Category Archives: Uncategorized

Hacking tutorial of the week (1/6/2020)

This guy doesn’t post a whole lot but the stuff he does post is spot on and nicely written. In this tutorial he gives a great introduction into out of band attacks. Goes over in detail how to pull off blind attacks leveraging SQL injection and command injection. Also before he dives […]

Why your organization should be doing Breach & Attack Simulations

Some would say what’s old is new again when it comes to a phrase like “breach and attack simulations”.  How is this different from vulnerability scanning, pentesting, or red teaming?  Really it’s more of a maturation of cyber security services so if your organization doesn’t currently employ a combination of vulnerability scanning, penetration testing, or […]

Testing versions of IE

Useful link for anyone wanting to download free virtual images to test IE versions

Encode your SQL injection attacks

Encoding SQL injection attacks is nothing new and automated tools like SQLmap will more than likely find flaws via this method.  That being said I was combing through some of my old docs and found what I think is a decent explanation how this type of attack leads to SQL injection.
I’ll be demonstrating this on an app […]

Metasploit set rhosts file

Just a quick tip I don’t see documented a bunch of places, when you want to feed metasploit a list of targets in a file you need to use the following syntax.
set rhosts file:/path/to/file
Below is a screenshot for context.