December 2017

Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators

0Comment

I was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection. Due to various…

Security

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2)

0Comment

Building on from my previous post, this will primarily focus on delivering an Empire payload via an embedded offensive PowerShell script stored within the ‘comments’ property of an MS Excel…

Security

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 1 of 2)

0Comment

As a penetration tester I’m always excited to see new and creative methods on creating weaponized MS Office documents. This blog post builds on the following findings published by Black…

Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2)

Executing Metasploit & Empire Payloads from MS Office Document Properties (part 1 of 2)

You Missed

Summary of the CUPS Vulnerability

Rapidly Creating Fake Users in your Lab AD using Youzer

Wardriving with Kismet, GPS and Google Earth.

Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Operators

Archives