Error based SQL Injection in “Order By” clause (MSSQL)

Posted on Posted in Hacker News, Paper

Introduction: SQL Injection AKA mother of hacking is one of the notorious and well known vulnerability which has caused lots of damage to cyber world. Researchers has published lots of stuff on different-2 exploitation techniques for conducting various type of attacks including accessing data stored in database, reading/writing code from/to server using load and into […]

Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Posted on Posted in Hacker News, Paper

Skilled attackers continually seek out new attack vectors while employing evasion techniques to maintain the effectiveness of old vectors in an ever-changing defensive landscape. Numerous threat actors employ obfuscation frameworks for common scripting languages like JavaScript and PowerShell to thwart signature-based detections of common offensive tradecraft written in these languages. However, as defenders’ visibility into […]

Cross Site Scripting ‘XSS’ in a Nutshell

Posted on Posted in Hacker News, Tutorial's

What is XSS? Cross-Site Scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser. The attacker exploits an XSS vulnerability in a website that the victim visits, in order to deliver the malicious JavaScript through the website to the victim’s browser, the malicious JavaScript appears to […]

From APK to Golden Ticket

Posted on Posted in Hacker News, Tutorial's

Owning an Android smartphone and gaining Domain Admin rights and more… Andrea Pierini <decoder.ap@gmail.com>, Giuseppe Trotta <giutrotta@gmail.com> February 24, 2017 This article describes the potential dangers of using personal smartphones in corporate networks and as a result has been modeled after real events. It has been demonstrated that it is not so difficult for ill­intentioned to deceive an employee installing a malicious app on […]