Advanced SQL Injection 2.pdf
(
2048 KB
)
Pobierz
Advanced SQL Injection
Presented By:
Joe McCray
joe@learnsecurityonline.com
http://twitter.com/j0emccray
http://www.linkedin.com/in/joemccray
Joe McCray.... Who the heck are you?
The Last of a Dying Breed
A Network Penetration Tester
You know – the nmap, exploit, upload netcat type of guy.
A.K.A:
The only black guy at security conferences
Penetration Testing Was Easy....
Step 1: Tell customer you are 31337 security professional
Customers only applied patches if it fixed something on the system
It was common practice NOT to apply system updates that didn't fix a problem you were
experiencing on a system (WTF ARE YOU DOING - YOU MIGHT BREAK SOMETHING!!!!!)
Step 2: Scan customer network with ISS or Nessus if you were a renegade
Customers didn't apply patches, and rarely even had firewalls and IDSs back then
You know you only ran ISS because it had nice reports...
Step 3: Break out your uber 31337 warez and 0wn it all!!!!!
You only kept an exploit archive to save time (Hack.co.za was all you needed back then)
If you could read the screen you could 0wn the network!!!!!!!
If you were Ub3r 31337 you did it like this....
Port Scan & Banner Grab The Target
Plik z chomika:
musli_com
Inne pliki z tego folderu:
Buffer Overflow Attacks - Detect Exploit Prevent.pdf
(5507 KB)
Advanced SQL Injection 2.pdf
(2048 KB)
Advanced SQL Injection.pdf
(1898 KB)
A Practical Message Falsification Attack on WPA.pdf
(547 KB)
Apache en tant que reverse proxy.pdf
(1517 KB)
Inne foldery tego chomika:
Access Denied The Practice and Policy of Global Internet Filtering
Attacking DDoS At The Source
Crypto
Cryptographie . Algorithmes . Steganographie
Forensic
Zgłoś jeśli
naruszono regulamin