Переводы статей для xss.pro

Отслеживать
Пожалуйста, обратите внимание, что пользователь заблокирован
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
Можно ещё про SDR. osmocombb. И вообще направление радио GSM Hacking взять... Думаю Будущие за взломом GSM. Кто владеет GSM Тот Владеет 1\4 мира. Я так думаю.
По статьям к сожалению не подскажу ибо сам не шарю.
https://www.crazydanishhacker.com/category/gsm-sniffing-hacking/ тут вроде что то есть, сегодня ночью гляну
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
neopaket не знаю, что тебе предложить для перевода...
Я накидал сюда много материала для перевода не вижу чтобы его переводили. Мой материал специфичен.

neopaket сказал(а):
https://xss.pro/threads/30545/
И да у тебя тут ошибка я не предлагал тебе этот материал для перевода. Ты сам решил его перевести. А добавил его табак. Но все равно спасибо что поблагодарил. Поэтому ты табака должен благодарить, а не меня. Будь чуточку внимательнее. Хоть это и пустяки...
 
weaver сказал(а):
neopaket не знаю, что тебе предложить для перевода...
Я накидал сюда много материала для перевода не вижу чтобы его переводили. Мой материал специфичен.


И да у тебя тут ошибка я не предлагал тебе этот материал для перевода. Ты сам решил его перевести. А добавил его табак. Но все равно спасибо что поблагодарил. Поэтому ты табака должен благодарить, а не меня. Будь чуточку внимательнее. Хоть это и пустяки...
Мерси
 
Пожалуйста, обратите внимание, что пользователь заблокирован

Linux (x86) Exploit Development Series

First of all I would like to thank phrack articles, its author and other security researchers for teaching me about different exploit techniques, without whom none of the posts would have been poss…
sploitfun.wordpress.com

level 1

Classic Stack Based Buffer Overflow

VM Setup: Ubuntu 12.04 (x86) This post is the most simplest of the exploit development tutorial series and in the internet you can already find many articles about it. Despite its abundance and fam…
sploitfun.wordpress.com

Integer Overflow

VM Setup: Ubuntu 12.04 (x86) What is Integer Overflow? Storing a value greater than maximum supported value is called integer overflow. Integer overflow on its own doesnt lead to arbitrary code exe…
sploitfun.wordpress.com

Off-By-One Vulnerability (Stack Based)

Prerequisite: Classic Stack Based Buffer Overflow VM Setup: Ubuntu 12.04 (x86) What is off-by-one bug? Copying source string into destination buffer could result in off-by-one when Source string l…
sploitfun.wordpress.com

level 2

Bypassing NX bit using return-to-libc

Prerequisite: Classic Stack Based Buffer Overflow VM Setup: Ubuntu 12.04 (x86) In previous posts, we saw that attacker copies shellcode to stack and jumps to it!! in order to successfully exploit v…
sploitfun.wordpress.com

Bypassing NX bit using chained return-to-libc

Prerequisite: Classic Stack Based Buffer Overflow Bypassing NX bit using return-to-libc VM Setup: Ubuntu 12.04 (x86) Chained returned-to-libc? As seen in previous post, need arises for an attacker …
sploitfun.wordpress.com

Bypassing ASLR – Part I

Prerequisite: Classic Stack Based Buffer Overflow VM Setup: Ubuntu 12.04 (x86) In previous posts, we saw that attacker needs to know stack address (to jump to shellcode) libc base address (to succe…
sploitfun.wordpress.com

Bypassing ASLR – Part II

Prerequisite: Classic Stack Based Buffer Overflow VM Setup: Ubuntu 12.04 (x86) In this post lets see how to bypass shared library address randomization using brute force technique. What is brute-fo…
sploitfun.wordpress.com

Bypassing ASLR – Part III

Prerequisite: Classic Stack Based Buffer Overflow Bypassing ASLR – Part I VM Setup: Ubuntu 12.04 (x86) In this post lets see how to bypass shared library address randomization using GOT overw…
sploitfun.wordpress.com

level3

Heap overflow using unlink

Prerequisite: Understanding glibc malloc In this post lets learn how heap overflow can be successfully exploited using unlink technique. But before looking into unlink, first lets look into a vulne…
sploitfun.wordpress.com

Heap overflow using Malloc Maleficarum

Prerequisite: Understanding glibc malloc During late 2004, ‘glibc malloc’ got hardened. After which techniques such as unlink got obsolete, leaving the attackers clueless. But only for …
sploitfun.wordpress.com

Off-By-One Vulnerability (Heap Based)

Prerequisite: Off-By-One Vulnerability (Stack Based) Understanding glibc malloc VM Setup: Fedora 20 (x86) What is off-by-one bug? As said in this post, copying source string into destination buffe…
sploitfun.wordpress.com

Use-After-Free

Prerequisite: Off-By-One Vulnerability (Heap Based) Understanding glibc malloc VM Setup: Fedora 20 (x86) What is use-after-free (UaF)? Continuing to use a heap memory pointer which is already been…
sploitfun.wordpress.com

Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment - rootkit

Intro Recently, I had the pleasure to attend the training on Windows Kernel Exploitation at nullcon by the HackSysTeam. The training was well executed, and I got the intro into the world of kernel. But, as you know, nobody could teach you internals about Kernel Exploitation in a couple of days...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 2: Stack Overflow - rootkit

Overview In the part 1, we looked into how to manually setup the environment for Kernel Debugging. If something straightforward is what you want, you can look into this great writeup by hexblog about setting up the VirtualKd for much faster debugging. In this post, we’d dive deep into the kernel...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 3: Arbitrary Memory Overwrite (Write-What-Where) - rootkit

Overview In the previous part, we looked into exploiting a basic kernel stack overflow vulnerability. This part will focus on another vulnerability, Arbitrary Memory Overwrite, also known as Write-What-Where vulnerability. Basic exploitation concept for this would be to overwrite a pointer in a...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 4: Pool Feng-Shui -> Pool Overflow - rootkit

Overview We discussed about Write-What-Where vulnerability in the previous part. This part will deal with another vulnerability, Pool Overflow, which in simpler terms, is just an Out-of-Bounds write on the pool buffer. This part could be intimidating and goes really in-depth on how to groom the...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 5: NULL Pointer Dereference - rootkit

Overview First of all, a happy new year. 🙂 After the exhaustive last part in this series, to start off this new year, this post will be about a lighter, more easy to understand vulnerability. A null pointer dereference vulnerability exists when the value of the pointer is NULL, and is used by...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 6: Uninitialized Stack Variable - rootkit

Overview In the previous part, we looked into a simple NULL Pointer Dereference vulnerability. In this part, we’ll discuss about another vulnerability, Uninitialized Stack Variable. This vulnerability arises when the developer defines a variable in the code, but doesn’t initialize it. So, during...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 7: Uninitialized Heap Variable - rootkit

Overview In the previous part, we looked into an Uninitialized Stack Variable vulnerability. In this part, we’ll discuss about another vulnerability on similar lines, Uninitialized Heap Variable. We’d be grooming Paged Pool in this one, so as to direct our execution flow to the shellcode. Again...
rootkits.xyz

Windows Kernel Exploitation Tutorial Part 8: Use After Free - rootkit

Overview In our previous post, we discussed about Uninitialized Heap Variable. This post will focus on another vulnerability, Use After Free. As the name might suggest, we’d be exploiting a stale pointer, that should’ve been freed, but due to a flaw, the pointer is called through a Callback...
rootkits.xyz

modexp.wordpress.com

Shellcode: In-Memory Execution of JavaScript, VBScript, JScript and XSL

Introduction A DynaCall() Function for Win32 was published in the August 1998 edition of Dr.Dobbs Journal. The author, Ton Plooy, provided a function in C that allows an interpreted language such a…
modexp.wordpress.com
 
Последнее редактирование:

Automating local DTD discovery for XXE exploitation - GoSecure

Today, we present the method to exploit XXEs with local a Document Type Declaration (DTD) file. More specifically, how we have built a huge list of reusable DTD files.
www.gosecure.net

Local Privilege Escalation on Dell machines running Windows

In May, I published a blog post detailing a Remote Code Execution vulnerability in Dell SupportAssist. Since then, my research has continued and I have been finding more and more vulnerabilities. I strongly suggest that you read my previous blog post, not only because it provides a solid...
d4stiny.github.io
www.trustwave.com

HQL Injection Exploitation in MySQL

Are you familiar with an HQL injection exploitation? Chances are you’re not. While you may assume it’s intuitive since it’s related to SQL injection, you’re right, but it’s a little bit more complex.
www.trustwave.com
www.allysonomalley.com

Exploiting SSL Vulnerabilities in Mobile Apps

This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can exploit a vulnerable app’s broken SSL impl…
www.allysonomalley.com www.allysonomalley.com

Cybersecurity Education from the Experts | TrustedSec Blog Posts

Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
www.trustedsec.com

Android Malware Analysis : Dissecting Hydra Dropper – Pentest Blog

pentest.blog
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
Пожалуйста, обратите внимание, что пользователь заблокирован
Взял эти:

Cybersecurity Education from the Experts | TrustedSec Blog Posts

Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
www.trustedsec.com
www.allysonomalley.com

Exploiting SSL Vulnerabilities in Mobile Apps

This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can exploit a vulnerable app’s broken SSL impl…
www.allysonomalley.com www.allysonomalley.com
www.trustwave.com

HQL Injection Exploitation in MySQL

Are you familiar with an HQL injection exploitation? Chances are you’re not. While you may assume it’s intuitive since it’s related to SQL injection, you’re right, but it’s a little bit more complex.
www.trustwave.com

Local Privilege Escalation on Dell machines running Windows

In May, I published a blog post detailing a Remote Code Execution vulnerability in Dell SupportAssist. Since then, my research has continued and I have been finding more and more vulnerabilities. I strongly suggest that you read my previous blog post, not only because it provides a solid...
d4stiny.github.io

Automating local DTD discovery for XXE exploitation - GoSecure

Today, we present the method to exploit XXEs with local a Document Type Declaration (DTD) file. More specifically, how we have built a huge list of reusable DTD files.
www.gosecure.net
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Пожалуйста, обратите внимание, что пользователь заблокирован
weaver сказал(а):

Done!

Перевод статьи -
https://xss.pro/threads/30722/

Заранее прошу прощения, первый раз перевожу не для себя, учусь.
Постаралась перевести НЕ буквально, в некоторых моментах пришлось добавить разъяснения на русском либо перефразировать.
Достаточно сложно было и с форматированием.
А так в целом норм.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх