-
Offensive Security authored
2800 changes to papers Reverse Engineering of x86 Linux Shellcodes the Easy Way Bypassing SSL Pinning on Android via Reverse Engineering Reverse Engineering of x86 Linux Shellcodes the Easy Way Bypassing SSL Pinning on Android via Reverse Engineering [Arabic] Simple SQL Injection SAP security: attacking sap clients [Spanish] Asegurando nuestra red wireless [Persian] ASP and JSP security SAP security: attacking sap clients [Spanish] Asegurando nuestra red wireless [Persian] ASP and JSP security Thin Clients: Slim Security [Arabic] Buffer Overflow Exploitation for Beginners [Persian] Remote Win32 Kernel Exploitation Thin Clients: Slim Security [Arabic] Buffer Overflow Exploitation for Beginners [Persian] Remote Win32 Kernel Exploitation [Turkish] TCP/IP Fragmented Packets [Spanish] Optimización de SQL Union Injection en MYSQL [Portuguese] Retornando para libc - Parte I [Spanish] Busqueda Binaria Aplicada a las Blind SQL Injection Xss & Iframe Phishing [Portuguese] Retornando para libc - Parte I [Spanish] Busqueda Binaria Aplicada a las Blind SQL Injection Xss & Iframe Phishing [German] Sicherheit von Webservern One Click Ownage [German] Sicherheit von Webservern One Click Ownage [Romanian] Vulnerabilitati Web si securizarea acestora v1.0 Cracking The Air_ The Other Way [Romanian] Vulnerabilitati Web si securizarea acestora v1.0 -the-other-way.pdf PE Infection - How to Inject a dll [French] Le Social Engineering : une attaque de persuasion Advanced PostgreSQL SQL Injection and Filter Bypass Techniques Assault on PHP Applications Cyclic Redundancy Check (CRC) Web Application Firewall Bypass using HTTP Parameter Pollution Bypassing Hardware Based (DEP) on Windows 2003 SP 2 PE Infection - How to Inject a dll [French] Le Social Engineering : une attaque de persuasion Advanced PostgreSQL SQL Injection and Filter Bypass Techniques Assault on PHP Applications Cyclic Redundancy Check (CRC) Web Application Firewall Bypass using HTTP Parameter Pollution Bypassing Hardware Based (DEP) on Windows 2003 SP 2 [French] Shellcodes sous Linux dans les processeurs de 32 bits x86 [Italian] Don't trust in Technology Microsoft WPAD Technology Weakness HTTP Parameter Pollution - Yahoo! Mail classic attack [Portuguese] Entendendo Injeção de SQL [Arabic] Seh Buffer Overflows Explained [Italian] How do I crack your WEP: The FMS attack explanation [French] Bypass authentication with reverse engineering in linux x86 [Arabic] How to crack serial numbers - reverse engineering Reverse Code Engineering - mrinfo [French] Shellcodes sous Linux dans les processeurs de 32 bits x86 [Italian] Don't trust in Technology Microsoft WPAD Technology Weakness HTTP Parameter Pollution - Yahoo! Mail classic attack [Portuguese] Entendendo Injeção de SQL [Arabic] Seh Buffer Overflows Explained [Italian] How do I crack your WEP: The FMS attack explanation [French] Bypass authentication with reverse engineering in linux x86 [Arabic] How to crack serial numbers - reverse engineering Reverse Code Engineering - mrinfo Why certain SWF encryption techniques can backfire [French] Bypass authentication with buffer overflow [Persian] Router Sniffing Network Traffic via GRE Tunneling Attack [Italian] Analysis and Working of a Rootkit in the Operative System [Italian] Routers and Routing process explanation through the NAT [Portugues] Writing ettercap plugins Controlling Malicious Software with the help of Shoutboxes How Conficker makes use of MS08-067 Penetration: from application down to OS (IBM Websphere) Penetration: from application down to OS (Oracle) [French] Creation des shellcodes sous architecture Linux x86 32 bits Pirelli Discus DRG A225 wifi router WPA2PSK Default Algorithm Vuln Why certain SWF encryption techniques can backfire [French] Bypass authentication with buffer overflow [Persian] Router Sniffing Network Traffic via GRE Tunneling Attack [Italian] Analysis and Working of a Rootkit in the Operative System [Italian] Routers and Routing process explanation through the NAT [Portugues] Writing ettercap plugins Controlling Malicious Software with the help of Shoutboxes How Conficker makes use of MS08-067 Penetration: from application down to OS (IBM Websphere) Penetration: from application down to OS (Oracle) [French] Creation des shellcodes sous architecture Linux x86 32 bits Pirelli Discus DRG A225 wifi router WPA2PSK Default Algorithm Vuln [German] Anonyme (und private) Kommunikation [Arabic] MS Internet Explorer XML Parsing Overflow [Arabic] API Function Parametre Hijacking Vulnerability PHP Fuzzing In Action (Real world source code auditing) [German] Anonyme (und private) Kommunikation [Arabic] MS Internet Explorer XML Parsing Overflow [Arabic] API Function Parametre Hijacking Vulnerability PHP Fuzzing In Action (Real world source code auditing) [arabic] Adur[ IT ] Magazine : IT security # 1 issue TippingPoint IPS Signature Evasion by Packet Fragmentation [Spanish] La seguridad en sistemas informaticos [Spanish] Compilacion e interpretacion de Exploits pl_ php_ py_ c y c++ Defeating the iPhone Passcode TippingPoint IPS Signature Evasion by Packet Fragmentation [Spanish] La seguridad en sistemas informaticos -php Defeating the iPhone Passcode [Spanish] clustering [Arabic] Perl Writing Exploits [Spanish] Cross Site Printing Stack Overflow Exploitation_ Real Life Example [Spanish] Cross Site Printing -real-life-example.pdf [French] Introduction to $_SERVER Superglobals Sniffing [eZine] Road Technological Minds (RTM) Essential #6 [French] Introduction to $_SERVER Superglobals Sniffing [eZine] Road Technological Minds (RTM) Essential #6 From Boot to Remote Root - How I owned the network Step By Step Format String Exploitation On Windows From Boot to Remote Root - How I owned the network Step By Step Format String Exploitation On Windows Practical SQL Injection: bit by bit [Persian] Web Application Security Consortium Glossary Bypassing Windows Server 2008 Password Protection Transferring Exploit code using HTML Canvas Exploiting Web 2.0 _ Real Life XSS-Worm Exploiting Web 2.0 _ Real Life SQL Injection [Spanish] Telefonia IP [Spanish] Stack Overflow Como Si Estuviera En Primero Practical SQL Injection: bit by bit [Persian] Web Application Security Consortium Glossary Bypassing Windows Server 2008 Password Protection Transferring Exploit code using HTML Canvas -real-life-xss-worm.pdf -real-life-sql-injection.pdf [Spanish] Telefonia IP [Spanish] Stack Overflow Como Si Estuviera En Primero Win Vista DLL Injection (32bit) Applied Binary Code Obfuscation Exploiting Buffer overflows Mem - Jacking [Persian] How to find ASP vulnerabilities by reading source code. (v1) How to write a XSS (cross site scripting) worm for McCodes sites A Post-mortem of Yahoo! Account Security Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities [Spanish] Como Navegar Anonimamente en Internet Arp Spoofing Short review of modern vulnerability research Win Vista DLL Injection (32bit) Applied Binary Code Obfuscation Exploiting Buffer overflows Mem - Jacking [Persian] How to find ASP vulnerabilities by reading source code. (v1) How to write a XSS (cross site scripting) worm for McCodes sites A Post-mortem of Yahoo! Account Security Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities [Spanish] Como Navegar Anonimamente en Internet Arp Spoofing Short review of modern vulnerability research w3af UserGuide French Discussing Secure Input Solutions for Web Applications Linux Slab Allocator Buffer Overflow Vulnerabilities (pt_BR) w3af UserGuide French Discussing Secure Input Solutions for Web Applications Linux Slab Allocator Buffer Overflow Vulnerabilities (pt_BR) Reverse Engineering Microsoft F# Cracking the basics Java 2 Micro Edition Based Computer Malware Propagation Technique [eZine] Road Technological Minds (RTM) Essential #5 EXPLORATiON iN THE CROSS TERRiTORY Security Vulnerabilities in SOHO Routers Practical attacks against WEP and WPA Using Parent Domain Traversal in Drive By Attacks Sponsored Links Jacking [Spanish] H-Zine #1 Cracking the basics Java 2 Micro Edition Based Computer Malware Propagation Technique [eZine] Road Technological Minds (RTM) Essential #5 EXPLORATiON iN THE CROSS TERRiTORY Security Vulnerabilities in SOHO Routers Practical attacks against WEP and WPA Using Parent Domain Traversal in Drive By Attacks Sponsored Links Jacking [Spanish] H-Zine #1 Internet Banking Flaws in India Reflective DLL Injection [Spanish] 1001 ways to crack software Internet Banking Flaws in India Reflective DLL Injection [Spanish] 1001 ways to crack software Fuzzing: A Useful Approach to Finding Bugs [Farsi] Detecting and Exploiting Vulnerability in ActiveX Controls Fuzzing: A Useful Approach to Finding Bugs [Farsi] Detecting and Exploiting Vulnerability in ActiveX Controls Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 Analyzing local privilege escalations in win32k Using dual-mappings to evade automated unpackers Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 Analyzing local privilege escalations in win32k Using dual-mappings to evade automated unpackers Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS Shell Code For Beginners Assault on Oracle PL/SQL - Injection TARGETING VOIP Introduction to SQL injection Assault on Oracle PL/SQL - Injection TARGETING VOIP Introduction to SQL injection The Pirate Bay un-SSL Client Side Security.. More severe than it seems... The Pirate Bay un-SSL Client Side Security.. More severe than it seems... Gadgets: New Tech & Old Threats Data-mining with SQL Injection and Inference [Spanish] Técnicas de inyección en MySQL Reverse Engineering: Smashing the Signature Data-mining with SQL Injection and Inference [Spanish] Técnicas de inyección en MySQL Reverse Engineering: Smashing the Signature [German] Sybase SQL Injection && Bypassing mod_security [German] A german guide to WEP/WPA cracking Simple Web-Hacking Techniques Auditing mailing scripts for web app pentesters Reverse Engineering: Anti-Cracking Techniques COODE MAGAZINE NR3 [Spanish] Cross Site Scripting [XSS] [German] Sybase SQL Injection && Bypassing mod_security [German] A german guide to WEP/WPA cracking Simple Web-Hacking Techniques Auditing mailing scripts for web app pentesters Reverse Engineering: Anti-Cracking Techniques COODE MAGAZINE NR3 [Spanish] Cross Site Scripting [XSS] Symantec Altiris Deployment Solution Elevation of Privileges Vulns Access Through Access Lateral SQL Injection: A New Class of Vulnerability in Oracle [Spanish] Blind MySQL Injection Security Implications of Windows Access Tokens Access Through Access Lateral SQL Injection: A New Class of Vulnerability in Oracle [Spanish] Blind MySQL Injection Security Implications of Windows Access Tokens 802.11 Attacks ActiveX - Active Exploitation Error based SQL Injection An Insecurity Overview of the March Networks DVR-CCTV 3204 ActiveX - Active Exploitation Error based SQL Injection An Insecurity Overview of the March Networks DVR-CCTV 3204 Securing & Hardening Linux v1.0 SEH Overwrites Simplified MS API function pointers hijacking Securing & Hardening Linux v1.0 SEH Overwrites Simplified MS API function pointers hijacking Arbitrary header injection in PHP contact forms Check Point Secure Platform Hack High-Level Reverse Engineering Tactical Exploitation and Response Over Solaris Sparc 5.8 / 5.9 Systems Check Point Secure Platform Hack High-Level Reverse Engineering Tactical Exploitation and Response Over Solaris Sparc 5.8 / 5.9 Systems Uncommon SQL Injection Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence.. Tactical Exploitation Discovery of Local BoF Exploits Anti Forensics: making computer forensics hard Having Fun with Proventia GX5108 & GX5008 Insecurities Buffer Truncation Abuse in Microsoft SQL Server Based Applications Cisco IOS Exploitation Techniques Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence.. Tactical Exploitation Discovery of Local BoF Exploits Anti Forensics: making computer forensics hard Having Fun with Proventia GX5108 & GX5008 Insecurities Buffer Truncation Abuse in Microsoft SQL Server Based Applications Cisco IOS Exploitation Techniques Secure file upload in PHP web applications Explanation of a remote buffer overflow Vulnerability Exploitation for phun and profit Explanation of a remote buffer overflow Vulnerability Exploitation for phun and profit Oracle Forensics Part 1: Dissecting the Redo Logs Oracle Forensics Part 2: Locating Dropped Objects Oracle Forensics Part 3: Isolating Evidence of Attacks Oracle Forensics Part 4: Live Response Bypass RPC portmapper filtering security PoC Heap Feng Shui in JavaScript Oracle Forensics Part 1: Dissecting the Redo Logs Oracle Forensics Part 2: Locating Dropped Objects Oracle Forensics Part 3: Isolating Evidence of Attacks Oracle Forensics Part 4: Live Response Bypass RPC portmapper filtering security PoC Heap Feng Shui in JavaScript JaSiLDBG - JavaScript inLine Debugger LINUX SHELLCODING REFERENCE HackThisZine (HTZ) #5 - Squat The Net! LINUX SHELLCODING REFERENCE HackThisZine (HTZ) #5 - Squat The Net! Win32 Stack BufferOverFlow Real Life Vuln-Dev Process PORT SCANNING TECHNIQUES Stack Overflow Exploitation Explained Overtaking Google Desktop xss2phishing Win32 Stack BufferOverFlow Real Life Vuln-Dev Process PORT SCANNING TECHNIQUES Stack Overflow Exploitation Explained Overtaking Google Desktop xss2phishing MoAB Comic 1 Anatomy of a Malware WebMin - (XSS BUG) Remote Arbitrary File Disclosure Shellcoding for Linux and Windows Tutorial Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass Bypassing Windows heap protections Writing Self-Modifying Code andUtilizing Advanced Assembly Techniques Blackberry Security: Ripe for the picking? Dangling Cursor Snarfing: A New Class of Attack in Oracle Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass Bypassing Windows heap protections Writing Self-Modifying Code andUtilizing Advanced Assembly Techniques Blackberry Security: Ripe for the picking? Dangling Cursor Snarfing: A New Class of Attack in Oracle On the Effectiveness of AddressSpaceRandomization Cracking String Encryption in Java Obfuscated Bytecode Implementing and Detecting a PCI Rootkit John The Ripper - An Illustrated Guide Vulnerability Enumeration For Penetration Testing On the Effectiveness of AddressSpaceRandomization Cracking String Encryption in Java Obfuscated Bytecode Implementing and Detecting a PCI Rootkit John The Ripper - An Illustrated Guide Vulnerability Enumeration For Penetration Testing IE ActiveX-based 0-days basics Demystified Attacking the Code: Source Code Auditing IE ActiveX-based 0-days basics Demystified Attacking the Code: Source Code Auditing API Interception via DLL Redirection Remote / Local File Inclusion Exploits Rainbow Tables Explained API Interception via DLL Redirection Remote / Local File Inclusion Exploits Rainbow Tables Explained Implementing a Custom X86 Encoder Undefined Behavior Learning Perl - Writing Exploits Hardening Windows NT [2K_ XP_ 2003] -xp Learn Information Gathering By Example Bypassing Oracle dbms_assert Playing with Digichat (Multiple Vulnerabilities) Web Application Auditing and Exploitation Playing with Digichat (Multiple Vulnerabilities) Web Application Auditing and Exploitation XSS Attacks FAQ Trojan White Paper Binary Protection Schemes SQL Injection - Are your web applications vulnerable? Advanced SQL Injection In SQL Server Applications Binary Protection Schemes SQL Injection - Are your web applications vulnerable? Advanced SQL Injection In SQL Server Applications The story of Exploiting kmalloc() Overflows Into my ARMs (Developing StrongARM/Linux Shellcode) Format String Vulnerability I & II The story of Exploiting kmalloc() Overflows Into my ARMs (Developing StrongARM/Linux Shellcode) Format String Vulnerability I & II Writing Behind a Buffer Tutorial About Format Bugs ARC: A Synchronous Stream Cipher from Hash The Basics of Shellcoding Web Forms and Untraceable DDoS Attacks Practical SEH Exploitation Writing Behind a Buffer Tutorial About Format Bugs ARC: A Synchronous Stream Cipher from Hash The Basics of Shellcoding Web Forms and Untraceable DDoS Attacks Practical SEH Exploitation PowerPC / OS X (Darwin) Shellcode Assembly Steganography FAQ The Voyage To 0Day Using the Metasploit Framework WLSI Windows Local Shellcode Injection Practical Windows and Linux Shellcode Design WLSI Windows Local Shellcode Injection Practical Windows and Linux Shellcode Design Using XSS to bypass CSRF protection Exploit Writing Tutorial Part 1 - Stack Based Overflows Exploit Writing Tutorial Part 2 - Jump to Shellcode Exploit Writing Tutorial Part 3 - SEH Exploit Writing Tutorial Part 3b - SEH Based Exploits Exploit Writing Tutorial Part 4 - From Exploit to Metasploit the Basics Exploit Writing Tutorial Part 5 - Debugger Modules in Exploit Development Exploit Writing Tutorial Part 6 - Bypassing Stack Cookies_ SAFESEH_ Hardware DEP and ASLR Exploit Writing Tutorial Part 7 - Unicode_ from 0x00410041 to Calc [Spanish] Remote Code Execution V1 Reverse Honey Trap - Striking Deep inside Online Web Antivirus Engines and Analyzers [Portuguese] Smashing the Stack for Fun and Profit [Portuguese] Linux Security Banners Discovering and Exploiting a remote buffer overflow in an FTP server - PART 1 [Spanish] Importance of img Tags on Web Security Using XSS to bypass CSRF protection Exploit Writing Tutorial Part 1 - Stack Based Overflows Exploit Writing Tutorial Part 2 - Jump to Shellcode Exploit Writing Tutorial Part 3 - SEH Exploit Writing Tutorial Part 3b - SEH Based Exploits Exploit Writing Tutorial Part 4 - From Exploit to Metasploit the Basics Exploit Writing Tutorial Part 5 - Debugger Modules in Exploit Development -safeseh -from-0x00410041-to-calc.pdf [Spanish] Remote Code Execution V1 Reverse Honey Trap - Striking Deep inside Online Web Antivirus Engines and Analyzers [Portuguese] Smashing the Stack for Fun and Profit [Portuguese] Linux Security Banners Discovering and Exploiting a remote buffer overflow in an FTP server - PART 1 [Spanish] Importance of img Tags on Web Security Remote Exploitation [German] Computer Virus Methods [German] Cross Site Scripting Remote Exploitation [German] Computer Virus Methods [German] Cross Site Scripting [Arabic] Overflow Exploitation [Persian] Common Attacks Against Wireless Networks - Part I [Persian] Packet Sniffing [Arabic] Overflow Exploitation [Persian] Common Attacks Against Wireless Networks - Part I [Persian] Packet Sniffing [Portuguese] Exploiting Integer Array Overflows Remote Buffer Overflow Exploits SSL Sniffing Blackboxes (with 0day) Injection Techniques to Anti-Bypass [Turkish] SynFlood DDOS Attacks and Prevention Blackboxes (with 0day) Injection Techniques to Anti-Bypass [Turkish] SynFlood DDOS Attacks and Prevention [Deutsch] Kryptographie - Die Magie der asymmetrischen Verschlüsselung [Turkish] PHP RFI Prevention [Deutsch] Kryptographie - Die Magie der asymmetrischen Verschlüsselung [Turkish] PHP RFI Prevention [Portuguese] - Tutorial Basico de Assembly - Linux/i386 [Spanish] PFD (Partial Function Disclosure) Building your own UD-Shellcodes part-1 [Spanish] PFD (Partial Function Disclosure) Building your own UD-Shellcodes part-1 [French] RIGHT TO LEFT OVERRIDE UNICODE CAN BE USED IN MULTIPLE SPOOFING CASES The (in)security of Omegle - What Omegle users should know RIGHT TO LEFT OVERRIDE UNICODE CAN BE USED IN MULTIPLE SPOOFING CASES [Arabic] Fishing on Xss Way [French] RIGHT TO LEFT OVERRIDE UNICODE CAN BE USED IN MULTIPLE SPOOFING CASES The (in)security of Omegle - What Omegle users should know RIGHT TO LEFT OVERRIDE UNICODE CAN BE USED IN MULTIPLE SPOOFING CASES [Arabic] Fishing on Xss Way Inyeccion SQL en MSSQL - HackTimes.com [Spanish] PoisonHost with PowerPoint Hacking Oracle from the Web: Exploiting SQL Injection from Web Applications [Spanish] Wide WiFi Security Hacking Oracle from the Web: Exploiting SQL Injection from Web Applications [Spanish] Wide WiFi Security Exploit Writing Tutorial Part 8 - Win32 Egg Hunting Exploit Writing Tutorial Part 9 - Introduction to Win32 shellcoding Exploit Writing Tutorial Part 8 - Win32 Egg Hunting Exploit Writing Tutorial Part 9 - Introduction to Win32 shellcoding MySQL Injection Using darkMySQLi.py [Italian] Cross Application Scripting [Italian] Cross Application Scripting Presentation at Security Summit 2010 Milan MySQL Injection Using darkMySQLi.py [Italian] Cross Application Scripting [Italian] Cross Application Scripting Presentation at Security Summit 2010 Milan Pwn20wn 2010 Windows 7 Internet Explorer 8 Exploit [Turkish] Playing TCP/IP packets with Hping-I [Turkish] Playing TCP/IP packets with Hping-II [Turkish] Network Discovery and Port Scanninng with Hping [Turkish] Playing TCP/IP packets with Hping-I [Turkish] Playing TCP/IP packets with Hping-II [Turkish] Network Discovery and Port Scanninng with Hping [Hungarian] Using Aircrack-ng [Spanish] Jugando con XSS Writing Custom Encoders with no null Bytes [Arabic] Protecting PHP applications from hacking 1 [Arabic] Protecting PHP applications from hacking 2 [Arabic] Basic Buffer overflow Exploitation [Hungarian] Using Aircrack-ng [Spanish] Jugando con XSS Writing Custom Encoders with no null Bytes [Arabic] Protecting PHP applications from hacking 1 [Arabic] Protecting PHP applications from hacking 2 [Arabic] Basic Buffer overflow Exploitation MorningStar Security - Next Generation Web Scanning Presentation - public Local File Inclusion MorningStar Security - Next Generation Web Scanning Presentation - public Local File Inclusion Adobe Reader's Custom Memory Management: A Heap of Trouble How-to:DNS Enumeration Hash Collision Attack Vectors on the eD2k P2P Network Flag Execution for Easy Local Privilege Escalation Phishing - The Art of fooling End Users and Anti-Phishing (2-way Authentication System) How-to:DNS Enumeration Hash Collision Attack Vectors on the eD2k P2P Network Flag Execution for Easy Local Privilege Escalation Phishing - The Art of fooling End Users and Anti-Phishing (2-way Authentication System) Easy Method:Blind SQL Injection GDT & LDT in Windows kernel vulnerability Exploitation Easy Method:Blind SQL Injection GDT & LDT in Windows kernel vulnerability Exploitation MySQL Session Hijacking over RFI SQL Injection Filtering Finding vulnerabilities of YaFtp 1.0.14 (a client-side FTP application) Improve File Uploaders’ Protections – Bypass Methods- Rev. 1.0 [Arabic] Internet Explorer ActiveX Audit with ComRaider [Persian] Introduction to CSRF Attack The Sulley Framework: Basics 'Metasplizing' Convert an existing Exploit to MSF Module MySQL Session Hijacking over RFI SQL Injection Filtering Finding vulnerabilities of YaFtp 1.0.14 (a client-side FTP application) Improve File Uploaders’ Protections – Bypass Methods- Rev. 1.0 [Arabic] Internet Explorer ActiveX Audit with ComRaider [Persian] Introduction to CSRF Attack The Sulley Framework: Basics 'Metasplizing' Convert an existing Exploit to MSF Module Bypassing DEP with WPM & ROP [Turkish] DDos Attacks Analysis Bypassing DEP with WPM & ROP [Turkish] DDos Attacks Analysis [French] HZV e-zine #1 [French] HZV e-zine #2 [French] HZV e-zine #3 [Hebrew] Digital Whisper Security Magazine #9 [Turkish] Bot Networks Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube [French] HZV e-zine #1 [French] HZV e-zine #2 [French] HZV e-zine #3 [Hebrew] Digital Whisper Security Magazine #9 [Turkish] Bot Networks Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube [Hebrew] Digital Whisper Security Magazine #1 [Hebrew] Digital Whisper Security Magazine #4 [Hebrew] Digital Whisper Security Magazine #6 [Hebrew] Digital Whisper Security Magazine #8 [Hebrew] Digital Whisper Security Magazine #2 [Hebrew] Digital Whisper Security Magazine #3 [Hebrew] Digital Whisper Security Magazine #5 [Hebrew] Digital Whisper Security Magazine #7 [Hebrew] Digital Whisper Security Magazine #1 [Hebrew] Digital Whisper Security Magazine #4 [Hebrew] Digital Whisper Security Magazine #6 [Hebrew] Digital Whisper Security Magazine #8 [Hebrew] Digital Whisper Security Magazine #2 [Hebrew] Digital Whisper Security Magazine #3 [Hebrew] Digital Whisper Security Magazine #5 [Hebrew] Digital Whisper Security Magazine #7 [Hebrew] Digital Whisper Security Magazine #10 [Hebrew] Digital Whisper Security Magazine #9 Cisco VoIP Phones - A Hackers Perspective SQL Injection Tutorial [Hebrew] Digital Whisper Security Magazine #11 Exploitation on ARM - Presentation Exploitation on ARM - Whitepaper [Persian] CRLF Injection Attacks Cisco VoIP Phones - A Hackers Perspective SQL Injection Tutorial [Hebrew] Digital Whisper Security Magazine #11 Exploitation on ARM - Presentation Exploitation on ARM - Whitepaper [Persian] CRLF Injection Attacks [Vietnamese] How to attack and fix Local File Disclosure [Georgian] Metasploit_ Full Review Injector Mask or A Tool Exploiting Large Memory Management Vulnerabilities in Xorg Server Running on Linux [Turkish] Binary Code Modification (Patching Vulnerabilities) Cracking Salted Hashes [Arabic] Paper Sniffer Password WireShark [Arabic] Paper Introduction to Penetration Testing DDoS Attacks explaination_ classification and suggested solutions Binary Code Modification [Vietnamese] How to attack and fix Local File Disclosure -full-review.pdf Injector Mask or A Tool Exploiting Large Memory Management Vulnerabilities in Xorg Server Running on Linux [Turkish] Binary Code Modification (Patching Vulnerabilities) Cracking Salted Hashes [Arabic] Paper Sniffer Password WireShark [Arabic] Paper Introduction to Penetration Testing -classification-and-suggested-solutions.pdf Binary Code Modification [Arabic] Encryption File Text (mcrypt packages) [Arabic] DHCP Spoofing and Starvation [Arabic] Advanced XSS MOAUB #1 - Adobe Acrobat Reader / Flash Player - _newclass_ invalid pointer - Binary Analysis MOAUB #1 - Cpanel - PHP Restriction Bypass Vulnerability 0day [Arabic] Advanced XSS MOAUB #1 - Adobe Acrobat Reader / Flash Player - _newclass_ invalid pointer - Binary Analysis MOAUB #1 - Cpanel - PHP Restriction Bypass Vulnerability 0day MOAUB #2 - Apple QuickTime - FlashPix NumberOfTiles Vulnerability - Binary Analysis MOAUB #2 - rainbowportal - Multiple Vulnerabilities – 0day MOAUB #3 - Visinia CMS - Multiple Vulnerabilities - 0day MOAUB #3 - Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner - Binary Analysis MOAUB #4 – Syndeocms 2.8.02 - Multiple Vulnerabilities - 0day MOAUB #4 – Movie Maker - Remote Code Execution (MS10-016) - Binary Analysis MOAUB #5 - Microsoft MPEG Layer-3 - Remote Command Execution - Binary Analysis moaub #5 - ifnuke - Multiple Vulnerabilities 0day [Arabic] What Do You Know About Steganography? moaub #6 - Interphoto Gallery - Multiple Vulnerabilities - 0day MOAUB #6 – HP OpenView NNM - webappmon execvp_nc Remote Code Execution - Binary Analysis [Arabic] Paper Introduction What Is Sniffer [Arabic] Paper Introduction WireLess Work moaub #7 - dynpage <= 1.0 - Multiple Vulnerabilities (0day) MOAUB #7 - Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow moaub #8 – sirang web-based d-control - Multiple Vulnerabilities (0day) MOAUB #8 - Microsoft Office Visio - .DXF File Stack based Overflow - Binary Analysis MOAUB #9 - Mozilla Firefox - XSLT Sort Remote Code Execution Vulnerability moaub #9 – festos cms 2.3b - Multiple Vulnerabilities MOAUB #10 - Excel - RTD Memory Corruption MOAUB #10 - aradblog - Multiple Vulnerabilities [Spanish] Elliptic Curve Cryptography Anomalous Curves [Arabic] Break the Encryption wep-psk in Wireless Networks MOAUB #11 - ASP Nuke SQL Injection Vulnerability MOAUB #11 - Microsoft Office Word 2007 - sprmCMajority Buffer Overflow Hiding Your Data Inside the Padding Area of Files and Packets (steganography) MOAUB #12 - eshtery CMS - SQL Injection Vulnerability MOAUB #12 - Adobe Acrobat / Reader - _pushstring_ Memory Corruption MOAUB #13 - Luftguitar CMS - Vulnerability: Upload Arbitrary File MOAUB #13 - RealPlayer FLV - Parsing Integer Overflow MOAUB #14 - FreeDiscussionForums 1.0 - Multiple Vulnerabilities MOAUB #14 - Novell iPrint Client Browser Plugin - ExecuteRequest debug Parameter Stack Overflow Forensics - Analyzing an Unknown Image (NTFS) MOAUB #15 - Ipswitch Imail Server - List Mailer Reply-To Address Memory Corruption MOAUB #15 - php microcms 1.0.1 - Multiple Vulnerabilities [Brazilian] Exploring IP Fragmentation for Fun and Profit (POC) MOAUB #16 - Mojoportal - Multiple Vulnerabilities MOAUB #16 - Microsoft Excel - HFPicture Record Parsing Remote Code Execution Vulnerability Smashing the stack in 2010 MOAUB #17 - Firefox Plugin Parameter - EnsureCachedAttrParamArrays Remote Code Execution MOAUB #17 - phpmyfamily - Multiple Vulnerabilities MOAUB #18 - Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability MOAUB #18 - CMSimple - CSRF Vulnerability MOAUB #19 - Novell iPrint Client Browser Plugin - call-back-url Stack Overflow MOAUB #19 - jmd-cms - Multiple Vulnerabilities [Vietnamese] Metasploit over the Internet MOAUB #20 - Java CMM readMabCurveData Stack Overflow MOAUB #20 - VWD-CMS - CSRF Vulnerability MOAUB #21 - Microsoft Excel - WOPT Record Parsing Heap Memory Corruption MOAUB #21 - Personal.Net Portal - Multiple Vulnerabilities MOAUB #22 - Adobe Shockwave - Director tSAC Chunk Memory Corruption MOAUB #22 - gausCMS - Multiple Vulnerabilities [Turkish] Binary Analysis Example MOAUB #23 - Adobe Acrobat Reader / Flash - 'newfunction' Remote Code Execution Vulnerability MOAUB #23 - Microsoft Excel - HFPicture Record Parsing Memory Corruption (0day) MOAUB #24 - Microsoft Excel - OBJ Record Stack Overflow MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder - Division By Zero MOAUB #26 - Microsoft Cinepak Codec - CVDecompress Heap Overflow MOAUB #25 - Mozilla Firefox - CSS font-face Remote Code Execution Vulnerability MOAUB #25 - VisualSite CMS 1.3 - Multiple Vulnerabilities MOAUB #2 - Apple QuickTime - FlashPix NumberOfTiles Vulnerability - Binary Analysis MOAUB #2 - rainbowportal - Multiple Vulnerabilities – 0day MOAUB #3 - Visinia CMS - Multiple Vulnerabilities - 0day MOAUB #3 - Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner - Binary Analysis MOAUB #4 – Syndeocms 2.8.02 - Multiple Vulnerabilities - 0day MOAUB #4 – Movie Maker - Remote Code Execution (MS10-016) - Binary Analysis MOAUB #5 - Microsoft MPEG Layer-3 - Remote Command Execution - Binary Analysis moaub #5 - ifnuke - Multiple Vulnerabilities 0day [Arabic] What Do You Know About Steganography? moaub #6 - Interphoto Gallery - Multiple Vulnerabilities - 0day MOAUB #6 – HP OpenView NNM - webappmon execvp_nc Remote Code Execution - Binary Analysis [Arabic] Paper Introduction What Is Sniffer [Arabic] Paper Introduction WireLess Work moaub #7 - dynpage <= 1.0 - Multiple Vulnerabilities (0day) MOAUB #7 - Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow moaub #8 – sirang web-based d-control - Multiple Vulnerabilities (0day) MOAUB #8 - Microsoft Office Visio - .DXF File Stack based Overflow - Binary Analysis MOAUB #9 - Mozilla Firefox - XSLT Sort Remote Code Execution Vulnerability moaub #9 – festos cms 2.3b - Multiple Vulnerabilities MOAUB #10 - Excel - RTD Memory Corruption MOAUB #10 - aradblog - Multiple Vulnerabilities [Spanish] Elliptic Curve Cryptography Anomalous Curves [Arabic] Break the Encryption wep-psk in Wireless Networks MOAUB #11 - ASP Nuke SQL Injection Vulnerability MOAUB #11 - Microsoft Office Word 2007 - sprmCMajority Buffer Overflow Hiding Your Data Inside the Padding Area of Files and Packets (steganography) MOAUB #12 - eshtery CMS - SQL Injection Vulnerability MOAUB #12 - Adobe Acrobat / Reader - _pushstring_ Memory Corruption MOAUB #13 - Luftguitar CMS - Vulnerability: Upload Arbitrary File MOAUB #13 - RealPlayer FLV - Parsing Integer Overflow MOAUB #14 - FreeDiscussionForums 1.0 - Multiple Vulnerabilities MOAUB #14 - Novell iPrint Client Browser Plugin - ExecuteRequest debug Parameter Stack Overflow Forensics - Analyzing an Unknown Image (NTFS) MOAUB #15 - Ipswitch Imail Server - List Mailer Reply-To Address Memory Corruption MOAUB #15 - php microcms 1.0.1 - Multiple Vulnerabilities [Brazilian] Exploring IP Fragmentation for Fun and Profit (POC) MOAUB #16 - Mojoportal - Multiple Vulnerabilities MOAUB #16 - Microsoft Excel - HFPicture Record Parsing Remote Code Execution Vulnerability Smashing the stack in 2010 MOAUB #17 - Firefox Plugin Parameter - EnsureCachedAttrParamArrays Remote Code Execution MOAUB #17 - phpmyfamily - Multiple Vulnerabilities MOAUB #18 - Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability MOAUB #18 - CMSimple - CSRF Vulnerability MOAUB #19 - Novell iPrint Client Browser Plugin - call-back-url Stack Overflow MOAUB #19 - jmd-cms - Multiple Vulnerabilities [Vietnamese] Metasploit over the Internet MOAUB #20 - Java CMM readMabCurveData Stack Overflow MOAUB #20 - VWD-CMS - CSRF Vulnerability MOAUB #21 - Microsoft Excel - WOPT Record Parsing Heap Memory Corruption MOAUB #21 - Personal.Net Portal - Multiple Vulnerabilities MOAUB #22 - Adobe Shockwave - Director tSAC Chunk Memory Corruption MOAUB #22 - gausCMS - Multiple Vulnerabilities [Turkish] Binary Analysis Example MOAUB #23 - Adobe Acrobat Reader / Flash - 'newfunction' Remote Code Execution Vulnerability MOAUB #23 - Microsoft Excel - HFPicture Record Parsing Memory Corruption (0day) MOAUB #24 - Microsoft Excel - OBJ Record Stack Overflow MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder - Division By Zero MOAUB #26 - Microsoft Cinepak Codec - CVDecompress Heap Overflow MOAUB #25 - Mozilla Firefox - CSS font-face Remote Code Execution Vulnerability MOAUB #25 - VisualSite CMS 1.3 - Multiple Vulnerabilities MOAUB #26 - Zenphoto - Config Update / Command Execution MOAUB #27 - Microsoft Internet Explorer - MSHTML Findtext Processing Issue MOAUB #27 - ndCMS - SQL Injection Vulnerability [German] Paper: DDoS Schutz - Abwehr von DDoS Attacken Practical Padding Oracle Attacks MOAUB #28 - AtomatiCMS - Upload Arbitrary File Vulnerability MOAUB #28 - JE CMS 1.0.0 - Bypass Authentication by SQL Injection Vulnerability MOAUB #29 - Microsoft Excel - SxView Record Parsing Heap Memory Corruption MOAUB #30 - Microsoft Unicode Scripts Processor - Remote Code Execution MOAUB #30 - ASPMass Shopping Cart - Vulnerability File Upload CSRF [Portuguese] Criar Exploits Para o Windows com a Ajuda da Metasploit Framework [Arabic] Intro to Metasploit [Portuguese] Introdução ao Metasploit Hexinject introduction guide [Hebrew] Digital Whisper Security Magazine #13 [Iranian] My SQL Injection [French] 50-1337 Magazine [Italian] Buffer Overflow In Memory Fuzzing: Real Time Input Tracing & Fuzzing MOAUB #26 - Zenphoto - Config Update / Command Execution MOAUB #27 - Microsoft Internet Explorer - MSHTML Findtext Processing Issue MOAUB #27 - ndCMS - SQL Injection Vulnerability [German] Paper: DDoS Schutz - Abwehr von DDoS Attacken Practical Padding Oracle Attacks MOAUB #28 - AtomatiCMS - Upload Arbitrary File Vulnerability MOAUB #28 - JE CMS 1.0.0 - Bypass Authentication by SQL Injection Vulnerability MOAUB #29 - Microsoft Excel - SxView Record Parsing Heap Memory Corruption MOAUB #30 - Microsoft Unicode Scripts Processor - Remote Code Execution MOAUB #30 - ASPMass Shopping Cart - Vulnerability File Upload CSRF [Portuguese] Criar Exploits Para o Windows com a Ajuda da Metasploit Framework [Arabic] Intro to Metasploit [Portuguese] Introdução ao Metasploit Hexinject introduction guide [Hebrew] Digital Whisper Security Magazine #13 [Iranian] My SQL Injection [French] 50-1337 Magazine [Italian] Buffer Overflow In Memory Fuzzing: Real Time Input Tracing & Fuzzing Software Fuzzing with Wireplay Intelligent Debugging and In Memory Fuzzing No More Signatures: Defending Web Applications from 0Day Attacks with ModProfiler Using Traffic Profiling DTrace - Applied Reverse Engineering on OSX Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Breaking the _Unbreakable_ Oracle with Metasploit Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation Hijacking Web 2.0 Sites with SSLstrip—Hands-on Training Bypassing SEHOP [Hebrew] Digital Whisper Security Magazine #14 [Arabic] Exploit Writing - Stack Overflows Software Fuzzing with Wireplay Intelligent Debugging and In Memory Fuzzing No More Signatures: Defending Web Applications from 0Day Attacks with ModProfiler Using Traffic Profiling DTrace - Applied Reverse Engineering on OSX Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Breaking the _Unbreakable_ Oracle with Metasploit Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation Hijacking Web 2.0 Sites with SSLstrip—Hands-on Training Bypassing SEHOP [Hebrew] Digital Whisper Security Magazine #14 [Arabic] Exploit Writing - Stack Overflows [Italian] Full Path Disclosure and Remote SQL Command Execution Trend Micro DLP 5.2 Data Leakage Token Hijacking with XSS Microsoft SQL Server Passwords Exploiting and Protecting Oracle SHODAN for DNS Information Gathering Bypassing Export Address Table Filters Exploiting Stack Overflows in the Linux Kernel [Italian] Full Path Disclosure and Remote SQL Command Execution Trend Micro DLP 5.2 Data Leakage Token Hijacking with XSS Microsoft SQL Server Passwords Exploiting and Protecting Oracle SHODAN for DNS Information Gathering Bypassing Export Address Table Filters Exploiting Stack Overflows in the Linux Kernel Microsoft Windows SAM Processing Flaw - Persistent Administrative Access PoC Escaping from Microsoft’s Protected Mode Internet Explorer [Spanish] INTO OUTFILE explanation of SQL Injection [Turkish] PDF Malware Analysis AEG: Automatic Exploit Generation Microsoft Windows SAM Processing Flaw - Persistent Administrative Access PoC Escaping from Microsoft’s Protected Mode Internet Explorer [Spanish] INTO OUTFILE explanation of SQL Injection [Turkish] PDF Malware Analysis AEG: Automatic Exploit Generation Heap Taichi: Exploiting Memory Allocation Granularity in Heap-Spraying Attacks Bypassing a Cisco IOS Firewall [Kurdish] SQL Injection Attacks [Hebrew] Digital Whisper Security Magazine #16 [Kurdish] SQL Injection Attacks [Hebrew] Digital Whisper Security Magazine #16 [Hebrew] Digital Whisper Security Magazine #12 [Hebrew] Digital Whisper Security Magazine #13 [Hebrew] Digital Whisper Security Magazine #15 Windows Thumbnail Buffer Overflow: A Vulnerability in My Heart [Hebrew] Digital Whisper Security Magazine #12 [Hebrew] Digital Whisper Security Magazine #13 [Hebrew] Digital Whisper Security Magazine #15 Windows Thumbnail Buffer Overflow: A Vulnerability in My Heart Evolutionary Fuzzing Bypassing Browser Memory Protections The evil karmetasploit upgrade Oracle_ Interrupted: Stealing Sessions and Credentials Neurosurgery With Meterpreter Attacking Oracle Web Applications with Metasploit Router Exploitation Remote Library Injection Metasploit’s Meterprerter Metasploit Framework Telephony Hackproofing Lotus Domino Web Server Windows Access Tokens – A Penetration Tester’s Guide Advanced SQL Injection Exploitation to Operating System Full Control SAP Penetration Testing State of the Art Post Exploitation in Hardened PHP Environments Advanced MySQL Exploitation Evolutionary Fuzzing Bypassing Browser Memory Protections The evil karmetasploit upgrade -interrupted-stealing-sessions-and-credentials.pdf Neurosurgery With Meterpreter Attacking Oracle Web Applications with Metasploit Router Exploitation Remote Library Injection Metasploit’s Meterprerter Metasploit Framework Telephony Hackproofing Lotus Domino Web Server Windows Access Tokens – A Penetration Tester’s Guide Advanced SQL Injection Exploitation to Operating System Full Control SAP Penetration Testing State of the Art Post Exploitation in Hardened PHP Environments Advanced MySQL Exploitation Heap Overflow For Humans - 101 Exploiting the otherwise non-exploitable Heap Overflow For Humans - 101 Exploiting the otherwise non-exploitable The Abuse of ASSOC Explained Linux Exploit Development Part 3 (Rev 2) - Real App Demo ret2libc XSS Street-Fight: The Only Rule Is There Are No Rules Non-Executable Stack ARM Exploitation The Apple Sandbox Kernel Pool Exploitation on Windows 7 [Iranian] ASP Hacking Methods Attacking Server Side XML Parsers Antivirus Firewall Evasion Techniques Evolution of Download Deploy Shellcode Effectiveness of Antivirus in Detecting Web Application Backdoors The Abuse of ASSOC Explained Linux Exploit Development Part 3 (Rev 2) - Real App Demo ret2libc XSS Street-Fight: The Only Rule Is There Are No Rules Non-Executable Stack ARM Exploitation The Apple Sandbox Kernel Pool Exploitation on Windows 7 [Iranian] ASP Hacking Methods Attacking Server Side XML Parsers Antivirus Firewall Evasion Techniques Evolution of Download Deploy Shellcode Effectiveness of Antivirus in Detecting Web Application Backdoors [Macedonian] The Metasploit Framework Stack Overflow: Automatic write() discovery [Indonesian] Praktek Stack Buffer Overflow [Hebrew] Digital Whisper Security Magazine #17 Exploit Development Made Easy with !pvefindaddr [Indonesian] Code Reborn (eZine) Exploiting the otherwise non-exploitable: Windows kernel-mode GS Cookies subverted Access denied - A guide for breakers Exploiting ARM Linux systems Forgotten World: Corporate Business Application Systems Penetration Testing Biometrics Systems [Portuguese] Heap Spray Attack 15 First Dates With Assembly Programming The Beginners Guide to XSS Reversing Basics - A Practical Approach [tutorial] [Macedonian] The Metasploit Framework Stack Overflow: Automatic write() discovery [Indonesian] Praktek Stack Buffer Overflow [Hebrew] Digital Whisper Security Magazine #17 Exploit Development Made Easy with !pvefindaddr [Indonesian] Code Reborn (eZine) Exploiting the otherwise non-exploitable: Windows kernel-mode GS Cookies subverted Access denied - A guide for breakers Exploiting ARM Linux systems Forgotten World: Corporate Business Application Systems Penetration Testing Biometrics Systems [Portuguese] Heap Spray Attack 15 First Dates With Assembly Programming The Beginners Guide to XSS Reversing Basics - A Practical Approach [tutorial] Windows 7/2008 Event Log Forensic and Reversing Analysis Linux Exploit Development Part 1 - Stack Overflow PHP LFI to Arbitrary Code Execution via rfc1867 File Upload Temporary Files Exploitation of _Self-Only_ XSS in Google Code Linux Exploit Writing Tutorial Part 2 - Stack Overflow ASLR bypass Using ret2reg Windows 7/2008 Event Log Forensic and Reversing Analysis Linux Exploit Development Part 1 - Stack Overflow PHP LFI to Arbitrary Code Execution via rfc1867 File Upload Temporary Files Exploitation of _Self-Only_ XSS in Google Code Linux Exploit Writing Tutorial Part 2 - Stack Overflow ASLR bypass Using ret2reg Manual Shellcode Bypassing Anti-Virus Scanners Hacking the Skiddies Manual Shellcode Bypassing Anti-Virus Scanners Hacking the Skiddies Linux Exploit Development Part 3 - ret2libc Linux Exploit Development Part 2 (Rev 2) - Real App Demo Linux Exploit Development Part 3 - ret2libc Linux Exploit Development Part 2 (Rev 2) - Real App Demo [Persian] Introduction to Man-in-the-middle Attacks [Persian] Null Bind Attacks Understanding the heap by breaking it Connection String Parameter Pollution Attacks WPA Too! Token Kidnapping's Revenge Attacks to SAP Web Applications Attacking with HTML5 Dangling Pointer Fuzzing Frameworks Remote and Local Exploitation of Network Drivers VoIP Security - Methodology and Results [Hebrew] Digital Whisper Security Magazine #18 [Hebrew] Digital Whisper Security Magazine #19 [Hebrew] Digital Whisper Security Magazine #20 Linux Exploit Development Part 4 - ASCII armor bypass return-to-plt The Underground in 2011 Reverse Engineering and Memory Patching [Arabic] The Art Of Information Gathering/Footprinting [PDF] Blind SQL Injection with Regular Expressions Attack Penetration Testing with Metasploit Framework A Simpler Way of Finding 0day The Arashi (A.K.A Storm) [Arabic] exploring and patching of [Cross site scripting - XSS ] gap Defeating Data Execution Prevention and ASLR in Windows XP SP3 Structured Exception Handler Exploitation Become fully aware of the potential dangers of ActiveX attacks A New CVE-2015-0057 Exploit Technology [Hebrew] Digital Whisper Security Magazine #22 Http Parameter Contamination (HPC) Attack / Research Paper Automated Web Application Fingerprinting What is a vulnerability assessment Owning WD TV Live HUB (Go to Root...) [Persian] Introduction to Man-in-the-middle Attacks [Persian] Null Bind Attacks Understanding the heap by breaking it Connection String Parameter Pollution Attacks WPA Too! Token Kidnapping's Revenge Attacks to SAP Web Applications Attacking with HTML5 Dangling Pointer Fuzzing Frameworks Remote and Local Exploitation of Network Drivers VoIP Security - Methodology and Results [Hebrew] Digital Whisper Security Magazine #18 [Hebrew] Digital Whisper Security Magazine #19 [Hebrew] Digital Whisper Security Magazine #20 Linux Exploit Development Part 4 - ASCII armor bypass return-to-plt The Underground in 2011 Reverse Engineering and Memory Patching [Arabic] The Art Of Information Gathering/Footprinting [PDF] Blind SQL Injection with Regular Expressions Attack Penetration Testing with Metasploit Framework A Simpler Way of Finding 0day The Arashi (A.K.A Storm) [Arabic] exploring and patching of [Cross site scripting - XSS ] gap Defeating Data Execution Prevention and ASLR in Windows XP SP3 Structured Exception Handler Exploitation Become fully aware of the potential dangers of ActiveX attacks A New CVE-2015-0057 Exploit Technology [Hebrew] Digital Whisper Security Magazine #22 Http Parameter Contamination (HPC) Attack / Research Paper Automated Web Application Fingerprinting What is a vulnerability assessment Owning WD TV Live HUB (Go to Root...) [Turkish] Return-oriented Programming / DEP Bypass [Hebrew] Digital Whisper Security Magazine #23 [Arabic] Exploring and Patching File Inclusion Vulnerabilities [Indonesian] Intro To Hack Basic #1 [Turkish] Return-oriented Programming / DEP Bypass [Hebrew] Digital Whisper Security Magazine #23 [Arabic] Exploring and Patching File Inclusion Vulnerabilities [Indonesian] Intro To Hack Basic #1 [Spanish] Asaltando redes wifi [Spanish] Jugando en la red Userland Hooking in Windows Microsoft Patch Analysis Social Engineering Toolkit Demystifying the Android Malware [Spanish] Asaltando redes wifi [Spanish] Jugando en la red Userland Hooking in Windows Microsoft Patch Analysis Social Engineering Toolkit Demystifying the Android Malware Bypassing PHPIDS 0.6.5 [Hebrew] Digital Whisper Security Magazine #24 Recursive Stack Overflows LFI With PHPInfo Assistance Inline Hooking in Windows [indonesian] Devilzc0de E-Magazine #3 Top Five ColdFusion Security Issues Bypassing IE's XSS Filter Clickjacking for Shells Hacking your Droid Embedding the Payload Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0 Frontal Attacks - From Basic Compromise to Advanced Persistent Threat Spying on Internet Explorer 8.0 Bypassing ASLR/DEP JBoss Exploitation Wireless Hacking & Wireless Security [Hebrew] Digital Whisper Security Magazine #25 Recursive Stack Overflows LFI With PHPInfo Assistance Inline Hooking in Windows [Indonesian] Devilzc0de E-Magazine #3 Top Five ColdFusion Security Issues Bypassing IE's XSS Filter Clickjacking for Shells Hacking your Droid Embedding the Payload Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0 Frontal Attacks - From Basic Compromise to Advanced Persistent Threat Spying on Internet Explorer 8.0 Bypassing ASLR/DEP JBoss Exploitation Wireless Hacking & Wireless Security [Hebrew] Digital Whisper Security Magazine #25 [French] Le sidejacking avec pycookiejsinject Buffer Overflow Exploitation SEH Evading Antimalware Engines via Assembly Ghostwriting SCADA and PLC Vulnerabilities in Correctional Facilities Security Issues in Android Custom ROM Skype Software Vulnerabilities - 0Day Exploitation 2011 [Turkish] Heap_ Overflows and Exploiting [Hebrew] Digital Whisper Security Magazine #26 [French] Le sidejacking avec pycookiejsinject Buffer Overflow Exploitation SEH Evading Antimalware Engines via Assembly Ghostwriting SCADA and PLC Vulnerabilities in Correctional Facilities Security Issues in Android Custom ROM Skype Software Vulnerabilities - 0Day Exploitation 2011 -overflows-and-exploiting.pdf [Hebrew] Digital Whisper Security Magazine #26 Hacking Embedded Devices For Fun & Profit Social Engineering - The Human Factor Paper: Enumerating and Breaking VoIP [Spanish] #breaking80211 [Turkish] Jynx Rootkit Analysis Hacking Embedded Devices For Fun & Profit Social Engineering - The Human Factor Paper: Enumerating and Breaking VoIP [Spanish] #breaking80211 [Turkish] Jynx Rootkit Analysis [Hebrew] Digital Whisper Security Magazine #27 A bit away from Kernel execution White Paper: Using Google as Malware Spreading Technique web backdoors evasion detection [Spanish] Hacking dispositivos iOS (iPhone_ iPod_ iPad) White Paper : Post Exploitation Using Meterpreter Active Domain Offline Hash Dump & Forensic Analysis The Tor Project: Authority _No Check_ Weakness White Paper- An analysis of a spam Exploited through browser add-ons in Facebook Paper on Crypter(Unprotecting the Crypter) Armitage - Hacking Made Easy Part 1 [Hebrew] Digital Whisper Security Magazine #27 A bit away from Kernel execution White Paper: Using Google as Malware Spreading Technique web backdoors evasion detection -ipod White Paper : Post Exploitation Using Meterpreter Active Domain Offline Hash Dump & Forensic Analysis The Tor Project: Authority _No Check_ Weakness White Paper- An analysis of a spam Exploited through browser add-ons in Facebook Paper on Crypter(Unprotecting the Crypter) Armitage - Hacking Made Easy Part 1 [Hebrew] Digital Whisper Security Magazine #28 [Turkish] Linux 2011 Kernel Hooking And Coding Root Exploits Buffer Overflows: Anatomy of an Exploit Malware Reverse Engineering Part 1 - Static Analysis iPhone Forensics on iOS 5 A Backdoor in the Next Generation Active Directory [Spanish] El fingerprinting dentro de la seguridad web [Hebrew] Digital Whisper Security Magazine #29 [Hebrew] Digital Whisper Security Magazine #28 [Turkish] Linux 2011 Kernel Hooking And Coding Root Exploits Buffer Overflows: Anatomy of an Exploit Malware Reverse Engineering Part 1 - Static Analysis iPhone Forensics on iOS 5 A Backdoor in the Next Generation Active Directory [Spanish] El fingerprinting dentro de la seguridad web [Hebrew] Digital Whisper Security Magazine #29 [Turkish] DoS/DDoS Attacks Agains DNS [Turkish] Analysis of a Browser Exploit [Turkish] Shell Code Injection To Proccess Egg Hunter - A Twist in Buffer Overflow Wi-Fi Security with Wi-Fi Protection Plus [Portuguese] DNS Spoofing [Turkish] DoS/DDoS Attacks Agains DNS [Turkish] Analysis of a Browser Exploit [Turkish] Shell Code Injection To Proccess Egg Hunter - A Twist in Buffer Overflow Wi-Fi Security with Wi-Fi Protection Plus [Portuguese] DNS Spoofing Metasploit: Low Level View [Spanish] Introduction to Reverse Engineering Deep Dive Into OS Internals with Windbg printf() tricks XSS worm writeup Covert Channel over ICMP [Spanish] Paper: Information Gathering [Portuguese] Passos para o pentest basico - Basic pentest Steps by n4sss [Arabic] Exploring and Patching Remote File Disclosure Vulnerabilities Analyzing WordPress Themes Bypassing tolower() filters in buffer overflows [Hebrew] Digital Whisper Security Magazine #30 MS11-046 - Dissecting a 0day Address Space Layout Randomization JavaScript Deobfuscation - A Manual Approach Reverse Engineering Malware Part 1 [French] Pas Pas Vers L'Assembleur iOS Application (In)Security Complete Cross-site Scripting Walkthrough [Hebrew] Digital Whisper Security Magazine #31 Hyperion: Implementation of a PE Crypter Uncovering Zero-Days and Advanced Fuzzing - Slides Uncovering Zero-Days and Advanced Fuzzing - Notes Breaking The Crypt - Advanced Hash Cracking Metasploit: Low Level View [Spanish] Introduction to Reverse Engineering Deep Dive Into OS Internals with Windbg printf() tricks XSS worm writeup Covert Channel over ICMP [Spanish] Paper: Information Gathering [Portuguese] Passos para o pentest basico - Basic pentest Steps by n4sss [Arabic] Exploring and Patching Remote File Disclosure Vulnerabilities Analyzing WordPress Themes Bypassing tolower() filters in buffer overflows [Hebrew] Digital Whisper Security Magazine #30 MS11-046 - Dissecting a 0day Address Space Layout Randomization JavaScript Deobfuscation - A Manual Approach Reverse Engineering Malware Part 1 [French] Pas Pas Vers L'Assembleur iOS Application (In)Security Complete Cross-site Scripting Walkthrough [Hebrew] Digital Whisper Security Magazine #31 Hyperion: Implementation of a PE Crypter Uncovering Zero-Days and Advanced Fuzzing - Slides Uncovering Zero-Days and Advanced Fuzzing - Notes Breaking The Crypt - Advanced Hash Cracking [Hebrew] Digital Whisper Security Magazine #32 Insecurity of Poorly Designed Remote File Inclusion Vulnerabilities: Pt 1 [Hebrew] Digital Whisper Security Magazine #32 Insecurity of Poorly Designed Remote File Inclusion Vulnerabilities: Pt 1 Deactivating Endpoint Protection Software in an Unauthorized Manner (Revisited) [Turkish] Web Application Security #101 [Turkish] Source Code Analysis at Web Applications - I Insecurity of Poorly Designed Remote File Inclusion Payloads - Part 2 Proper Hashing Methods Microsoft IIS Tilde Character Short File/Folder Name Disclosure CVE 2012-1889 Microsoft XML Core Services Uninitialized Memory Vulnerability Transferable State Attack on Iterated Hashing Functions Hack Box with DotDotPwn Directory Traversal Fuzzer Forensic Analysis of iOS5 iPhone Backups Having Fun With VirusScan Enterprise CVE-2012-1889: Security Update Analysis 2012-1889 Technical Analysis Report [Hebrew] Digital Whisper Security Magazine #33 Bypassing Spam Filters Using Homographs [Hebrew] Digital Whisper Security Magazine #34 Whitepaper: Bypassing Antivirus with a Sharp Syringe [Spanish] Taller de Inyecciones LDAP [Turkish] Web Application Security and Secure Coding 101 Sage 50 Payroll 2012 Password Bypass Local Software Exploit [Arabic] - Internet Explorer MSXML (MS12-043) DNS-Based Phishing Attack in Public Hotspots Shellcoding in Linux [Hebrew] Digital Whisper Security Magazine #35 CVE-2012-4969 Technical Analysis Report How to Use PyDbg as a Powerful Multitasking Debugger [Arabic] First Step To Find Vulnerabilities Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework [Turkish] Introduction to ARM Exploitation CVE-2012-4681 Technical Analysis Report Deactivating Endpoint Protection Software in an Unauthorized Manner (Revisited) [Turkish] Web Application Security #101 [Turkish] Source Code Analysis at Web Applications - I Insecurity of Poorly Designed Remote File Inclusion Payloads - Part 2 Proper Hashing Methods Microsoft IIS Tilde Character Short File/Folder Name Disclosure CVE 2012-1889 Microsoft XML Core Services Uninitialized Memory Vulnerability Transferable State Attack on Iterated Hashing Functions Hack Box with DotDotPwn Directory Traversal Fuzzer Forensic Analysis of iOS5 iPhone Backups Having Fun With VirusScan Enterprise CVE-2012-1889: Security Update Analysis 2012-1889 Technical Analysis Report [Hebrew] Digital Whisper Security Magazine #33 Bypassing Spam Filters Using Homographs [Hebrew] Digital Whisper Security Magazine #34 Whitepaper: Bypassing Antivirus with a Sharp Syringe [Spanish] Taller de Inyecciones LDAP [Turkish] Web Application Security and Secure Coding 101 Sage 50 Payroll 2012 Password Bypass Local Software Exploit [Arabic] - Internet Explorer MSXML (MS12-043) DNS-Based Phishing Attack in Public Hotspots Shellcoding in Linux [Hebrew] Digital Whisper Security Magazine #35 CVE-2012-4969 Technical Analysis Report How to Use PyDbg as a Powerful Multitasking Debugger [Arabic] First Step To Find Vulnerabilities Detecting and Exploiting XSS Vulnerabilities with Xenotix XSS Exploit Framework [Turkish] Introduction to ARM Exploitation CVE-2012-4681 Technical Analysis Report [Turkish] XSS Exploitation via CHEF [Hebrew] Digital Whisper Security Magazine #36 A Pentester's Guide to Hacking OData CVE-2012-1535: Adobe Flash Player Integer Overflow Analysis Steam Browser Protocol Insecurity Whitepaper : Exploiting Transparent User Identification Bypassing AvastSandBox Using Alternate Data Streaming [Hebrew] Digital Whisper Security Magazine #37 Checkpoint/SofaWare Firewall Vulnerability Research Sophail: Applied attacks against Sophos Antivirus [Spanish] Software Exploitation Guidelines for Pentesting a Joomla Based Site [Turkish] Network Penetration Testing 101 [Spanish] Penetration Testing - Analisis Web - Evaluacion de Vulnerabilidades - Explotacion [Turkish] XSS Exploitation via CHEF [Hebrew] Digital Whisper Security Magazine #36 A Pentester's Guide to Hacking OData CVE-2012-1535: Adobe Flash Player Integer Overflow Analysis Steam Browser Protocol Insecurity Whitepaper : Exploiting Transparent User Identification Bypassing AvastSandBox Using Alternate Data Streaming [Hebrew] Digital Whisper Security Magazine #37 Checkpoint/SofaWare Firewall Vulnerability Research Sophail: Applied attacks against Sophos Antivirus [Spanish] Software Exploitation Guidelines for Pentesting a Joomla Based Site [Turkish] Network Penetration Testing 101 [Spanish] Penetration Testing - Analisis Web - Evaluacion de Vulnerabilidades - Explotacion CVE-2012-5076 Technical Analysis Report Reversing & Malware Analysis Training Articles CVE-2012-5076 Technical Analysis Report Reversing & Malware Analysis Training Articles Ideas of advanced runtime Encryption of .NET Executables In-Memory Fuzzing with Java Ideas of advanced runtime Encryption of .NET Executables In-Memory Fuzzing with Java Analyzing Near Field Communication (NFC) Security [Hebrew] Digital Whisper Security Magazine #38 [Turkish] Introduction to ARM Exploiting on Linux [Spanish] Hashcat Manual de Usuario Analyzing Near Field Communication (NFC) Security [Hebrew] Digital Whisper Security Magazine #38 [Turkish] Introduction to ARM Exploiting on Linux [Spanish] Hashcat Manual de Usuario DOMSDAY - Analyzing a Dom-Based XSS in Yahoo! [Turkish] Pen-Tester's Guide for Metasploit Framework Detecting System Intrusions [Hebrew] Digital Whisper Security Magazine #39 Manipulating Memory for Fun & Profit A Short Guide on ARM Exploitation CloudFlare vs Incapsula vs ModSecurity Abusing_ Exploiting and Pwning with Firefox Add-ons From Write to root on AIX Story of a Client-Side Attack [Hebrew] Digital Whisper Security Magazine #40 Post XSS Exploitation: Advanced Attacks and Remedies [Turkish] - Local File inclusion Hacking Trust Relationships Between SIP Gateways [Spanish] Wireless Network Security CUDA Cracking Novell GroupWise Untrusted Pointer Dereference Exploitation [Hebrew] Digital Whisper Security Magazine #41 DOMSDAY - Analyzing a Dom-Based XSS in Yahoo! [Turkish] Pen-Tester's Guide for Metasploit Framework Detecting System Intrusions [Hebrew] Digital Whisper Security Magazine #39 Manipulating Memory for Fun & Profit A Short Guide on ARM Exploitation CloudFlare vs Incapsula vs ModSecurity -exploiting-and-pwning-with-firefox-add-ons.pdf From Write to root on AIX Story of a Client-Side Attack [Hebrew] Digital Whisper Security Magazine #40 Post XSS Exploitation: Advanced Attacks and Remedies [Turkish] - Local File inclusion Hacking Trust Relationships Between SIP Gateways [Spanish] Wireless Network Security CUDA Cracking Novell GroupWise Untrusted Pointer Dereference Exploitation [Hebrew] Digital Whisper Security Magazine #41 Injecting SQLite Database Based Applications GAME ENGINES: A 0DAY’S TALE Fuzzing: An introduction to Sulley Framework Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis Windows _Meterpreter_less Post Exploitation [Hebrew] Digital Whisper Security Magazine #42 [Persian] Emperor Magazine #2 [Persian] Emperor Magazine #3 [Persian] Android Security and Forensic Science [Turkish] Source Code Analysis at Web Applications - II [Turkish] Digital Satellite Receiver & Safety [Portuguese] Simple Weevely Guide Injecting SQLite Database Based Applications GAME ENGINES: A 0DAY’S TALE Fuzzing: An introduction to Sulley Framework Blackberry Z10 Research Primer - Dissecting Blackberry 10 - An Initial Analysis Windows _Meterpreter_less Post Exploitation [Hebrew] Digital Whisper Security Magazine #42 [Persian] Emperor Magazine #2 [Persian] Emperor Magazine #3 [Persian] Android Security and Forensic Science [Turkish] Source Code Analysis at Web Applications - II [Turkish] Digital Satellite Receiver & Safety [Portuguese] Simple Weevely Guide [Hebrew] Digital Whisper Security Magazine #43 Atlassian Confluence 4.3.5 - Multiple Vulnerabilities Flash JIT – Spraying info leak gadgets Nginx Exploit Documentation About a Generic Way to Exploit Linux Targets [Hebrew] Digital Whisper Security Magazine #43 Atlassian Confluence 4.3.5 - Multiple Vulnerabilities Flash JIT – Spraying info leak gadgets Nginx Exploit Documentation About a Generic Way to Exploit Linux Targets [Hebrew] Digital Whisper Security Magazine #44 Adventures in Automotive Networks and Control Units [Romanian] Formatul Fisierelor PE (Portable Executable) Win32-Rovnix Malware Report [Spanish] Exploting Add-Ons in Mozilla Firefox Win32-China Chopper CnC/Webshell Malware Report Smashing the stack_ an example from 2013 Win32-Worm:VBS/Jenxcus.A Malware Report Metasploit - The Exploit Learning Tree [Persian] Malware Memory Forensics [Arabic] Zaiim In Exploit Discovering [Persian] Comprehensive OllyDBG Learning Linux Stack Based Buffer Overflows Linux Format String Exploitation Linux Integer Overflow and Underflow Linux Off By One Vulnerabilities Return Oriented Programming (ROP FTW) [Hebrew] Digital Whisper Security Magazine #44 Adventures in Automotive Networks and Control Units [Romanian] Formatul Fisierelor PE (Portable Executable) Win32-Rovnix Malware Report [Spanish] Exploting Add-Ons in Mozilla Firefox Win32-China Chopper CnC/Webshell Malware Report -an-example-from-2013.pdf Win32-Worm:VBS/Jenxcus.A Malware Report Metasploit - The Exploit Learning Tree [Persian] Malware Memory Forensics [Arabic] Zaiim In Exploit Discovering [Persian] Comprehensive OllyDBG Learning Linux Stack Based Buffer Overflows Linux Format String Exploitation Linux Integer Overflow and Underflow Linux Off By One Vulnerabilities Return Oriented Programming (ROP FTW) Understanding C Integer Boundaries (Overflows & Underflow) Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial [Hebrew] Digital Whisper Security Magazine #45 WordPress 3.6 - Crafted String URL Redirect Restriction Bypass Fuzzing & Software Vulnerabilities Part 1 - Turkish Understanding C Integer Boundaries (Overflows & Underflow) Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial [Hebrew] Digital Whisper Security Magazine #45 WordPress 3.6 - Crafted String URL Redirect Restriction Bypass Fuzzing & Software Vulnerabilities Part 1 - Turkish CloudFlare vs Incapsula (WAF) : Round 2 (PDF) [Hebrew] Digital Whisper Security Magazine #46 [Hebrew] Digital Whisper Security Magazine #47 [Spanish] Hashcat - Hash Type Manual [Persian] How to Buffer Overflow and Exploiting CloudFlare vs Incapsula (WAF) : Round 2 (PDF) [Hebrew] Digital Whisper Security Magazine #46 [Hebrew] Digital Whisper Security Magazine #47 [Spanish] Hashcat - Hash Type Manual [Persian] How to Buffer Overflow and Exploiting [Persian] DLL Injection & Hooking [Georgian] DFIRCON APT Malware Analysis - Part 2 [Georgian] DFIRCON APT Malware Analysis 64-bit calc.exe Stack Overflow Root Cause Analysis Windows rcrypt PE EXE/DDL Packer Writeup [Persian] DLL Injection & Hooking [Georgian] DFIRCON APT Malware Analysis - Part 2 [Georgian] DFIRCON APT Malware Analysis 64-bit calc.exe Stack Overflow Root Cause Analysis Windows rcrypt PE EXE/DDL Packer Writeup [Georgian] - Buffer Overflows Control Flow Obfuscations in Malwares [Hebrew] Digital Whisper Security Magazine #48 [Persian] Attack on LSDBs in OSPF Routing Protocol Heap Spraying - ActiveX Controls Under Attack [Persian] Cookies Methodology: Security plan for wireless networks [Turkish] RPC Zafiyetlerinin Keşfi [Hebrew] Digital Whisper Security Magazine #49 Reversing Encrypted Callbacks and COM Interfaces Radio-Frequency Identification Exploitation [Georgian] - Buffer Overflows Control Flow Obfuscations in Malwares [Hebrew] Digital Whisper Security Magazine #48 [Persian] Attack on LSDBs in OSPF Routing Protocol Heap Spraying - ActiveX Controls Under Attack [Persian] Cookies Methodology: Security plan for wireless networks [Turkish] RPC Zafiyetlerinin Keşfi [Hebrew] Digital Whisper Security Magazine #49 Reversing Encrypted Callbacks and COM Interfaces Radio-Frequency Identification Exploitation [Azerbaijan] ClamAV Bypassing Dynamic-Link Library Hijacking [Portuguese] Heap Spraying [Persian] The Art Of Stealth Scanning Uploading PHP Shell Through SQL Injection PoC || GTFO 0x03 PoC || GTFO 0x02 PoC || GTFO 0x01 PoC || GTFO 0x00 [Azerbaijan] ClamAV Bypassing Dynamic-Link Library Hijacking [Portuguese] Heap Spraying [Persian] The Art Of Stealth Scanning Uploading PHP Shell Through SQL Injection PoC || GTFO 0x03 PoC || GTFO 0x02 PoC || GTFO 0x01 PoC || GTFO 0x00 NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation Whatsapp Forensic/Stealer (Android) PoC Paper Microsoft Windows Help Systems Vulnerabilities NetPilot/Soho Blue Router 6.1.15 - Privilege Escalation Whatsapp Forensic/Stealer (Android) PoC Paper Microsoft Windows Help Systems Vulnerabilities [Turkish] WAF Bypass Methods Introduction to Android Malware Analysis Windows Heap Overflow Exploitation Exploitation notes on CVE-2014-0160 [Hebrew] Digital Whisper Security Magazine #50 SQL Injection in Insert_ Update and Delete Statements TP-Link TD-W89 Config File Download / Exploiting the Host I Know Where Your Page Lives - De-randomizing the latest Windows 10 Kernel [Hebrew] Digital Whisper Security Magazine #51 64-bit Linux Stack Based Buffer Overflow [Persian] Oracle SID Detection Techniques - Part 1 [Persian] Oracle SID Detection Techniques - Part 2 [Persian] Oracle SID Detection Techniques - Part 3 [Persian] Oracle SID Detection Techniques - Part 4 Searching SHODAN For Fun And Profit Android KeyStore Stack Buffer Overflow Hacking Blind PoC || GTFO 0x04 [Turkish] WAF Bypass Methods Introduction to Android Malware Analysis Windows Heap Overflow Exploitation Exploitation notes on CVE-2014-0160 [Hebrew] Digital Whisper Security Magazine #50 -update-and-delete-statements.pdf TP-Link TD-W89 Config File Download / Exploiting the Host I Know Where Your Page Lives - De-randomizing the latest Windows 10 Kernel [Hebrew] Digital Whisper Security Magazine #51 64-bit Linux Stack Based Buffer Overflow [Persian] Oracle SID Detection Techniques - Part 1 [Persian] Oracle SID Detection Techniques - Part 2 [Persian] Oracle SID Detection Techniques - Part 3 [Persian] Oracle SID Detection Techniques - Part 4 Searching SHODAN For Fun And Profit Android KeyStore Stack Buffer Overflow Hacking Blind PoC || GTFO 0x04 The Ultimate XSS Protection Cheat Sheet for Developers [Hebrew] Digital Whisper Security Magazine #52 [Turkish] SQLMap CSRF Bypass [Romanian] Stack Based Buffer Overflow Outsmarted - Why Malware Works in the Face of Antivirus Software Breaking the Sandbox The Ultimate XSS Protection Cheat Sheet for Developers [Hebrew] Digital Whisper Security Magazine #52 [Turkish] SQLMap CSRF Bypass [Romanian] Stack Based Buffer Overflow Outsmarted - Why Malware Works in the Face of Antivirus Software Breaking the Sandbox Technical Information on Vulnerabilities of Hypercall Handlers Exploiting CVE-2014-4113 on Windows 8.1 [Hebrew] Digital Whisper Security Magazine #53 [Hebrew] Digital Whisper Security Magazine #54 [Hebrew] Digital Whisper Security Magazine #55 Deep Dive into ROP Payload Analysis [Turkish] Embedded Device Security & Zollard Botnet Analysis PoC || GTFO 0x06 PoC || GTFO 0x05 Technical Information on Vulnerabilities of Hypercall Handlers Exploiting CVE-2014-4113 on Windows 8.1 [Hebrew] Digital Whisper Security Magazine #53 [Hebrew] Digital Whisper Security Magazine #54 [Hebrew] Digital Whisper Security Magazine #55 Deep Dive into ROP Payload Analysis [Turkish] Embedded Device Security & Zollard Botnet Analysis PoC || GTFO 0x06 PoC || GTFO 0x05 [Turkish] How to Bypass SafeSEH and Stack Cookie Protection [Hebrew] Digital Whisper Security Magazine #56 [Turkish] How to Bypass SafeSEH and Stack Cookie Protection [Hebrew] Digital Whisper Security Magazine #56 [Albanian] Socket Learning [Turkish] Codesys SEH Exploit Tutorial Paper [Albanian] Socket Learning [Turkish] Codesys SEH Exploit Tutorial Paper [Hebrew] Digital Whisper Security Magazine #57 [Hebrew] Digital Whisper Security Magazine #59 Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability) Ghost Vulnerability CVE-2015-0235 White Paper [Hebrew] Digital Whisper Security Magazine #57 [Hebrew] Digital Whisper Security Magazine #59 Analysis of CVE-2014-4113 (Windows Privilege Escalation Vulnerability) Ghost Vulnerability CVE-2015-0235 White Paper [Hebrew] Digital Whisper Security Magazine #58 [Turkish] Penetration and Security Testing on Microsoft SQL Server PoC || GTFO 0x07 [Hebrew] Digital Whisper Security Magazine #60 Developing MIPS Exploits to Hack Routers Privilege Escalation via Client Management Software [Hebrew] Digital Whisper Security Magazine #61 Web App Penetration Testing - Local File Inclusion (LFI) Privilege Escalation via Client Management Software - Part II Escaping VMware Workstation through COM1 [Turkish] Web Services Penetration Testing PoC || GTFO 0x08 [Hebrew] Digital Whisper Security Magazine #62 [Hebrew] Digital Whisper Security Magazine #58 [Turkish] Penetration and Security Testing on Microsoft SQL Server PoC || GTFO 0x07 [Hebrew] Digital Whisper Security Magazine #60 Developing MIPS Exploits to Hack Routers Privilege Escalation via Client Management Software [Hebrew] Digital Whisper Security Magazine #61 Web App Penetration Testing - Local File Inclusion (LFI) Privilege Escalation via Client Management Software - Part II Escaping VMware Workstation through COM1 [Turkish] Web Services Penetration Testing PoC || GTFO 0x08 [Hebrew] Digital Whisper Security Magazine #62 BIGINT Overflow Error Based SQL Injection MySQL Error Based SQL Injection Using EXP How to HeapSpray and Exploit Memory Corruption in IIS6 [Persian] Cracking WPA/WPA2 with Rainbow Table [Persian] Pyrit Cluster with Kali Linux Compromising ISP Issued 802.11 Wireless Cable Modem Networks for Profit [Hebrew] Digital Whisper Security Magazine #63 [Hebrew] Digital Whisper Security Magazine #64 Shoot zend_executor_globals to bypass php disable_functions Evading All Web-Application Firewalls XSS Filters Microsoft .NET MVC - ReDoS (Denial of Service) Vulnerability (MS15-101) Abusing Windows Opener To Bypass CSRF Protection [Persian] Jailbreak Payloads From Star to TaiG BIGINT Overflow Error Based SQL Injection MySQL Error Based SQL Injection Using EXP How to HeapSpray and Exploit Memory Corruption in IIS6 [Persian] Cracking WPA/WPA2 with Rainbow Table [Persian] Pyrit Cluster with Kali Linux Compromising ISP Issued 802.11 Wireless Cable Modem Networks for Profit [Hebrew] Digital Whisper Security Magazine #63 [Hebrew] Digital Whisper Security Magazine #64 Shoot zend_executor_globals to bypass php disable_functions Evading All Web-Application Firewalls XSS Filters Microsoft .NET MVC - ReDoS (Denial of Service) Vulnerability (MS15-101) Abusing Windows Opener To Bypass CSRF Protection [Persian] Jailbreak Payloads From Star to TaiG [Hebrew] Digital Whisper Security Magazine #65 [Portuguese] Using Printer Layout as a Vector for Malicious Code Insertion [Persian] How Yalu Works Writing Cisco IOS Rootkits New Methods in Automated XSS Detection Win32_bind Shellcode Review [Portuguese] Ataques Avançados contra CPL (Control Panel Applets) [Hebrew] Digital Whisper Security Magazine #67 [Hebrew] Digital Whisper Security Magazine #66 [Turkish] Beurk Rootkit Password Cracking and Injection (Gizliligin Anatomisi) [Persian] Change Powershell Command Line Job [Persian] Advanced NTFS Alternate Data Stream in Windows 8 and 10 [Persian] Image File Execution [Persian] Windows Hacking And Security Only in Physical Access [Persian] Exposing the WiFi Password Using C and PowerShell [Persian] Bypass PowerShell Execution Policy [Portuguese] Introdução a exploração de Structured Excpetion Handlers [Turkish] Back To BackDoor Bypassing McAfee’s Application Whitelisting for Critical Infrastructure Systems [Hebrew] Digital Whisper Security Magazine #65 [Portuguese] Using Printer Layout as a Vector for Malicious Code Insertion [Persian] How Yalu Works Writing Cisco IOS Rootkits New Methods in Automated XSS Detection Win32_bind Shellcode Review [Portuguese] Ataques Avancados contra CPL (Control Panel Applets) [Hebrew] Digital Whisper Security Magazine #67 [Hebrew] Digital Whisper Security Magazine #66 [Turkish] Beurk Rootkit Password Cracking and Injection (Gizliligin Anatomisi) [Persian] Change Powershell Command Line Job [Persian] Advanced NTFS Alternate Data Stream in Windows 8 and 10 [Persian] Image File Execution [Persian] Windows Hacking And Security Only in Physical Access [Persian] Exposing the WiFi Password Using C and PowerShell [Persian] Bypass PowerShell Execution Policy [Portuguese] Introdução a exploração de Structured Excpetion Handlers [Turkish] Back To BackDoor Bypassing McAfee’s Application Whitelisting for Critical Infrastructure Systems [Spanish] Bypass a lista blanca de McAfee Appication Control [Spanish] Windows Heap Overflow Exploitation - Exploiting a Custom Heap Under Windows 7 [Hebrew] Digital Whisper Security Magazine #69 The Most Forgotten Web Vulnerabilities NDI5aster - Privilege Escalation through NDIS 5.x Filter Intermediate Drivers [Hebrew] Digital Whisper Security Magazine #70 Metaphor - A (real) real-life Stagefright exploit Exploiting Buffer Overflows on MIPS Architecture Windows Kernel Exploitation 101: Exploiting CVE-2014-4113 [Persian] XML Injection Avactis PHP Shopping Cart - Multiple Vulnerabilities Phorum 5.2.20 - Multiple Vulnerabilities [Turkish] Privilege Escalation Vectors On Windows Systems [Persian] Ollydbg Tutorial v 1.10 [Hebrew] Digital Whisper Security Magazine #71 [Hebrew] Digital Whisper Security Magazine #72 [Hebrew] Digital Whisper Security Magazine #73 Exploiting Apache James Server 2.3.2 Novel contributions to the field - How I broke MySQL's codebase Cryptshare 3.10.1.2 - Stored XSS [Hebrew] Digital Whisper Security Magazine #74 [Turkish] Drupal Coder Vulnerability Analysis & MSF Module Dev Hunting HTML 5 postMessage Vulnerabilities [Hebrew] Digital Whisper Security Magazine #75 [Hebrew] Digital Whisper Security Magazine #76 [Turkish] Wireshark - Important Tips [Turkish] Detailed Cross-Site Scripting Paper [Turkish] Web Security Vulnerabilities - Web Güvenlik Açıkları Tuleap 8.18 - SQL Injection & Cross-Site Scripting Vulnerability Analysis PoC || GTFO 0x09 PoC || GTFO 0x10 PoC || GTFO 0x11 PoC || GTFO 0x12 PoC || GTFO 0x13 [Hebrew] Digital Whisper Security Magazine #77 [Spanish] Bypass a lista blanca de McAfee Appication Control [Spanish] Windows Heap Overflow Exploitation - Exploiting a Custom Heap Under Windows 7 [Hebrew] Digital Whisper Security Magazine #69 The Most Forgotten Web Vulnerabilities NDI5aster - Privilege Escalation through NDIS 5.x Filter Intermediate Drivers [Hebrew] Digital Whisper Security Magazine #70 Metaphor - A (real) real-life Stagefright exploit Exploiting Buffer Overflows on MIPS Architecture Windows Kernel Exploitation 101: Exploiting CVE-2014-4113 [Persian] XML Injection Avactis PHP Shopping Cart - Multiple Vulnerabilities Phorum 5.2.20 - Multiple Vulnerabilities [Turkish] Privilege Escalation Vectors On Windows Systems [Persian] Ollydbg Tutorial v 1.10 [Hebrew] Digital Whisper Security Magazine #71 [Hebrew] Digital Whisper Security Magazine #72 [Hebrew] Digital Whisper Security Magazine #73 Exploiting Apache James Server 2.3.2 Novel contributions to the field - How I broke MySQL's codebase Cryptshare 3.10.1.2 - Stored XSS [Hebrew] Digital Whisper Security Magazine #74 [Turkish] Drupal Coder Vulnerability Analysis & MSF Module Dev Hunting HTML 5 postMessage Vulnerabilities [Hebrew] Digital Whisper Security Magazine #75 [Hebrew] Digital Whisper Security Magazine #76 [Turkish] Wireshark - Important Tips [Turkish] Detailed Cross-Site Scripting Paper [Turkish] Web Security Vulnerabilities - Web Güvenlik Açıkları Tuleap 8.18 - SQL Injection & Cross-Site Scripting Vulnerability Analysis PoC || GTFO 0x09 PoC || GTFO 0x10 PoC || GTFO 0x11 PoC || GTFO 0x12 PoC || GTFO 0x13 [Hebrew] Digital Whisper Security Magazine #77 [Hebrew] Digital Whisper Security Magazine #78 Teaching an Old Dog (not that new) Tricks. Stego in TCP/IP made easy (part-1) Pozzo & Lucky_ The phantom Shell. Stego in TCP/IP (part-2) Art of Anti Detection - Introduction To AV & Detection Techniques [Hebrew] Digital Whisper Security Magazine #79 [Hebrew] Digital Whisper Security Magazine #78 Teaching an Old Dog (not that new) Tricks. Stego in TCP/IP made easy (part-1) -the-phantom-shell.-stego-in-tcpip-(part-2).pdf Art of Anti Detection - Introduction To AV & Detection Techniques [Hebrew] Digital Whisper Security Magazine #79 Art of Anti Detection - PE Backdoor Manufacturing MySQL Out-of-Band Hacking Alternative for Information_Schema.Tables in MySQL MySQL Injection in Update_ Insert_ and Delete Exploiting Node.js deserialization bug for Remote Code Execution RSA Asymmetric Polymorphic Shellcode Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections Art of Anti Detection - Shellcode Alchemy PoC || GTFO 0x14 Art of Anti Detection - PE Backdoor Manufacturing MySQL Out-of-Band Hacking Alternative for Information_Schema.Tables in MySQL -insert Exploiting Node.js deserialization bug for Remote Code Execution RSA Asymmetric Polymorphic Shellcode Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections Art of Anti Detection - Shellcode Alchemy PoC || GTFO 0x14 How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 [Spanish] How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 [Spanish] How to Exploit ETERNALBLUE and DOUBLEPULSAR on Windows 7/2008 nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect Local File Disclosure using SQL Injection BluedIoT: When a mature and immature technology mixes_ becomes an “idiot” situation Stealing Windows Credentials Using Google Chrome Introduction to Manual Backdooring [Turkish] Mobile Penetration Testing [Hebrew] Digital Whisper Security Magazine #82 [Hebrew] Digital Whisper Security Magazine #83 [Hebrew] Digital Whisper Security Magazine #85 Of Mice and Keyboards - On the Security of Modern Wireless Desktop Sets [Turkish] Exploit Shellcode Development [Arabic] Web Application Penetration Testing Techniques [Italian] How to write Fully Undetectable malware [Turkish] Blind SQL Injection Attacks How to Write Fully Undetectable Malware - English Translation [Persian] Xpath Injection How to Exploit ETERNALBLUE on Windows Server 2012 R2 [Spanish] How to Exploit ETERNALBLUE on Windows Server 2012 R2 [French] SYN FLOOD ATTACK for IP CISCO Phone Hidden Network: Detecting Hidden Networks created with USB Devices How to exploit ETERNALROMANCE/SYNERGY on Windows Server 2016 [Hebrew] Digital Whisper Security Magazine #84 DirtyTooth: Extracting VCARD data from Bluetooth iOS profiles nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect Local File Disclosure using SQL Injection -becomes-an-idiot-situation.pdf Stealing Windows Credentials Using Google Chrome Introduction to Manual Backdooring [Turkish] Mobile Penetration Testing [Hebrew] Digital Whisper Security Magazine #82 [Hebrew] Digital Whisper Security Magazine #83 [Hebrew] Digital Whisper Security Magazine #85 Of Mice and Keyboards - On the Security of Modern Wireless Desktop Sets [Turkish] Exploit Shellcode Development [Arabic] Web Application Penetration Testing Techniques [Italian] How to write Fully Undetectable malware [Turkish] Blind SQL Injection Attacks How to Write Fully Undetectable Malware - English Translation [Persian] Xpath Injection How to Exploit ETERNALBLUE on Windows Server 2012 R2 [Spanish] How to Exploit ETERNALBLUE on Windows Server 2012 R2 [French] SYN FLOOD ATTACK for IP CISCO Phone Hidden Network: Detecting Hidden Networks created with USB Devices How to exploit ETERNALROMANCE/SYNERGY on Windows Server 2016 [Hebrew] Digital Whisper Security Magazine #84 DirtyTooth: Extracting VCARD data from Bluetooth iOS profiles [Turkish] Offensive and Defensive PowerShell Command Injection - Shell Injection Code Injection – HTML Injection [Hebrew] Digital Whisper Security Magazine #86 [Turkish] Windows and Linux Privilege Escalation Kernel Driver mmap Handler Exploitation [Turkish] Offensive and Defensive PowerShell Command Injection - Shell Injection Code Injection – HTML Injection [Hebrew] Digital Whisper Security Magazine #86 [Turkish] Windows and Linux Privilege Escalation Kernel Driver mmap Handler Exploitation PoC || GTFO 0x15 HITB Magazine - Volume 1_ Issue 1 HITB Magazine - Volume 1_ Issue 2 HITB Magazine - Volume 1_ Issue 3 HITB Magazine - Volume 1_ Issue 4 PoC || GTFO 0x15 -issue-1.pdf -issue-2.pdf -issue-3.pdf -issue-4.pdf [eZine] i sh0t the white hat 1 [eZine] i sh0t the white hat 2 [eZine] i sh0t the white hat 3 [Hebrew] Digital Whisper Security Magazine #87 [Persian] Hacksys Extreme Vulnerable Windows Driver analysis Part 1 PoC || GTFO 0x16 [Hebrew] Digital Whisper Security Magazine #88 Reversing and Exploiting IoT devices [Hebrew] Digital Whisper Security Magazine #89 [Spanish] [eZine] i sh0t the white hat 1 [eZine] i sh0t the white hat 2 [Spanish] [eZine] i sh0t the white hat 3 [Hebrew] Digital Whisper Security Magazine #87 [Persian] Hacksys Extreme Vulnerable Windows Driver analysis Part 1 PoC || GTFO 0x16 [Hebrew] Digital Whisper Security Magazine #88 Reversing and Exploiting IoT devices [Hebrew] Digital Whisper Security Magazine #89
2beb112a