A collection of papers about offensive IT security with some blogposts sprinkled in. If you want to contribute a paper just open a issue or issue a pull request.
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Remote Memory-Deduplication Attacks | Martin Schwarzl, Erik Kraft, Moritz Lipp, Daniel Gruss | Link | --- |
2021 | T-Reqs: HTTP Request Smuggling with Differential Fuzzing | Bahruz Jabiyev, Steven Sprecher, Kaan Onarlioglu, Engin Kirda | Link | --- |
2021 | An Empirical Analysis of HTTPS Configuration Security | Camelia Simoiu, Wilson Nguyen, Zakir Durumeric | Link | --- |
2021 | Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques | zengrui liu, prakash shrestha, nitesh saxena | Link | --- |
2021 | CorbFuzz: Checking Browser Security Policies with Fuzzing | Chaofan Shou, ̇Ismet Burak Kadron, Qi Su, Tevfik Bultan | Link | --- |
2021 | SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers. | Thomas Rokicki, Clémentine Maurice, Pierre Laperdrix | Link | --- |
2021 | Awakening the Web's Sleeper Agents: Misusing Service Workers for Privacy Leakage | Soroush Karami, Panagiotis Ilia, Jason Polakis | Link | |
2020 | Everything Old is New Again: Binary Security of WebAssembly | Daniel Lehmann, Johannes Kinder, Michael Pradel | Link | --- |
2020 | Cross-Origin State Inference (COSI) Attacks:Leaking Web Site States through XS-Leaks | Avinash Sudhodanan, Soheil Khodayari, Juan Caballero | Link | |
2019 | BakingTimer: privacy analysis of server-side request processing time | Iskander Sánchez-Rola, D. Balzarotti, I. Santos | Link | |
2019 | Browser Fingerprinting using Combinatorial Sequence Testing | Bernhard Garn, Dimitris E. Simos, Stefan Zauner, Rick Kuhn, Raghu Kacker | Link | |
2018 | How Tracking Companies Circumvented Ad Blockers Using WebSockets | Muhammad Ahmad Bashir, Sajjad Arshad, Engin Kirda, William Robertson, Christo Wilson | Link | --- |
2017 | Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript | Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard | Link | --- |
2017 | Practical Keystroke Timing Attacks in Sandboxed JavaScript | Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clementine Maurice, Stefan Mangard | Link | Github |
2016 | On the Incoherencies in Web Browser Access Control Policies | Kapil Singh, Alexander Moshchuk, Helen J. Wang, Wenke Lee | Link | --- |
2016 | HEIST: HTTP Encrypted Information can be Stolen through TCP-windows | Mathy Vanhoef,Tom Van Goethem | Link | |
2016 | Trusted Browsers for Uncertain Times | David Kohlbrenner, Hovav Shacham | Link | --- |
2015 | The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications | Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis | Link | --- |
2015 | Practical Memory Deduplication Attacks in Sandboxed Javascript | Daniel Gruss(, David Bidner, Stefan Mangard | Link | --- |
2013 | Pixel Perfect Timing Attacks with HTML5 | Paul Stone | Link | PoC |
2013 | Redefining Web Browser Principals with a Configurable Origin Policy | Yinzhi Cao, Vaibhav Rastogi, Zhichun Li, Yan Chen, Alexander Moshchuk | Link | --- |
2010 | The Emperor’s New APIs: On the (In)Secure Usage of New Client-side Primitives | Steve Hanna, Eui Chul Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song | Link | --- |
2010 | Object views: Fine-grained sharing in browsers | Leo Meyerovich, Adrienne Porter Felt, Mark Miller | Link | --- |
2009 | Cross-origin javascript capability leaks: detection, exploitation, and defense | Adam Barth, Joel Weinberger,Dawn Song | Link | --- |
2007 | Exposing Private Information by Timing Web Applications | Andrew Bortz, Dan Boneh, Palash Nandy | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2021 | Examining JavaScript Inter-Process Communication in Firefox | Frederik Braun | Link |
2020 | Marginwidth/marginheight – the unexpected cross-origin communication channel | Michał Bentkowski | Link |
2018 | Side-channel attacking browsers through CSS3 features | Ruslan Habalov | Link |
2016 | CSS mix-blend-mode is bad for your browsing history | lcamtuf | Link |
NULL | History theft with CSS Boolean algebra | lcamtuf | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2020 | PMForce: Systematically AnalyzingpostMessage Handlers at Scale | Marius Steffens, Ben Stock | Link | Github |
2017 | Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets | Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava, Martin Johns | Link | --- |
2015 | Auto-Patching DOM-based XSS At Scale | Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, Prateek Saxena | Link | --- |
2015 | DEXTERJS: Robust Testing Platform for DOM-Based XSSVulnerabilities | Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, Prateek Saxena | Link | --- |
2013 | 25 Million Flows Later - Large-scale Detection of DOM-based XSS | Sebastian Lekies, Ben Stock, Martin Johns | Link | --- |
2013 | mXSS Attacks: Attacking well-secured Web-Applicationsby using innerHTML Mutations | Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2021 | Exploiting Client-Side Prototype Pollution in the wild | s1r1us | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2020 | EtherOops Exploring Practical Methods To Exploit Ethernet Packet In Packet Attacks | Ben Seri, Gregory Vishnepolsky, Yevgeny Yusepovsky | Link | --- |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses | Anatoly Shusterman, Ayush Agarwal, Sioli O’Connell, Daniel Genkin, Yossi Oren, Yuval Yarom | Link | --- |
2021 | Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets | Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis | Link | Github |
2020 | Confused by Path: Analysis of Path Confusion Based Attacks | Seyed Ali Mirheidari | Link | --- |
2020 | Large-Scale Analysis of Style Injection by Relative Path Overwrite | Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, William Robertson | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2019 | Better Exfiltration via HTML Injection | d0nut | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Practical Timing Side Channel Attacks on Memory Compression | Martin Schwarzl, Pietro Borrello, Daniel Gruss, Gururaj Saileshwar, Hanna Müller, Michael Schwarz | Link | --- |
2021 | Touchtone leakage attacks via smartphone sensors: mitigation without hardware modification | Connor Bolton, Yan Long, Jun Han, Josiah Hester, Kevin Fu | Link | --- |
2021 | Leaking Control Flow Information via the Hardware Prefetcher | Yun Chen, Lingfeng Pei, Trevor E. Carlson | Link | --- |
2019 | SMoTherSpectre: Exploiting Speculative Executionthrough Port Contention | Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, Anil Kurmus | Link | Github |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | DNS and the DNS Cache Poisoning Attack | Avi Kak | Link | |
2021 | The CNAME of the Game:Large-scale Analysis of DNS-based TrackingEvasion | Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, Tom Van Goethem | Link | --- |
2020 | Cross Layer Attacks and How to Use Them (forDNS Cache Poisoning, Device Tracking and More) | Amit Klein | Link | --- |
2017 | Something From Nothing (There): Collecting Global IPv6 Datasets From DNS | Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna | Link | Gitlab |
2011 | Bitsquatting DNS Hijacking without Exploitation | Dinaburg | Link | --- |
2005 | NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities | Yehuda Afek, Anat Bremler-Barr, Lior Shafir | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2021 | Dangling DNS: Amazon EC2 IPs (Current State) | Mohamed Elbadry | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Black Widow: Blackbox Data-driven Web Scanning | Benjamin Eriksson, Giancarlo Pellegrino, Andrei Sabelfeld | Link | |
2021 | Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions | Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky | Link | --- |
2021 | Security Vulnerability Detection Using Deep Learning Natural Language Processing | Noah Ziems, Shaoen Wu | Link | --- |
2020 | Can I Take Your Subdomain?Exploring Related-Domain Attacks in the Modern Web | Marco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, Matteo Maffe | Link | --- |
2020 | Cached and Confused: Web Cache Deception in the Wild | Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, William Robertson | Link | --- |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Physical Side-Channel Attacks on Embedded Neural Networks: A Survey | Maria Méndez Real, Rubén Salvador | Link | --- |
2021 | A Deep Learning-based Penetration Testing Framework for Vulnerability Identification in Internet of Things Environments | Nickolaos Koroniotis, Nour Moustafa, Benjamin Turnbul, Francesco Schiliro, Praveen Gauravaram, Helge Janicke | Link | --- |
2021 | Leveraging AI to optimize website structure discovery during Penetration Testing | Diego Antonellib, Roberta Cascellab, Gaetano Perronea, Simon Pietro Romanoa, Antonio Schiano | Link | --- |
2021 | The Threat of Offensive AI to Organizations | Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Wenke Lee, Yuval Elovici, Battista Biggio | Link | --- |
2021 | Deep Learning-Based Autonomous DrivingSystems: A Survey of Attacks and Defenses | Yao Deng, Tiehua Zhang, Guannan Lou, Xi Zheng, Jiong Jin, Qing-Long Han | Link | --- |
2017 | Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN | Weiwei Hu, Ying Tan | Link | --- |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly | Daniel Lehmann, Martin Toldam Torp, Michael Pradel | Link | --- |
2021 | VIA: Analyzing Device Interfaces of Protected Virtual Machines | Felicitas Hetzelt, Martin Radev, Robert Buhren, Mathias Morbitzer, Jean-Pierre Seifert | Link | --- |
2021 | Spotting Silent Buffer Overflows in Execution Trace throughGraph Neural Network Assisted Data Flow Analysis | Zhilong Wang, Li Yu, Suhang Wang and Peng Liu | Link | --- |
2021 | QFuzz: Quantitative Fuzzing for Side Channels | Yannic Noller, Saeid Tizpaz-Niari | Link | Github |
2021 | Revizor: Fuzzing for Leaks in Black-box CPUs | Oleksii Oleksenko, Christof Fetzer, Boris Köpf, Mark Silberstein | Link | Github |
2021 | Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference | Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, Minhui Xue, Sheng Wen, Dongxi Liu, Surya Nepal, Yang Xiang | Link | --- |
2020 | The never ending war in the stack and the reincarnation of ROP attacks | Ammari Nader, Joan Calvet, Jose M. Fernandez | Link | --- |
2016 | Toward large-scale vulnerability discovery using Machine Learning | Gustavo Grieco, Guillermo Luis Grinblat, Lucas Uzal, Sanjay Rawat, Josselin Feist, Laurent Mounier | Link | --- |
2015 | Pattern-Based Vulnerability Discovery | Fabian Yamaguchi | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2021 | Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick | Can Bölük | Link |
2020 | Bugs on the Windshield: Fuzzing the Windows Kernel | Netanel Ben Simon | Link |
2018 | Deep Exploit - Github Project | Isao Takaesu | Github |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | An Empirical Analysis of HTTPS Configuration Security | Camelia Simoiu, Wilson Nguyen, Zakir Durumeric | Link | --- |
2021 | Security Header Fields in HTTP Clients | Pascal Gadient, Oscar Nierstrasz, Mohammad Ghafari | Link | --- |
2021 | LTrack: Stealthy Tracking of Mobile Phones in LTE | Martin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, Srdjan Capkun | Link | --- |
Year | Title | Author | Link |
---|---|---|---|
2021 | SeaGlass Enabling City-Wide IMSI-Catcher Detection | Peter Ney, Ian Smith, Tadayoshi Kohno, Gabriel Cadamuro | Link |
2020 | BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution | Andy Nguyen | Link |
2019 | New Type Of GPS Spoofing Attack In China Creates "Crop Circles" Of False Location Data | Joseph Trevithick | Link |
2019 | Wireless attacks on aircraft instrument landing systems | Adrian Colyer | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices | Dingding Wang, Muhui Jiang, Rui Chang, Yajin Zhou, Baolei Hou, Xiapu Luo, Lei Wu, Kui Ren | LINK | --- |
2020 | HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation | Abraham A. Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer | Link | Github |
2016 | Towards Automated Dynamic Analysis for Linux-based Embedded Firmware | Daming D. Chen, Manuel Egele, Maverick Woo, David Brumley | Link | Github |
Year | Title | Author | Link |
---|---|---|---|
2020 | Using Z3 Theorem on AVR Firmware | Ryan Cornateanu | Link |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | JACK THE RIPPLER: Arbitrage on the Decentralized Exchange of the XRP Ledger | Gaspard Peduzzi, Jason James, Jiahua Xu | Link | --- |
2021 | Understanding Security Issues in the NFT Ecosystem | Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, Giovanni Vigna | Link | --- |
2021 | Franchised Quantum Money | Bhaskar Roberts, Mark Zhandry | Link | --- |
2021 | An Empirical Study of Protocols in Smart Contracts | Timothy Mou, Michael Coblenz, Jonathan Aldrich | Link | --- |
2021 | Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit | Kaihua Qin, Liyi Zhou, Benjamin Livshits, Arthur Gervais | Link | --- |
Year | Title | Author | Link | Github/PoC |
---|---|---|---|---|
2021 | Trojan Source: Invisible Vulnerabilities | Nicholas Boucher, Ross Anderson | Link | --- |
2021 | Demystifying Scam Tokens on Uniswap Decentralized Exchange | Pengcheng Xia, Haoyu Wang, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, Guoai Xu | Link | --- |
2021 | BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks | Johannes Krupp, Christian Rossow | Link | --- |
2021 | The Rise and Fall of Fake News sites: A Traffic Analysis | Manolis Chalkiadakis, Alexandros Kornilakis, Pangiotis Papadopoulos, Evangelos P. Markatos, Nicolas Kourtellis | -Link | --- |
2021 | Kubernetes Auto-Scaling: YoYo attack vulnerability and mitigation | Ronen Ben-David, Anat Bremler-Barr | Link | --- |
2021 | Intrinsic Propensity for Vulnerability in Computers?Arbitrary Code Execution in the Universal Turing Machine | Pontus Johnson | Link | --- |
2021 | Python and Malware: Developing Stealth and Evasive Malware WithoutObfuscation | Vasilios Koutsokostas, Constantinos Patsakis | Link | --- |
2021 | The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning | Chris McMahon Stone, Sam L. Thomas, Mathy Vanhoef, James Henderson, Nicolas Bailluet, Tom Chothia | LINK | --- |
2021 | How Great is the Great Firewall? Measuring China’s DNS Censorship | Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, Michalis Polychronakis | Link | --- |
2021 | SEVerity: Code Injection Attacks against Encrypted Virtual Machines | Mathias Morbitzer, Sergej Proskurin, Martin Radev, Marko Dorfhuber, Erick Quintanar Salas | Link | --- |
2021 | Web Content Signing with Service Workers | Thomas Sutter, Peter Berlich, Marc Rennhard, Kevin Lapagna, Fabio Germann | Link | --- |
2021 | Memory-Safety Challenge Considered Solved? An In-DepthStudy with All Rust CVEs | Hui Xu, Zhuangbin Chen, Mingshen Sun, Yangfan Zhou, Michael R. Lyu | Link | --- |
2020 | Light CommANDS: Laser-Based Audio Injection on Voice-Controolable Systems | Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, Kevin Fu | Link | --- |
2020 | Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs | Boqin Qin, Yilun Chen, Zeming Yu, Linhai Song, Yiying Zhang | Link | --- |
2020 | Security and Privacy of Social Login | Louis Christopher Jannett | Link | --- |
2014 | ECMAScript 6 for Penetration Testers | Mario Heiderich | Link | --- |
2005 | A Self-Learning Worm Using Importance Scanning | Zesheng Chen, Chuanyi Ji | Link | --- |
2005 | Network Protocol Analysis using Bioinformatics Algorithms | Marshall A. Beddoe | Link |
Year | Title | Author | Link |
---|---|---|---|
2021 | Security and Privacy of Social Logins (I) | Louis Christopher Jannett | Link |
2021 | Security and Privacy of Social Logins (II) | Louis Christopher Jannett | Link |
2021 | Security and Privacy of Social Logins (III) | Louis Christopher Jannett | Link |
2021 | Weird Ways to Run Unmanaged Code in .NET | XPN/Adam Chester | Link |
2020 | Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV-2 Vaccine | Bert Hubert | Link |
2020 | Practical Exploitation of Math.random on V8 | d0nut | YT Github |
2018 | Introduction to Locality-Sensitive Hashing | Tyler Neylon | Link |