Welcome to SecurityDocs

A collection of 8,041 IT security white papers, carefully curated by professionals like yourself

Scanning Windows Deeper With the Nmap Scanning Engine

by Ron Bowes

With modern script libraries, which were written by the author, the Nmap Scripting Engine (NSE) has the ability to establish a null or authenticated session with all modern versions of Windows. By leveraging these sessions, scripts have the ability to probe and explore Windows systems in great depth, providing an attacker with invaluable information about the server. This paper will look at how SMB and Microsoft RPC services work, how the Nmap scripts take advantage of the services, what chec...

Nov. 29, 2017 0 comments 18 minute read Pen Testing & Audits

Security issues against DNS

by Craig S. Wright

There are many ways to attack DNS. Attacks range from denials of service (DOS) to man in the middle (MiTM) to spoofing. The recent inclusion of Unicode entries into DNS may mean a site that looks like “microsoft.com” could exist but actually point to something else. Perhaps the o's in Microsoft would be Cyrillic instead of Latin. This paper will look at the issues facing DNS as well as conduct an analysis of the existing DNS infrastructure to assess its state and weaknesses. This process will...

Nov. 24, 2017 1 comment 41 minute read Apps & Hardening

Certified Ethical Hacker - Part 5-2 - System Hacking

by Riazul H. Rozen

Gaining administrative privilege is when the attacker bypasses the normal levels of security and goes on to gain administrative access to the system. The attacker takes advantage of the security flaws or programming problems in the system. The administrative privileges consist of sensitive information and a privileged attack could devise a number of means such as deleting and installing malicious files. There are two types of privilege escalation, such as vertical and horizontal privilege....

Nov. 22, 2017 2 comments 3 minute read Certifications

Certified Ethical Hacker - Part 8 - Social Engineering

by Riazul H. Rozen

Social engineering is a method used by attackers to gather valuable information form susceptible individuals. Personnel such as system administrators and desk officers are usually targeted.

Jan. 3, 2018 0 comments 4 minute read Certifications

Certified Ethical Hacker - Part 7-1 Sniffing

by Riazul H. Rozen

Sniffing is usually done in the data link layer in the OSI. This is somewhat beneficial because the upper layers are unable to detect sniffing on the lower layer. Sniffing can be carried out using a hardware protocol analyser. This monitors and discovers signals, without changing information in the transmitted traffic.

Dec. 15, 2017 0 comments 3 minute read Certifications

Certified Ethical Hacker - Part 6-2 Malware Threat

by Riazul H. Rozen

Viruses are only inactive, as long as the target host has not performed any action with regards the infected file. When the virus is written and sent to the target system, it regenerates itself and attaches itself to other files.

Dec. 7, 2017 0 comments 3 minute read Certifications

Certified Ethical Hacker - Part 6-1 Malware Threat

by Riazul H. Rozen

Malwares are programs written for the intention of being malicious. They cause damage to the systems, by giving the programmer limited or full access to the target system. These malware can be introduced into the system through various means; removable devices, fake programs, downloading or opening unsecured sites, instant messenger etc.

Dec. 6, 2017 0 comments 3 minute read Pen Testing & Audits

Web Malware 101

by Anish

Lets see an example of obfuscated script. The target here is Storm worm. This worm started spreading in January 2007. It used e-mail messages with subject lines about weather disasters in Europe, hence the name. Lets inspect the javascript which has the obfuscation function shall we.

Nov. 29, 2017 0 comments malwarecrypt.blogspot.mx Detection & Response

A penetration tester’s guide to sub-domain enumeration

by Bharath

As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a security assessment. You’ll have to perform extensive reconnaissance to find interesting assets like servers, web applications, domains that belong to the target organisation so that you can increase your chances of finding vulnerabilities.

Nov. 26, 2017 0 comments blog.appsecco.com Pen Testing & Audits

XSS (Cross Site Scripting) Prevention Cheat Shee

This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing...

Nov. 25, 2017 0 comments www.owasp.org Apps & Hardening

Illusion Gap - Antivirus Bypass

by Kasif Dekel

During our research, CyberArk Labs encountered a strange behavior in the file scanning process of Windows Defender. This problem may possibly exist in other anti-viruses, which we have not yet tested. This behavior led us to investigate the Antivirus scanning process over SMB shares and the outcome is a surprising cause for concern.

Nov. 25, 2017 0 comments www.cyberark.com Detection & Response

Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat information in support of the organization’s overall cyberse...

Nov. 25, 2017 0 comments nvlpubs.nist.gov Detection & Response

Six Ways to Secure APIs

by Alok Shukla

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple of years. Due to increased public exposure and common API front end usage, APIs have become a new attack vector for cybercriminals and can make your applications and databases vulnerable to the ful...

Nov. 24, 2017 0 comments www.imperva.com Apps & Hardening

Leading the Blind to Light! - A Chain to RCE

by Andy Gill

The chain of issues started with an outdated instance of Oracle E-Business Suite which has many publicly disclosed issues, two of which were an authentication bypass & a blind XXE vulnerablity. For anyone who's ever come across Oracle EBS you'll know if it's outdated often it'll be riddled with holes, which is great from a bug bounty & pentesting perspective but not so great for companies who are using it.

Nov. 24, 2017 0 comments blog.zsec.uk Pen Testing & Audits

Metasploitable Walkthrough: An Exploitation Guide

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image with a number of vulnerable packages included, which can be run on most virtualization software. You can grab your copy at Vulnhub – Metasploitable I used Kali Linux for attacking and VirtualBox for virtualization.

Nov. 24, 2017 0 comments tehaurum.wordpress.com Pen Testing & Audits

Burp Suite Tutorial Web Penetration Tool Kit

Burp Suite is a web application penetration testers Dream tool and the most powerful tool out there on the internet can it can be used to cover everything full in depth that you ever wanted. So i will be my best to thoroughly explain all the details as there are a lot of things to cover. Here is a quick list of Burp Suite components:

Nov. 24, 2017 0 comments securitytraning.com Pen Testing & Audits

Burp Suite Tutorial – Web Application Penetration Testing

by Royce Davis

Burp Suite from Portswigger is one of my favorite tools to use when performing a Web Penetration Test. The following is a step-by-step Burp Suite Tutorial. I will demonstrate how to properly configure and utilize many of Burp Suite’s features. After reading this, you should be able to perform a thorough web penetration test. This will be the first in a two-part article series.

Nov. 24, 2017 0 comments www.pentestgeek.com Pen Testing & Audits

Spoofing Attacks DHCP Server Spoofing

by Alok

One of the Layer 2 attacks inside a LAN network that is very dangerous for information privacy and LAN integrity is spoofing attack. This is special kind of attack where attacker can gain access to network traffic by spoofing responses that would be sent by a valid DHCP server. This attack is using a technique ARP spoofing, also called ARP cache poisoning or ARP poison routing (APR) that is a simple LAN attack technique. ARP spoofing will allow an attacker to intercept frames on a LAN, modif...

Nov. 24, 2017 0 comments learningnetwork.cisco.com Pen Testing & Audits

Scanning Ethereum smart contracts for vulnerabilities

by Bernhard Mueller

In this article, I’ll show how to run different types of security scans with Mythril using smart contracts from the Ethernaut wargame as examples (thanks to the guys from Zeppelin solutions for giving me permission). If you haven’t tried the wargame yourself, be aware that there are spoilers ahead! I recommend giving it a shot yourself first if you haven’t already.

Nov. 24, 2017 0 comments hackernoon.com Apps & Hardening


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.