SQL Injection 101: Database & SQL Basics Every Hacker Needs to Know

The key to becoming a competent white hat is knowing how the technology that you are trying to exploit actually works. SQL injection is one of the most common methods of attack used today and also one of the easiest to learn. In order to understand how this attack works, you need to have a solid grasp of ... you've guessed it ... SQL. This series will start at the bottom with the fundamentals of SQL and SQL injection, moving on to database identification and more advanced techniques, and finally closing with methods used to prevent and mitigate these types of attacks. What Is SQL Injection... more

from Null Byte « WonderHowTo full article here

A week in security (December 17 – 23)

Last week on Labs we looked at Fuchsia OS as a possible alternative for Android , explained all the reasons why cybercriminals want to hack your phone , discussed a flaw in Twitter form that may have been abused by nation states , gave you a Christmas tech scams roundup , revealed why many online quizzes qualify as phishing scams , gave some tips about safely using those smart speakers you got for Christmas , pointed out that the Underminer exploit kit improved its latest iteration , and reminded everyone that Chromebooks can and do get infected . Other cybersecurity news PewDiePie hackers strike again: hackers claimed that they launched yet another attack tricking hundreds of thousands of printers globally to print pamphlets promoting YouTube celebrity " PewDiePie ." (Source: ThreatPost) Equifax breach was entirely preventable: the Republican majority staff of the U.S. House of Representatives Committee on Oversight and Government Reform says the hack attack ...

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware , a collection of various scraped data dumps , the protection of power grids , and how bad actors are using SMB vulnerabilities . Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more access to photos than should normally be granted, including images uploaded but not published. (source: Facebook) Bomb threats may be a hoax: An email in circulation urging ransom payments in Bitcoin lest bombs across the US be detonated may well be a fake , according to US law enforcement. (source: The Register) Man jailed for fraud offenses: A man in the UK has been jailed for taking part in fraudulent activities. The main point of interest is surely the spectacular device he built. (source: Met Police) Another Google Plus bug: For six days, developer were able to access profile data not made public by the users. (source: Google) Windows 10 data collection: Reddit use...

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace : A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...

Cyb0rn™

Search This Blog