Exploitation

Contributed by Karmendra Kohli and restored from the old Infosecwriters.com archive.

The browser’s back and refresh features can be used to steal passwords from insecurely written applications. This paper discusses the problem and the solution. We will show how a bad guy can access the user credentials of the previously logged in user by exploiting this feature, if the web application has not been developed securely.

This document is in PDF format. To view it click here.

Contributed by Mathy Vanhoef and Frank Piessens

We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases in the RC4 keystream we use statistical hypothesis tests. This reveals many new biases in the initial keystream bytes, as well as several new longterm biases. Our fixed-plaintext recovery algorithms are capable of using multiple types of biases, and return a list of plaintext candidates in decreasing likelihood.

Contributed by the anonymous hackers who exposed the HackingTeam

Here is a collection of papers created by the HackingTeam regarding Remote Control System. Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.

RCS installations are deployed at the Customer’s premises, thus guaranteeing to the Customer total control on its operations and security.

This document is in PDF format. To view it click here.

Contributed by the anonymous group who hacked the hackingteam

I came across this presentation created by the HackingTeam that was publically released on July 6, 2015. It contains the documented thought process of how they were going to attempt to break in to TOR. Experts place the date of this attempt around the beginning of 2015. Enjoy and learn!

This document is in PDF format. To view it click here.

Contributed by Dean De Beer and extracted from the old Infosecwriters archives, but still relevant today.

Having had numerous people recently ask me about the various uses for Netcat I decided to put together a document showing a few handy uses for good ol' Netcat. Netcat has been described as telnet on steroids or a Swiss army knife, both excellent descriptions for this versatile little tool.

Originally written by Hobbit for Linux, Weld Pond later ported it to Windows. In essence it is a tool that reads and writes data across a network connection, using the TCP or UDP Protocol. For the orginal, detailed technical description of Netcat visit: http://www.vulnwatch.org/netcat/

This document is in PDF format. To view it click here.