Research And Publications

 Home / Research / Research And Publications

Code Releases

ASL HackMe Labs is yet another vulnerabile web application to practice various web based attacks. You can practice many web application attacks with these labs. Can be installed in both XAMPP and WAMPP.
Attacks You Can Practice With ASL HackMe Labs are

1) SQLi login bypass
2) SQLi Error Based
3) SQLi UNION based
4) Bilnd SQLi
5) SQLi filter bypassing
7) User Agent based SQLi
8) XSS through SQLi
9) Upload webshell through SQLi
10) XSS
11) User Agent based XXS
12) Full Path Disclosure
13) LFI
14) RFI
15) PHP Wrapper injections
16) Cookie based SQLi
17) Image Upload bypasses
18) Javascript Login Bypass
19) Logs Poisoning
20) Remote Command Execution
21) Header Injections

Download here...

Research Papers

Manual analysis of mailcious PDF malware

A paper discussing on how to manually analyze malicious pdf documents, extract javascript from pdf, test shellcode etc.

Read More

Recreating exploits from malware samples found in the Wild..

This is a paper on how to analyze and reverse engineer malware samples found in the wild. And for an offensive approach to security how to recreate these weapons to use against the mailcious hackers.

Read More

Uac a total Joke!

A UAC bypass method discovered by us.

Read More

Defeating Captcha by image reconstruction !

An interesting project to defeat Liberty Reserve captcha. This technique can be used to crack other similar captchs's also.

Read More

Web Vulnerabilities

XSS vulnerability in AOL search. We are trying to contact the AOL team. No reply from them yet.

Read More

There is a Cross Site Scripting Vulnerability in subdomain. Its in . This vulnerability allows the attacker to steal cookies and perform session hijacking attacks or use XSS worms. The vendor has been notified regarding the vulnerability details.

Read More

Sql Injection in Facebook applications!

Read More

Pragyan CMS v 3,0 mulltiple vulnerabilities!

Read More


MS Office 2007 and 2010 - OLE Arbitrary Command Execution

Microsoft Word Record Parsing Buffer Overflow

SAP Player 0.9 Buffer Overflow

Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.

Digital Music Pad version SEH overflow exploit.

Quick Player version 1.3 unicode SEH exploit.

This Metasploit module exploits a buffer overflow in Digital Music Pad version When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

DJ Studio Pro version SEH overwrite exploit.

Audiotran version SEH overflow exploit that creates a malicious .pls file.

Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.

Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.

Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.

Mediacoder version buffer overflow exploit that binds a shell to port 5555.

Video Workstation Version dll hijacking (iacenc.dll, ir50_lcs.dll)!!

iworkstation Version dll hijacking exploit


Mediamonkey v. DOS POC

Spider player .m3u playlist DOS POC

Rosoft media player 4.4.4 SEH buffer overflow POC

Quintessential Player 5.0.121 Denial of Service

  •   D-15, Sai Appartments, Sector-13, Rohini,
    New Delhi. 110085
  •   +91 9899395593
  •   +91 9899395593

About ASL IT Security

Our goal is to provide highest levels of technical excellence, combined with the equally important qualities of trustworthiness, responsiveness and excellent customer service. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.

Read more
Choose Theme Options

Predefined Color Skins