Welcome to SecurityDocs

A collection of 7,860 IT security white papers, carefully curated by professionals like yourself

Using Software Defined Radio to Attack "Smart Home" Systems

by Florian Eichelberger

The Internet of Things (or IoT) is an emerging trend of which Smart Homes is a subset. IoT involves the integration of digital and wireless technologies in physical objects and systems, especially those historically unconnected. Home Automation systems or "Smart Homes" have been an emerging trend, with products only recently hitting the mass market and being affordable. Out of a fear of reduced usability, or breaking backwards compatibility, security is often neglected, or added as an after...

Nov. 20, 2017 0 comments 22 minute read Pen Testing & Audits

[POC] WordPress Duplicator Migration 1.2.28 Cross Site Scripting

POC Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Duplicator a WordPress Migration Plugin 1.2.28 Duplicator a WordPress Migration Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based a...

Nov. 20, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

Ring3 / Ring0 Rootkit Hook Detection 1/2

The cybercrime underworld hasn’t given me any exciting malware to reverse and I’m running out of ideas for new posts, so I’m going to do a 2 part article about the techniques used by rootkits to intercept function calls, and how to detect them. The first part will explain some hooking methods, the second part will explain how to detect them. As I haven’t done any kernel mode stuff on this blog, I will be looking at both user mode and kernel mode hooks on a x86 windows system.

Nov. 20, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

SSH Penetration Testing (Port 22)

Probing through every open port is practically the first step hackers take in order to prepare their attack. And in order to work one is required keep their port open but at the same time they are threatened by the fear of hackers. Therefore, one must learn to secure their ports even if they are …

Nov. 19, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

WordPress Penetration Testing using WPScan & Metasploit

Attacker: Kali Linux Target: WordPress WPScan is a black box vulnerability scanner for WordPress written in PHP mainly focus on different types of vulnerability in WordPress, WordPress themes, and plugins. Well, WPScan tool is already installed by default in Kali Linux, SamuraiWTF, Pentoo, BlackArch, and BackBox Linux. WPScan uses the database of all the available plugins

Nov. 19, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

Hack the dina VM (CTF Challenge)

Hello friends! Today we are going to take another CTF challenge known as dina. The credit for making this vm machine goes to “Touhid Shaikh” and it is another boot2root challenge where we have to root the server to complete the challenge. You can download this VM here. Let’s Breach!!! Let us start form getting to know …

Nov. 14, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

SQL Injection in bbPress

by Marc-Alexandre Montpas

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and...

Nov. 14, 2017 0 comments blog.sucuri.net Pen Testing & Audits

WebDAV Traffic To Malicious Sites

by Didier Stevens

If observed WebDAV traffic to malicious sites in the past (in proxy logs), and recently I took some time to take a closer look. TL;DR: when files are retrieved remotely with the file:// URI scheme on Windows, Windows will fallback to WebDAV when SMB connections can not be established. I did my tests with 2 Windows 7 VMs on the same subnet, one Windows 7 machine with IIS/WebDAV, and the other Windows 7 machine with Word 2016 and a .docx document with a remote template (template.dotx) (us...

Nov. 13, 2017 0 comments blog.didierstevens.com Pen Testing & Audits

Post Exploitation in VMware Files with Meterpreter

Hello friends!! Today you will how to exploit any operation system running inside the virtual machine. Requrement Attacker: kali linux Target: VM image windows server 2012 First attacker needs to exploit actual operating system of victim PC and attain the meterpreter session with admin privileges. From given image you can perceive I have seize windows …

Nov. 12, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

MSSQL Penetration Testing with Metasploit

Requirement Attacker: kali Linux (NMAP) Target: Windows 10 (MS SQL Server) Let’s start!! MSSQL Brute force Attack This module simply queries the MSSQL instance for a specific user/pass (default is sa with blank). use auxiliary/scanner/mssql/mssql_login msf auxiliary(mssql_login) > set rhosts msf auxiliary(mssql_login) > set user_file /root/Desktop/user.txt msf auxiliary(mssql_login) > set pass_file /root/Desktop/pass.txt msf auxiliary(mssql_login) > run …

Nov. 12, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

MSSQL Peneration Testing using Nmap | Pentesting Experts

Hello friends! Today we are going to perform Microsoft SQL penetration testing using NMAP scripts in order to retrieve basic information such as database name, usernames, tables name and etc from inside SQL server running on Windows operating system. In our previous article we had setup Microsoft SQL server in Windows 10. Requirement Attacker: kali …

Nov. 11, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

4 Ways to Capture NTLM Hashes in Network | Pentesting Experts

Hello friends! Today we are describing how to capture NTLM Hash in a local network. In this article we had captured NTLM hash 4 times through various methods. Before we proceed towards attacking techniques, let’s read the brief introduction on NTLM Hash. The acronym for word NTLM is made by combining following terms: NT: New …

Nov. 11, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

How to Use Firewalk on Kali | Pentesting Experts

Today, we’re going to be operating via a Firewalk tutorial utilizing Kali Linux. But first, we’d like to perceive what Firewalk does and why it’s necessary for hackers and penetration testers. Basically, Firewalk is a penetration instrument that can be utilized for reconnaissance by serving to a pentration tester or hacker uncover what IP protocols …

Nov. 11, 2017 0 comments www.pentestingexperts.com Pen Testing & Audits

Attacking .NET Serialization

by Alvaro

In this talk, we will analyze .NET serializers including third party JSON parsers for potential RCE vectors. We will demonstrate that RCE is also possible in .NET and present details about the serializers that are vulnerable to RCE by default and discuss common configurations that make other libraries vulnerable. We will try to generalize the attack techniques to other serialization formats and conclude with presenting several gadgets from system libraries that may be used to achieve RCE for ...

Nov. 10, 2017 0 comments speakerdeck.com Pen Testing & Audits

Attack Methods for Gaining Domain Admin Rights in Active Directory

by Sean Metcalf

There are many ways an attacker can gain Domain Admin rights in Active Directory. This post is meant to describe some of the more popular ones in current use. The techniques described here “assume breach” where an attacker already has a foothold on an internal system and has gained domain user credentials (aka post-exploitation). The unfortunate reality for most enterprises, is that it often does not take long from an attacker to go from domain user to domain admin. The question on defenders...

Nov. 10, 2017 0 comments adsecurity.org Pen Testing & Audits

Ten Ethical Hacking Interview Questions

by Yassine Aboukir

Recent major cybersecurity breaches have urged organizations to recruit infosec professionals skilled in ethical hacking. Ethical hacking is not a typical job, as it does not require a college diploma. All you need is a good understanding of computers, software and decent hacking skills. Ethical hacking is another term for penetration testing, commonly referred to as pentesting. In this article, we highlight some common questions you might be asked during a job interview for ethical hackin...

Nov. 9, 2017 0 comments resources.infosecinstitute.com Pen Testing & Audits

Introducing GoCrack: A Managed Password Cracking Tool

by Christopher Schmitt

FireEye's Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines.

Nov. 8, 2017 0 comments www.fireeye.com Pen Testing & Audits

How To Bypass Windows AppLocker

by Sparc Flow

Applocker is a software whitelisting tool introduced by Microsoft starting from Windows Vista/Seven/2008 in order to restrict standard users to only execute specific applications on the system. e.g.: “Alice can run explorer.exe, Bob, however, cannot!” If you are conducting penetration tests, you will likely find Applocker on very sensitive machines: industrial computers, ATM, business workstations, etc.

Nov. 8, 2017 0 comments www.hacking-tutorial.com Pen Testing & Audits

Bypassing Android’s Network Security Configuration

by Adrian Villa

With the release of Android Nougat (Android 7) came a new security feature called Network Security Configuration. This new feature arrived with the intention of allowing developers to customise their network security settings without modifying app code. Additional modification was also included in the default configuration for connections to SSL/TLS services; if the application targets an SDK higher or equal to 24, only the system certificates are trusted.

Nov. 6, 2017 1 comment www.nccgroup.trust Pen Testing & Audits

Web Application Threat Modeling

by Akash Shrivastava

Threat modeling is a procedure for optimizing Network/ Application/ Internet Security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.

Nov. 6, 2017 0 comments 8 minute read Pen Testing & Audits


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.