background preloader

Hacking / Pen testing

Facebook Twitter

Offline Windows Password & Registry Editor. Web For Pentester. Immerse Yourself in Cryptography! DUMPING A COMPLETE DATABASE USING SQL INJECTION - InfoSec Institute. SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications.


It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application. The underlying fact that allows for SQL Injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly. For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt. Escalate-your-pen-testing-efficiency-video. Penetration testing can often be tiresome and time-consuming work, but it doesn’t have to be.


The Metasploit team and users alike have figured out how to automate seemingly staggering tasks to make the most of their time. Product features like Metamodules, credentials management, simplified reporting, and more, help pen testing professionals get their jobs done quickly and right. Log Analysis for Web Attacks: A Beginner's Guide.

Introduction It is often the case that web applications face suspicious activities due to various reasons, such as a kid scanning a website using an automated vulnerability scanner or a person trying to fuzz a parameter for SQL Injection, etc.

Log Analysis for Web Attacks: A Beginner's Guide

In many such cases, logs on the webserver have to be analyzed to figure out what is going on. If it is a serious case, it may require a forensic investigation. Apart from this, there are other scenarios as well. Shell Injection and Command Injection Attack Vector. Shell injection, also known as command injection (the terms are used interchangeably here), while not the most frequently talked about or discovered vulnerability, is nonetheless one of the most critical.

Shell Injection and Command Injection Attack Vector

This article aims to be the most in depth shell injection article and tutorial on the web. For corrections or enhancements to the content, please contact us. Penetration Testing with Kali Linux. Penetration Testing with Kali Linux (PWK) is an online training course designed for network administrators and security professionals who need to acquaint themselves with the world of offensive information security.

Penetration Testing with Kali Linux

This penetration testing training introduces the latest hacking tools and techniques in the field and includes remote virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux attempts to simulate a full penetration test, from start to finish, by injecting the student into a rich, diverse, and vulnerable network environment. Penetration Testing with Kali Linux is an entry-level course but still requires students to have certain knowledge prior to attending the class.

A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Hackers Breaking New Ground With Ransomware. The tools and tactics being used to go after victims reveal growing sophistication, and gamers need to look out, security researchers say.

Hackers Breaking New Ground With Ransomware

The enormous success which hackers have had extracting millions of dollars from individuals and businesses using ransomware appears to be driving more sophisticated tools and tactics from them. This week researchers sounded the alert on two recent ransomware families that break ground in different ways. One of them dubbed Virlock is noteworthy because it not only locks the screen of compromised systems like other ransomware, but also infects files on the device. First noticed by security firm ESET in December, Virlock is also polymorphic, meaning the code changes every time it runs making it hard to detect using standard malware detection tools. In an alert on Friday, security firm Trend Micro described Virlock as the first ransomware that includes file infection in its routine.

9 Things You Need to Do When Your Email Is Hacked. For many people, the first sign that their email has been hacked comes when a friend shoots them a text or an email saying, "Hey there. LastPass CEO Explains Possible Hack. The CEO of password management company LastPass says it's highly unlikely hackers gained access to his millions of users' data--but that he doesn't want to take any chances.

LastPass CEO Explains Possible Hack

Speaking exclusively with PCWorld, LastPass CEO Joe Siegrist explained how his company came to the conclusion that its servers, which provide cross-platform password storage for millions of customers, may have been accessed by an outside party. Just one day earlier, LastPass announced via its blog that it had noticed a "network traffic anomaly" and was implementing additional security as a result.

Siegrist now says he may have been "too alarmist" in assuming the worst, but that--even if it ended up hurting his company's image--he wanted to act quickly and make sure everyone was informed. Given the proximity of the event to Sony's Playstation Network hack, after all, security was certainly high on many users' minds. How I Got My Digital Life Back Again After An Epic Hacking. When my data died, it was the cloud that killed it.

How I Got My Digital Life Back Again After An Epic Hacking

The triggers hackers used to break into my accounts and delete my files were all cloud-based services — iCloud, Google, and Amazon. Some pundits have latched onto this detail to indict our era of cloud computing. Yet just as the cloud enabled my disaster, so too was it my salvation. Yes, you can die by the cloud.