Articles

Back

Strong Passwords: Three Random Words

When performing security tests, we very often come across weak passwords. We often see dictionary words with suffixes such as Welcome1, Password123, or Lockdown2020. We also see “leet” substitutions, such as P@55w0rd, 3l3ph@nt, or L0ckd0wn. We’ve previously shown how quickly password cracking can be performed. With passwords like the above they ...

Securing Wi-Fi Networks

We recently discussed how to break WPA2 keys very quickly using cloud computing. We’ve also looked at how to use a Rogue AP to capture user credentials from a network using PEAP (MSCHAP). In this article we’ll look at hardening Enterprise wireless networks from these attacks. The most secure option is to utilise ...

Fixing SQL Injection

SQL Injection is a vulnerability that occurs where user supplied input is insecurely concatenated into an SQL query. We showed how easy can be to detect in our Finding SQL Injection article, and we’ve run through exploitation in many posts such as our post on Exploiting Error-based SQL Injection. However, in this ...

Fixing LLMNR and NetBIOS-NS Spoofing

In our article LLMNR and NetBIOS-NS Spoofing with Responder we stepped you through how to exploit a very common issue on Windows networks. In this one, we’re going to cover how to fix it. Link-Local Multicast Name Resolution (LLMNR) and NetBIOS-Name Service (NBT-NS) are name resolution protocols that are enabled by default ...

Fixing Cross-site Scripting (XSS)

This issue comes about where user supplied input is included within server responses without filtration or encoding. One very effective method of preventing this attack is to use an allow-list (sometimes called a whitelist) which will allow only known good content. For example, if your expected input is an integer ...

Fixing DOM-Based XSS

Whilst Reflected and Stored XSS can generally be addressed through server-side user input encoding (such as through the PHP htmlentities() function) or with browser protections such as Content-Security-Policy – this is not sufficient for DOM-XSS. Where a dangerous function is used, user input into that function should be limited through user input filtering. ...

Finding SQL Injection

Introduction SQL Injection is an old vulnerability; first published on Christmas Day 1998 in Phrack Magazine 54. The issue occurs where user supplied input is insecurely concatenated into an SQL query. It generally allows a threat actor to perform any of the operations that the database user can execute – such as extracting, ...

SQL Injection Exploitation: Blind-Boolean

This article is Part 4 of a series; to read about detecting and fixing SQL injection in Part 1, click here. Exploitation There are several methods for exploiting SQL Injection vulnerabilities depending on the context of the injection point, any potential filters and Web Application Firewalls (WAF) in place. These methods ...

SQL Injection Exploitation: Union-Based

This article is Part 3 of a series; to read about detecting and fixing SQL injection in Part 1, click here. Exploitation There are several methods for exploiting SQL Injection vulnerabilities depending on the context of the injection point, any potential filters and Web Application Firewalls (WAF) in place. These methods ...

9 / 13
Play Cover Track Title
Track Authors