Fight_Poison_with_Poison.pdf
20.8 MB
#Malware_analysis
"Fight Poison with Poison: Detecting Backdoor Poison Samples via Decoupling Benign Correlations", 2022.
]-> https://github.com/Unispac/Fight-Poison-With-Poison
"Fight Poison with Poison: Detecting Backdoor Poison Samples via Decoupling Benign Correlations", 2022.
]-> https://github.com/Unispac/Fight-Poison-With-Poison
Circumventing_Backdoor_Defenses.pdf
4.6 MB
#Research
"Circumventing Backdoor Defenses That Are Based on Latent Separability", 2022.
]-> Repo: https://github.com/Unispac/Circumventing-Backdoor-Defenses
📰
📚
"Circumventing Backdoor Defenses That Are Based on Latent Separability", 2022.
]-> Repo: https://github.com/Unispac/Circumventing-Backdoor-Defenses
📰
📚
AtLayer2_PoC.pdf
3.2 MB
#Offensive_security
Exploit Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
// demonstrates leveraging cross site scripting and polyglot exploitation in an exploit COOLHANDLUKE to violate network segmentation / L2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HP Procurve, Aruba Networks, Cisco, Dell, Netgear products
📰
📚
Exploit Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
// demonstrates leveraging cross site scripting and polyglot exploitation in an exploit COOLHANDLUKE to violate network segmentation / L2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HP Procurve, Aruba Networks, Cisco, Dell, Netgear products
📰
📚
L7_Cisco.pdf
4.1 MB
#Whitepaper
"Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation/IP Router-Less Tunneling", 2021.
// This issue affects Cisco SMB/Sx Series switches
📰
📚
"Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation/IP Router-Less Tunneling", 2021.
// This issue affects Cisco SMB/Sx Series switches
📰
📚
WizardSpider_v1.4.pdf
3.7 MB
#Threat_Research
"Wizard Spider In-Depth Analysis", 2022.
"Wizard Spider In-Depth Analysis", 2022.
Pre-hijacked_accounts.pdf
642.4 KB
#Research
"Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web", 2022.
]-> https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks
"Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web", 2022.
]-> https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks
attacking_bitrix.pdf
3.6 MB
Уязвимости и атаки на CMS Bitrix
1. Особенности
2. Уязвимости
3. Методы атак
Приятного чтения!
1. Особенности
2. Уязвимости
3. Методы атак
Приятного чтения!
ACL_in_AD.pdf
3.7 MB
#Whitepaper
"Another attacker's view of ACL in AD".
"Another attacker's view of ACL in AD".
Software_Updates_Strategies.pdf
621.1 KB
#Research
"Software Updates Strategies:
a Quantitative Evaluation against Advanced Persistent Threats", 2022.
"Software Updates Strategies:
a Quantitative Evaluation against Advanced Persistent Threats", 2022.
rfc_9234.pdf
170 KB
#Infosec_Standards
RFC 9234:
"Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages", 2022.
RFC 9234:
"Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages", 2022.
RMD_Attacks.pdf
629.8 KB
#Red_Team
Remote Memory-Deduplication Attacks
Remote Memory-Deduplication Attacks
Exploiting_CPU_Features.pdf
354.7 KB
#Research
"Finding and Exploiting CPU Features using MSR Templating", 2022.
]-> UEFIPatch tool:
https://github.com/LongSoft/UEFITool/tree/master/UEFIPatch
]-> source code:
https://github.com/Mbed-TLS/mbedtls/blob/dd57b2f240c597e4cf6cc2492d5c03d067f234f9/library/aes.c#L587
"Finding and Exploiting CPU Features using MSR Templating", 2022.
]-> UEFIPatch tool:
https://github.com/LongSoft/UEFITool/tree/master/UEFIPatch
]-> source code:
https://github.com/Mbed-TLS/mbedtls/blob/dd57b2f240c597e4cf6cc2492d5c03d067f234f9/library/aes.c#L587
apple_platform_sec_22.pdf
2.4 MB
#Whitepaper
"Apple Platform Security", May 2022.
// This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organizations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs
📚
"Apple Platform Security", May 2022.
// This documentation provides details about how security technology and features are implemented within Apple platforms. It also helps organizations combine Apple platform security technology and features with their own policies and procedures to meet their specific security needs
📚