Category Archives: Uncategorized

Hacking tutorial of the week (1/6/2020)

This guy doesn’t post a whole lot but the stuff he does post is spot on and nicely written. In this tutorial he gives a great introduction into out of band attacks. Goes over in detail how to pull off blind attacks leveraging SQL injection and command injection. Also before he dives […]

Why your organization should be doing Breach & Attack Simulations

Some would say what’s old is new again when it comes to a phrase like “breach and attack simulations”.  How is this different from vulnerability scanning, pentesting, or red teaming?  Really it’s more of a maturation of cyber security services so if your organization doesn’t currently employ a combination of vulnerability scanning, penetration testing, or […]

Testing versions of IE

Useful link for anyone wanting to download free virtual images to test IE versions https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Encode your SQL injection attacks

Encoding SQL injection attacks is nothing new and automated tools like SQLmap will more than likely find flaws via this method.  That being said I was combing through some of my old docs and found what I think is a decent explanation how this type of attack leads to SQL injection.
I’ll be demonstrating this on an app […]

Metasploit set rhosts file

Just a quick tip I don’t see documented a bunch of places, when you want to feed metasploit a list of targets in a file you need to use the following syntax.
set rhosts file:/path/to/file
Below is a screenshot for context.