Fastest shot. Optimizing Blind SQL injection

Being employed with BI.ZONE, I have to exploit Blind SQL injection vulnerabilities on a regular basis. In fact, I encounter Blind-based cases even more frequently than Union- or Error-based ones. But how to raise the efficiency of such attack? This article provides an overview of approaches used to exploit Blind SQL injection and techniques expediting the exploitation.
Read full article →

Elephants and their vulnerabilities. Most epic CVEs in PostgreSQL

Once a quarter, PostgreSQL publishes minor releases containing vulnerabilities. Sometimes, such bugs make it possible to make an unprivileged user a local king superuser. To fix them, Postgres DBAs release patches simultaneously with the updates and sleep peacefully. However, many forks share a large codebase with PG and remain vulnerable! I reviewed the historical Postgres CVEs in search of interesting security holes and found plenty of exciting stuff there.
Read full article →

Timeline of everything. Collecting system events with Plaso

As you are likely aware, forensic analysis tools quickly become obsolete, while hackers continuously invent new techniques enabling them to cover tracks! As a result, valiant DFIR (Digital Forensics and Incident Response) fighters suffer fiascoes on a regular basis. So, I suggest to put aside the outdated (but no less sharp Scalpel) for now and look around for new tools.
Read full article →

First contact: An introduction to credit card security

I bet you have several cards issued by international payment systems (e.g. Visa or MasterCard) in your wallet. Do you know what algorithms are used in these cards? How secure are your payments? People pay with such cards every day but know very little about them. Numerous myths accompany card payments. But to understand what tricks can be used to steal money from a card, you must first get an idea of the payment mechanisms used in it.
Read full article →

Step by Step. Automating multistep attacks in Burp Suite

When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly use the same resource, etc.). There are plenty of tools designed for this purpose. Which one to choose if you need, for instance, to make five requests over HTTP a thousand times in a row, while maintaining the same session? My choice is Burp Suite, and in this article, I will explain why.
Read full article →