Error based SQL Injection in “Order By” clause (MSSQL)

Posted on Posted in Hacker News, Paper

Introduction: SQL Injection AKA mother of hacking is one of the notorious and well known vulnerability which has caused lots of damage to cyber world. Researchers has published lots of stuff on different-2 exploitation techniques for conducting various type of attacks including accessing data stored in database, reading/writing code from/to server using load and into […]

Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Posted on Posted in Hacker News, Paper

Skilled attackers continually seek out new attack vectors while employing evasion techniques to maintain the effectiveness of old vectors in an ever-changing defensive landscape. Numerous threat actors employ obfuscation frameworks for common scripting languages like JavaScript and PowerShell to thwart signature-based detections of common offensive tradecraft written in these languages. However, as defenders’ visibility into […]

Shellcode Alchemy

Posted on Posted in Hacker News, Paper

Introduction: Shellcodes plays a very important role in cyber security field, they are widely used in a lot of malware and exploits. So, what is shellcode? Shellcode is basically a series of bytes that will be interpreted as instructions on CPU, the main purpose of writing shellcodes is exploiting vulnerabilities that allows executing arbitrary bytes […]

RSA ASYMMETRIC POLYMORPHIC SHELLCODE

Posted on Posted in Hacker News, Paper

Introduction: Firewalls and Intrusion Detection Systems (IDS) are the basic core regarding safety in any company or network infrastructure within an organization. While a simple firewall filters the traffic, taking as a basis the information of the network as the TCP/UDP ports and IP addresses, the IDS performs a much more in-depth research considering and […]