020-02-14	HTTP_DoS_DDoS Usage_Guide Article (Turkish)	Multiple
2020-02-13	Packet Sniffer to Sniff Secret Credentials Only	Multiple
2020-02-10	Apache2 Web Server Hardening Article (Turkish)	Multiple
2020-01-30	Hunting Windows Process Injection by API Calls	Windows
2019-12-18	Don't break the door the key is under the doormat	Windows
2019-12-02	Xinet Elegant 6 Asset Library Web Interface 6.1.655 - 'username' SQL Injection	PHP
2019-11-19	Injecting .NET Ransomware into Unmanaged Process	Windows
2019-11-17	[Spanish] HackBack - A DIY guide to rob banks	eZine
2019-11-17	HackBack - A DIY guide to rob banks	eZine
2019-11-13	YAML Deserialization Attack in Python	Python
2019-11-12	I Own Your Building (Management System)	Hardware
2019-11-04	Covert Channel and Data Hiding in TCP/IP	Linux
2019-10-12	Sony Playstation 2 (PS2): Hacking the PS2 with Yabasic	Hardware
2019-10-04	Exploit Wars II - The server strikes back	Multiple
2019-10-03	Secure coding to prevent some common high/critical level vulnerabilities in dotnet API	Multiple
2019-09-17	Call your key to phone all	Hardware
2019-09-10	Jenkins Groovy Scripts Ror Red Teamers and Penetration Testers	Multiple
2019-09-09	Optimization Method For The Exploitation Times of Blind SQL Injections	Multiple
2019-09-08	BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)	Windows
2019-09-06	Deep Dive into .NET Malwares	Multiple
2019-08-29	Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU	Windows
2019-08-28	Sony PlayStation Vita (PS Vita) - How to find savedata exploits	Hardware
2019-08-23	PHP Web Backdoor Decode	Multiple
2019-08-09	prismview.txt - billboard software	eZine
2019-08-06	Low-level Reversing of BLUEKEEP vulnerability (CVE-2019-0708)	Windows_x86
2019-07-23	BlueKeep - Technical Analysis (Potential Path For Exploitation)	Windows
2019-07-10	Bypassing Web Application Firewalls with HTTP Parameter Pollution	Multiple
2019-07-04	Apache Camel Exploitation	Multiple
2019-06-25	Buffer Overflows, C Programming, NSA GHIDRA and More	Multiple
2019-06-21	Threat Hunting - Hunter or Hunted	Multiple
2019-06-21	Sony PlayStation Vita (PS Vita) - Trinity: PSP Emulator Escape	Hardware
2019-06-14	Active Directory Enumeration with PowerShell	Multiple
2019-06-12	LDAP Swiss Army Knife	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #100	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #101	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #102	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #103	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #104	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #105	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #106	Multiple
2019-06-03	[Hebrew] Digital Whisper Security Magazine #107	Multiple
2019-05-31	Analysis of CVE-2019-0708 (BlueKeep)	Windows
2019-05-30	A Debugging Primer with CVE-2019-0708	Windows
2019-05-23	Web Application Firewall Bypass Methods	Multiple
2019-05-23	Penetration Testing Steps And Tools	Multiple
2019-04-30	[Turkish] Tunelleme Teknikleri ile Firewall Atlatmak	Multiple
2019-03-26	JMX RMI – Multiple Applications Remote Code Execution	Multiple
2019-03-23	The ShellCORE - Linux Shellcode Development	Linux_x86
2019-03-08	Flexpaper <= 2.3.6 Remote Code Execution Whitepaper	PHP
2019-03-05	File transfer skills in the red team post penetration test	Multiple
2019-02-28	Crypto Wallet Local Storage Attack	Multiple
2019-02-22	Protecting Windows Privilege Accounts	Windows
2019-02-22	WordPress 5.0 - Remote Code Execution	PHP
2019-02-19	The Ultimate Guide For Subdomain Takeover with Practical	Multiple
2019-02-01	Remote Code Execution with EL Injection Vulnerabilities	Multiple
2019-01-15	Windows Debugging 101	Multiple
2019-01-14	Windows Privilege Escalations	Windows
2019-01-14	[Portuguese] Reverse Engineering 101 using Radare2	Multiple
2019-01-11	Sony PlayStation Vita - The First F00D Exploit	Hardware
2018-12-24	How To Exploit PHP Remotely To Bypass Filters & WAF Rules	Multiple
2018-12-23	MD5 collision of these 2 images is now(*) trivial and instant	Multiple
2018-12-20	An Internal Pentest Audit Against Active Directory	Windows
2018-12-14	Pure In-Memory (Shell)Code Injection In Linux Userland	Linux
2018-12-12	From blind XXE to root-level file read access	Multiple
2018-12-11	PHP Source Code Analysis	Multiple
2018-12-09	Searching systematically for PHP disable_functions bypasses	PHP
2018-11-26	CORS Attacks	XML
2018-11-14	The Powerful Resource of PHP Stream Wrappers	PHP
2018-11-02	Flying under the radar	Multiple
2018-10-30	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam Donenfeld)	Multiple
2018-10-15	[Hebrew] Digital Whisper Security Magazine #98	Multiple
2018-10-15	[Hebrew] Digital Whisper Security Magazine #99	Multiple
2018-10-09	LOKIDN: a new vector for Homograph Attacks	Hardware
2018-10-09	Client Side Injection on Web Applications	Linux
2018-10-09	[Persian] Exploiting Wordpress Security	PHP
2018-10-08	Detecting Behavioral Personas with OSINT and Datasploit	Linux
2018-10-08	Hypervisor From Scratch - Part 3: Setting up Our First Virtual Machine	Windows
2018-10-08	Hypervisor From Scratch - Part 4: Address Translation Using Extended Page Table (EPT)	Windows
2018-10-08	WordPress Penetration Testing using WPScan and MetaSploit	Linux
2018-10-02	CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 1/4)	Linux
2018-10-02	CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 2/4)	Linux
2018-10-02	CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 3/4)	Linux
2018-10-02	CVE-2017-11176: A step-by-step Linux Kernel exploitation (part 4/4)	Linux
2018-09-28	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	Magazine
2018-09-18	Bulk SQL Injection using Burp-to-SQLMap	Windows
2018-09-18	[Persian] Android Application Penetration Testing	Android
2018-09-11	Microsoft .NET Framework EoP-MS15-118	Windows
2018-09-11	XML External Entity Injection - Explanation and Exploitation	XML
2018-09-11	Sony PlayStation Vita 3.65 / 3.67 / 3.68 - 'h-encore' kernel and user modifications	Hardware
2018-09-10	Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale	Multiple
2018-09-06	Open Source Intelligence Gathering 201	Multiple
2018-09-05	Obtaining Command Execution through the NetworkManager Daemon	Linux
2018-09-03	Hypervisor From Scratch - Part 2: Entering VMX Operation	Multiple
2018-08-31	How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)	Windows
2018-08-30	Out of Band Exploitation (OOB) CheatSheet	Multiple
2018-08-21	Hypervisor From Scratch - Part 1: Basic Concepts & Configure Testing Environment	Multiple
2018-08-19	Finding The Real Origin IPs Hiding Behind CloudFlare or TOR	Multiple
2018-08-05	Web Application Firewall (WAF) Evasion Techniques #3 (CloudFlare and ModSecurity OWASP CRS3)	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #92	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #93	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #94	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #95	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #96	Multiple
2018-08-01	[Hebrew] Digital Whisper Security Magazine #97	Multiple
2018-07-23	File Upload Restrictions Bypass	Multiple
2018-07-23	Protecting apps against Jailbreaking and Rooting	Multiple
2018-07-18	VLAN Hopping Attack	Multiple
2018-07-18	Abusing Kerberos - Kerberoasting	Multiple
2018-07-16	Exploiting the Obvious - Bluetooth Trust Relationships	Multiple
2018-07-14	Sony Playstation 4 (PS4) 5.05 - BPF Double Free Kernel Exploit Writeup	Hardware
2018-06-29	Symbolic deobfuscation: from virtualized code back to the original	Multiple
2018-06-27	UAC Bypass & Research with UAC-A-Mola	Multiple
2018-06-26	Discovering and Plotting Hidden Networks created with USB Devices	Multiple
2018-06-25	Security of Modern Bluetooth Keyboards	Multiple
2018-06-25	PoC \|\| GTFO 0x18	Multiple
2018-06-18	Database Security Threats and Injection Technique	Multiple
2018-06-12	Lateral Movement Using WinRM	Multiple
2018-06-12	Buffer Overflow For Windows - EggHunter	Multiple
2018-06-11	Reverse Engineering - Simple Patching	Multiple
2018-06-05	Basic Malware Analysis	Multiple
2018-05-31	Android Application Pentest With Drozer	Multiple
2018-05-31	SEH Buffer Overflow - Basic Exploitation Tutorial	Multiple
2018-05-25	Deserialization Vulnerability	Multiple
2018-05-23	Introduction To Wireless Network Penetration Testing	Multiple
2018-05-21	Code review steps and methodologies	Multiple
2018-05-09	[Vietnamese] Web Forensics	Multiple
2018-05-06	Linux Restricted Shell Bypass Guide	Multiple
2018-04-30	Windows Kernel Exploitation Tutorial Part 8: Use After Free	Windows
2018-04-24	Building a Proxy Fuzzer for MQTT with Polymorph Framework	Linux
2018-04-24	Nintendo Switch/Nvidia: Vulnerability Disclosure: Fusée Gelée	Hardware
2018-04-16	Polymorph: A Real-Time Network Packet Manipulation Framework	Multiple
2018-03-29	Sony Playstation 4 (PS4) - PS4 4.55 BPF Race Condition Kernel Exploit Writeup	FreeBSD
2018-03-26	Error based SQL Injection in "Order By" clause (MSSQL)	Windows
2018-03-23	DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques	Windows
2018-03-21	Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable	Windows
2018-03-20	Web Application Security Testing	Multiple
2018-03-16	Analyze & Attack SSH Protocol	Multiple
2018-03-05	VPN Hack - TorGuard	eZine
2018-03-05	VPN Hack - NordVPN	eZine
2018-03-05	VPN Hack - VikingVPN	eZine
2018-03-02	Sony Playstation 4 (PS4) - WebKit 'setAttributeNodeNS' User After Free Write-up	Hardware
2018-02-27	AngularJS Template Injection	Multiple
2018-02-25	Parasiting web server process with webshells in permissive environments	Linux
2018-02-19	Mobile Application Hacking Diary Ep.2	Multiple
2018-02-16	MySQL UDF Exploitation	Multiple
2018-02-14	The Easiest Metasploit Guide You’ll Ever Read	Linux
2018-02-12	TCP Starvation	Multiple
2018-02-11	Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains]	Windows
2018-02-02	[Hebrew] Digital Whisper Security Magazine #91	Multiple
2018-02-01	Jailbreaking iOS 11.1.2: An adventure into the XNU kernel	iOS
2018-01-30	Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable	Windows
2018-01-28	ARM Exploitation for IoT	Multiple
2018-01-24	HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation	Multiple
2018-01-24	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 7: Arbitrary Overwrite (Windows 7 x86)	Windows
2018-01-23	Hardcore SAP Penetration Testing	Multiple
2018-01-21	Metasploit Pivoting	Multiple
2018-01-16	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 6: NULL pointer dereference	Windows
2018-01-12	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 5: Integer Overflow	Windows
2018-01-12	Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference	Windows
2018-01-11	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio 's4tan' Parata)	Multiple
2018-01-10	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 4: Stack Buffer Overflow (SMEP Bypass)	Windows
2018-01-03	Meltdown - Bypass Intel's Hardware Barrier Between Applications And The Computer's Core Memory	Multiple
2018-01-03	Spectre - Trick Error-Free Applications Into Giving Up Secret Information	Multiple
2018-01-03	Web Application Firewall (WAF) Evasion Techniques #2 (Sucuri and ModSecurity)	Multiple
2018-01-02	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 3: Stack Buffer Overflow (Windows 7 x86/x64)	Windows
2018-01-02	[Hebrew] Digital Whisper Security Magazine #90	Multiple
2018-01-01	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 1: Setting up the environment	Windows
2018-01-01	(HackSys Extreme Vulnerable Driver) [Kernel Exploitation] 2: Payloads	Windows
2017-12-27	Sony Playstation 4 (PS4) - 'NamedObj' 4.05 Kernel Exploit Writeup	Hardware
2017-12-25	PoC \|\| GTFO 0x17	Multiple
2017-12-22	Fortinet FortiClient - Local Privilege Escalation	Windows
2017-12-07	Web Application Firewall (WAF) Evasion Techniques	Multiple
2017-12-01	[Hebrew] Digital Whisper Security Magazine #89	Multiple
2017-11-28	Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui -> Pool Overflow	Windows
2017-11-19	Reversing and Exploiting IoT devices	Multiple
2017-11-18	[Hebrew] Digital Whisper Security Magazine #88	Multiple
2017-11-07	PoC \|\| GTFO 0x16	Magazine
2017-11-06	Zero Day Zen Garden: Windows Exploit Development - Part 4 [Overwriting SEH with Buffer Overflows]	Windows
2017-10-20	Sony Playstation 4 (PS4) - 'NamedObj' 4.05 Kernel Exploit Overview	Hardware
2017-10-18	[Persian] Hacksys Extreme Vulnerable Windows Driver analysis Part 1	Multiple
2017-09-30	[Hebrew] Digital Whisper Security Magazine #87	Multiple
2017-09-29	Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where)	Windows
2017-09-20	Kernel Driver mmap Handler Exploitation	Multiple
2017-09-19	[Turkish] Windows and Linux Privilege Escalation	Multiple
2017-09-13	[Hebrew] Digital Whisper Security Magazine #86	Multiple
2017-09-07	HiSilicon DVR hack	Hardware
2017-09-04	Code Injection - HTML Injection	Multiple
2017-09-02	Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]	Windows
2017-08-30	Command Injection - Shell Injection	Multiple
2017-08-28	Abusing Token Privileges For LPE	Windows
2017-08-28	[Turkish] Offensive and Defensive PowerShell	Multiple
2017-08-26	Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]	Windows
2017-08-19	Zero Day Zen Garden: Windows Exploit Development - Part 1 [Stack Buffer Overflow Intro]	Windows
2017-08-11	Zero Day Zen Garden: Windows Exploit Development - Part 0 [Dev Setup & Advice]	Windows
2017-08-07	DirtyTooth: Extracting VCARD data from Bluetooth iOS profiles	Multiple
2017-08-01	Windows Kernel Exploitation Tutorial Part 2: Stack Overflow	Windows
2017-08-01	[Hebrew] Digital Whisper Security Magazine #85	Multiple
2017-08-01	[Hebrew] Digital Whisper Security Magazine #84	Multiple
2017-07-16	How to exploit ETERNALROMANCE/SYNERGY on Windows Server 2016	Multiple
2017-07-12	Hidden Network: Detecting Hidden Networks created with USB Devices	Multiple
2017-07-03	[French] SYN FLOOD ATTACK for IP CISCO Phone	Hardware
2017-06-29	How to Exploit ETERNALBLUE on Windows Server 2012 R2	Windows
2017-06-29	[Spanish] How to Exploit ETERNALBLUE on Windows Server 2012 R2	Windows
2017-06-28	[Persian] Xpath Injection	XML
2017-06-26	How to Write Fully Undetectable Malware - English Translation	Multiple
2017-06-22	(HackSys Extreme Vulnerable Windows Driver) Starting with Windows Kernel Exploitation - part 3 - stealing the Access Token	Windows
2017-06-21	[Turkish] Blind SQL Injection Attacks	Multiple
2017-06-19	Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment	Windows
2017-06-19	[Italian] How to write Fully Undetectable malware	Multiple
2017-06-15	[Arabic] Web Application Penetration Testing Techniques	Multiple
2017-06-13	[Turkish] Exploit Shellcode Development	Windows
2017-06-05	(HackSys Extreme Vulnerable Windows Driver) Starting with Windows Kernel Exploitation - part 2 - getting familiar with HackSys Extreme Vulnerable Driver	Windows
2017-06-02	Of Mice and Keyboards - On the Security of Modern Wireless Desktop Sets	Multiple
2017-06-01	PoC \|\| GTFO 0x15	Magazine
2017-05-31	[Hebrew] Digital Whisper Security Magazine #82	Multiple
2017-05-31	[Hebrew] Digital Whisper Security Magazine #83	Multiple
2017-05-29	[Turkish] Mobile Penetration Testing	Multiple
2017-05-28	(HackSys Extreme Vulnerable Windows Driver) Starting with Windows Kernel Exploitation - part 1 - setting up the lab	Windows
2017-05-25	Introduction to Manual Backdooring	Multiple
2017-05-17	Stealing Windows Credentials Using Google Chrome	Windows
2017-05-03	BluedIoT: When a mature and immature technology mixes, becomes an 'idiot' situation	Hardware
2017-04-28	Phrack: VM escape - QEMU Case Study (Mehdi Talbi & Paul Fariello)	Magazine
2017-04-26	Local File Disclosure using SQL Injection	Multiple
2017-04-25	nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect	Windows
2017-04-24	Flexispy	Multiple
2017-04-19	How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008	Windows
2017-04-19	[Spanish] How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008	Windows
2017-04-14	[Turkish] Web Services Penetration Testing	Multiple
2017-04-11	Open Source Intelligence Gathering 101	Multiple
2017-04-09	From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case)	Multiple
2017-04-05	Sony Playstation 4 (PS4) - 4.0x WebKit Exploit Writeup (Breaking down qwertyoruiopz's 4.0x userland exploit)	Hardware
2017-03-23	A Red Teamer’s guide to pivoting	Multiple
2017-03-21	PoC \|\| GTFO 0x14	Magazine
2017-03-20	Art of Anti Detection - Shellcode Alchemy	Multiple
2017-03-16	Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections	Multiple
2017-02-27	RSA Asymmetric Polymorphic Shellcode	Multiple
2017-02-24	From APK to Golden Ticket	Android
2017-02-19	Injecting SQLite Database Based Applications	Multiple
2017-02-09	Exploiting Node.js deserialization bug for Remote Code Execution	Multiple
2017-02-07	MySQL Out-of-Band Hacking	Multiple
2017-02-07	Alternative for Information_Schema.Tables in MySQL	Multiple
2017-02-07	MySQL Injection in Update, Insert, and Delete	Multiple
2017-01-25	Phrack: Cyber Grand Shellphish (Team Shellphish)	Magazine
2017-01-19	Art of Anti Detection - PE Backdoor Manufacturing	Multiple
2017-01-11	OpenSSL - Weak KDF	Multiple
2017-01-09	Sony Playstation 4 (PS4) - Hacking the PS4, part 1 - Introduction to PS4's security, and userland ROP	Hardware
2017-01-09	Sony Playstation 4 (PS4) - Analysis of sys_dynlib_prepare_dlclose PS4 kernel heap overflow	Hardware
2017-01-06	Web App Penetration Testing - Local File Inclusion (LFI)	PHP
2017-01-01	[Hebrew] Digital Whisper Security Magazine #79	Multiple
2016-12-11	Art of Anti Detection - Introduction To AV & Detection Techniques	Multiple
2016-12-10	Pozzo & Lucky, The phantom Shell. Stego in TCP/IP (part-2)	Multiple
2016-12-08	Teaching an Old Dog (not that new) Tricks. Stego in TCP/IP made easy (part-1)	Multiple
2016-12-01	[Hebrew] Digital Whisper Security Magazine #78	Multiple
2016-11-24	I Know Where Your Page Lives - De-randomizing the latest Windows 10 Kernel	Windows
2016-11-21	Tetris Heap Spraying: Spraying the Heap on a Budget	Windows
2016-11-13	[Hebrew] Digital Whisper Security Magazine #77	Multiple
2016-10-27	Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622 (saelo)	Magazine
2016-10-27	Rootkit analysis - Use case on HideDRV	Windows
2016-10-18	[Turkish] Detailed Cross-Site Scripting Paper	Multiple
2016-10-18	PoC \|\| GTFO 0x13	Magazine
2016-10-17	[Turkish] Web Security Vulnerabilities - Web Güvenlik Açıkları	Multiple
2016-10-17	Tuleap 8.18 - SQL Injection & Cross-Site Scripting Vulnerability Analysis	PHP
2016-10-03	[Hebrew] Digital Whisper Security Magazine #76	Multiple
2016-10-03	[Turkish] Wireshark - Important Tips	Multiple
2016-09-27	Deactivating Endpoint Protection Software in an Unauthorized Manner (Revisited)	Windows
2016-09-26	[Turkish] Web Application Security and Secure Coding 101	Multiple
2016-09-22	[Turkish] Network Penetration Testing 101	Multiple
2016-09-15	A Day In The Life Of A Pentester: How I Owned Your Domain In 4 Hours	Multiple
2016-09-01	[Hebrew] Digital Whisper Security Magazine #75	Multiple
2016-08-30	Sony PlayStation Vita - Vita sceNetIoctl use-after-free (Kernel)	Hardware
2016-08-29	[Persian] Android Security and Forensic Science	Android
2016-08-27	Sony PlayStation Vita - On HENkaku offline installer	Hardware
2016-08-22	Hunting HTML 5 postMessage Vulnerabilities	Multiple
2016-08-18	Sony PlayStation Vita - Exploiting WebKit on Vita 3.60 (WebKit)	Hardware
2016-08-16	[Turkish] Drupal Coder Vulnerability Analysis & MSF Module Dev	PHP
2016-08-01	[Hebrew] Digital Whisper Security Magazine #74	Multiple
2016-07-30	Sony Playstation 4 (PS4) - Hacking the PS4, part 3 - Kernel exploitation	Hardware
2016-07-25	Cryptshare 3.10.1.2 - Stored XSS	Linux
2016-07-22	Novel contributions to the field - How I broke MySQL's codebase	Multiple
2016-07-19	Exploiting Apache James Server 2.3.2	Java
2016-07-11	Sony Playstation 4 (PS4) - Hacking the PS4, part 2 - Userland code execution	Hardware
2016-06-22	[Hebrew] Digital Whisper Security Magazine #71	Multiple
2016-06-22	[Hebrew] Digital Whisper Security Magazine #72	Multiple
2016-06-22	[Hebrew] Digital Whisper Security Magazine #73	Multiple
2016-06-18	PoC \|\| GTFO 0x12	Magazine
2016-05-09	[Persian] Ollydbg Tutorial v 1.10	Windows
2016-05-06	Phrack #69	Magazine
2016-04-25	[Turkish] Privilege Escalation Vectors On Windows Systems	Windows
2016-04-21	Phorum 5.2.20 - Multiple Vulnerabilities	PHP
2016-04-17	HackBack - A DIY Guide	eZine
2016-04-15	[Spanish] HackBack - A DIY Guide	eZine
2016-04-13	Avactis PHP Shopping Cart - Multiple Vulnerabilities	PHP
2016-04-12	[Persian] XML Injection	XML
2016-04-05	A New CVE-2015-0057 Exploit Technology	Windows
2016-04-05	Windows Kernel Exploitation 101: Exploiting CVE-2014-4113	Windows
2016-04-04	Exploiting Buffer Overflows on MIPS Architecture	Multiple
2016-03-17	PoC \|\| GTFO 0x11	Magazine
2016-03-11	FUCK THEM ALL (FTA) - Staminus Communications	eZine
2016-03-07	Metaphor - A (real) real-life Stagefright exploit	Android
2016-03-01	[Hebrew] Digital Whisper Security Magazine #70	Multiple
2016-02-11	NDI5aster - Privilege Escalation through NDIS 5.x Filter Intermediate Drivers	Windows
2016-02-10	The Most Forgotten Web Vulnerabilities	Multiple
2016-02-01	[Hebrew] Digital Whisper Security Magazine #69	Multiple
2016-01-21	[Spanish] Windows Heap Overflow Exploitation - Exploiting a Custom Heap Under Windows 7	Windows
2016-01-19	[Spanish] Bypass a lista blanca de McAfee Appication Control	Windows
2016-01-16	PoC \|\| GTFO 0x10	Magazine
2016-01-15	Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778	Multiple
2016-01-12	Bypassing McAfee’s Application Whitelisting for Critical Infrastructure Systems	Windows
2015-12-29	[Turkish] Back To BackDoor	Multiple
2015-12-21	[Portuguese] Introdução a exploração de Structured Excpetion Handlers	Windows
2015-12-14	[Persian] Windows Hacking And Security Only in Physical Access	Windows
2015-12-14	[Persian] Exposing the WiFi Password Using C and PowerShell	Windows
2015-12-14	[Persian] Bypass PowerShell Execution Policy	Windows
2015-12-10	[Persian] Advanced NTFS Alternate Data Stream in Windows 8 and 10	Windows
2015-12-10	[Persian] Image File Execution	Windows
2015-12-08	[Turkish] Beurk Rootkit Password Cracking and Injection (Gizliligin Anatomisi)	Linux
2015-12-08	[Persian] Change Powershell Command Line Job	Windows
2015-12-01	[Hebrew] Digital Whisper Security Magazine #67	Multiple
2015-12-01	[Hebrew] Digital Whisper Security Magazine #66	Multiple
2015-11-17	[Portuguese] Ataques Avancados contra CPL (Control Panel Applets)	Windows
2015-11-06	Win32_bind Shellcode Review	Windows_x86
2015-10-25	[Portuguese] Using Printer Layout as a Vector for Malicious Code Insertion	Hardware
2015-10-15	Writing Cisco IOS Rootkits	Hardware
2015-10-15	New Methods in Automated XSS Detection	Multiple
2015-10-05	[Persian] How Yalu Works	iOS
2015-10-02	[Hebrew] Digital Whisper Security Magazine #65	Multiple
2015-09-23	Content-Based Blind Injection Using By Double Substring	Multiple
2015-09-22	[Persian] Jailbreak Payloads From Star to TaiG	Hardware
2015-09-15	Microsoft .NET MVC - ReDoS (Denial of Service) Vulnerability (MS15-101)	Windows
2015-09-15	Abusing Windows Opener To Bypass CSRF Protection	Multiple
2015-09-14	PoC \|\| GTFO 0x09	Magazine
2015-09-09	Evading All Web-Application Firewalls XSS Filters	Multiple
2015-09-08	Shoot zend_executor_globals to bypass php disable_functions	Multiple
2015-09-06	Compromising ISP Issued 802.11 Wireless Cable Modem Networks for Profit	Linux
2015-09-06	[Hebrew] Digital Whisper Security Magazine #63	Multiple
2015-09-06	[Hebrew] Digital Whisper Security Magazine #64	Multiple
2015-09-02	[Persian] Cracking WPA/WPA2 with Rainbow Table	Linux
2015-09-02	[Persian] Pyrit Cluster with Kali Linux	Linux
2015-08-31	How to HeapSpray and Exploit Memory Corruption in IIS6	Windows
2015-08-24	MySQL Error Based SQL Injection Using EXP	Multiple
2015-08-07	BIGINT Overflow Error Based SQL Injection	Multiple
2015-07-14	Shared Object (.so) Injection on *nix Systems	Linux
2015-07-02	[Hebrew] Digital Whisper Security Magazine #62	Multiple
2015-06-20	PoC \|\| GTFO 0x08	Magazine
2015-06-12	Privilege Escalation via Client Management Software - Part II	Windows
2015-06-12	Escaping VMware Workstation through COM1	Windows
2015-05-01	[Hebrew] Digital Whisper Security Magazine #61	Multiple
2015-04-30	Privilege Escalation via Client Management Software	Windows
2015-04-21	Developing MIPS Exploits to Hack Routers	Hardware
2015-04-03	[Hebrew] Digital Whisper Security Magazine #60	Multiple
2015-03-19	PoC \|\| GTFO 0x07	Magazine
2015-03-09	[Hebrew] Digital Whisper Security Magazine #59	Multiple
2015-03-04	[Turkish] Penetration and Security Testing on Microsoft SQL Server	Windows
2015-02-13	[Hebrew] Digital Whisper Security Magazine #58	Multiple
2015-02-09	Exploit-Sources (Part One)	Multiple
2015-01-30	Ghost Vulnerability CVE-2015-0235 White Paper	Linux
2015-01-29	Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability)	Windows
2015-01-01	[Hebrew] Digital Whisper Security Magazine #57	Multiple