Category Archives: Uncategorized

CVE-2017-9791 exploit details

Was looking back through some of my notes and came across this write up I did for a Struts exploit. Nothing crazy but what I liked about the notes I captured was around detection on what defenders could have alerted on when this exploit came out. Enjoy!

Confirmed publicly released exploits of CVE-2017-9791 do […]

Hacking tutorial of the week (1/6/2020)

This guy doesn’t post a whole lot but the stuff he does post is spot on and nicely written. In this tutorial he gives a great introduction into out of band attacks. Goes over in detail how to pull off blind attacks leveraging SQL injection and command injection. Also before he dives […]

Why your organization should be doing Breach & Attack Simulations

Some would say what’s old is new again when it comes to a phrase like “breach and attack simulations”.  How is this different from vulnerability scanning, pentesting, or red teaming?  Really it’s more of a maturation of cyber security services so if your organization doesn’t currently employ a combination of vulnerability scanning, penetration testing, or […]

Testing versions of IE

Useful link for anyone wanting to download free virtual images to test IE versions https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Encode your SQL injection attacks

Encoding SQL injection attacks is nothing new and automated tools like SQLmap will more than likely find flaws via this method.  That being said I was combing through some of my old docs and found what I think is a decent explanation how this type of attack leads to SQL injection.
I’ll be demonstrating this on an app […]