Hacking and Security Articles
Second Order SQL injections
There are a good numbers of SQL injections. One of the most difficult to detect and to exploit are Second Order SQLi. We can definy First Order SQLi as the "classical" and more frequent vulnerability in which we edit a legit query with our own code in the same SQL statement i... continue reading
Serious vulnerability in Excel sheets (VBA bruteforce)
Sorry for the Dutch text in the images.
I did not have an English version of Office at hand.
1. What is an exploit?
I could spend ages trying to explain what an exploit is, luckily there are dictionaries that can explain it in one full sentence:
A program or system designed to take... continue reading
[TED] Hackers: the Internet's immune system
In this video from 2014, cybersecurity expert Keren Elazari explains how hackers force the world to evolve and improve.
If you've never seen it before, take time to watch this video. Of course it's well known from us, but it's always interesting to see things from a global point of view.
http://ww... continue reading
How To Protect SSH With Two-Factor Authentication
To protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module.
Every time you connect you have to enter the code from your smartphone.
Attention: If you activate the google-authenticator for a normal user but not for root you can't login... continue reading
No Wireshark? No TCPDump? No Problem!
Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host? Then you find that installing winpcap or wireshark was simply out of scope or otherwise not allowed on that SQL, Exchange, Oracle or other host? It used to be... continue reading