We are AkimboCore.

We are a cybersecurity start-up with an aim:

To work hard
on the interesting problems
and to automate
the mundane ones.

We're a team of cybersecurity professionals building new ways to perform security testing.

Looking to learn more about Cybersecurity?

SQL Injection Exploitation: Out-of-Band

Out-of-band exploitation refers to exploits where the extracted information is received over a connection other than the one the payload was delivered over. It can be used to bypass defensive technologies as well as complicating the detection and response capability.

SQL Injection can be exploited out-of-band through protocols such as DNS in order to extract database contents. This is particularly useful as an alternative to Time-based exploitation where it can allow for faster extraction.

Read More

Strong Passwords

When performing security tests, we very often come across weak passwords. We often see dictionary words with suffixes such as Welcome1, Password123, or Lockdown2020. We also see "leet" substitutions, such as P@55w0rd, 3l3ph@nt, or L0ckd0wn.

In this post, we break down options for choosing more secure passwords.

Read More

Preventing Windows Accounts Being Bruteforced

In a previous article we discussed how bruteforcing Windows accounts is often easier than people expect. In this post - we'll cover some steps to harden these accounts.

Read More

Securing Wi-Fi Networks

We recently discussed how to break WPA2 keys very quickly using cloud computing. We've also looked at how to use a Rogue AP to capture user credentials from a network using PEAP (MSCHAP).

In this article we'll look at hardening Enterprise wireless networks from these attacks.

Read More

Fixing SQL Injection

SQL Injection is a vulnerability that occurs where user supplied input is insecurely concatenated into an SQL query.

We showed how easy can be to detect in our Finding SQL Injection article, and we’ve run through exploitation in many posts such as our post on Exploiting Error-based SQL Injection.

Read More

Fixing LLMNR and NetBIOS-NS Spoofing

In our article LLMNR and NetBIOS-NS Spoofing with Responder we stepped you through how to exploit a very common issue on Windows networks. In this one, we’re going to cover how to fix it.

LLMNR and NetBIOS-NS are both a fallback for DNS and can be used to perform interception attacks, leading to credential theft or even command execution. However, these two articles are not commonly needed on networks and can therefore be safely disabled.

Read More