Was looking back through some of my notes and came across this write up I did for a Struts exploit. Nothing crazy but what I liked about the notes I captured was around detection on what defenders could have alerted on when this exploit came out. Enjoy!
Confirmed publicly released exploits of CVE-2017-9791 do […]
This guy doesn’t post a whole lot but the stuff he does post is spot on and nicely written. In this tutorial he gives a great introduction into out of band attacks. Goes over in detail how to pull off blind attacks leveraging SQL injection and command injection. Also before he dives […]
Some would say what’s old is new again when it comes to a phrase like “breach and attack simulations”. How is this different from vulnerability scanning, pentesting, or red teaming? Really it’s more of a maturation of cyber security services so if your organization doesn’t currently employ a combination of vulnerability scanning, penetration testing, or […]
Useful link for anyone wanting to download free virtual images to test IE versions https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Encoding SQL injection attacks is nothing new and automated tools like SQLmap will more than likely find flaws via this method. That being said I was combing through some of my old docs and found what I think is a decent explanation how this type of attack leads to SQL injection.
I’ll be demonstrating this on an app […]