|
Title: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: notsosecure on February 15, 2012, 01:30:29 PM Hello All,
This year at Black Hat Las vegas, I will be hosting a 1 day training course on the most popular web app hacking technique 'SQL Injection'. Here is the abstract of the course: "This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios: Authentication Bypass Extraction of arbitrary sensitive data from the database Access and compromise of the internal network. This training will target 3 databases: MS-SQL MySQL Oracle and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following: Understand the problem of SQL Injection Learn a variety of advanced exploitation techniques which hackers use Learn how to fix the problem Identify, extract, escalate, execute; we have got it all covered. More details can be found here: https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html There are a few seats still left and the course will sell-out very soon. If you require more details feel free to contact me at sid-at-notsosecure-dot-com Thanks Sid Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: MaXe on February 15, 2012, 03:59:29 PM Are you going to cover topics like sub-queries? ;D
Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: notsosecure on February 16, 2012, 01:35:43 AM Topics like sub-query are indeed covered. We start from very basic SQL Injection; authentication bypass and then gradually move to advanced topics such as blind injection, extracting data with out-of-band channels (like DNS), time based SQLI, heavy query, injection in order by, group by, limit etc. There are as many as 15 exercises to practice every technique.
Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: MaXe on February 16, 2012, 04:44:31 PM Now that sounds like I can associate the word advanced to it :) Thanks for the info! ;D I was wondering how advanced it would be, as "advanced" is relative, compared to who's looking. After all, a complete beginner might think something relatively simple is advanced, while a MySQL pro, will probably think the common SQLI is easy, but it looks good, esp. that you included the "limit" injection angle / vector too, as that's definitely not as easy as a UNION SELECT :-)
Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: notsosecure on May 03, 2012, 02:08:33 PM here is a video preview of the training:
http://www.youtube.com/watch?v=6pg-lRv8XTQ only a few seats left...... Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: MaXe on May 03, 2012, 06:36:08 PM Interesting video, even though I've seen most already. :) Very well produced ;D
Title: Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US Post by: notsosecure on June 03, 2012, 03:54:13 AM A few seats still left in the course. The course has been completely re-written and contains only relevant/advanced instances/examples.
Such as SQLI in orderby, group by etc SQL in stored procedures double encoding Injection in cookies, headers OS code exec by UDF Injection and loads more.. See you there! https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html Thanks Sid www.notsosecure.com
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |