HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US
EH-Net
May 23, 2013, 05:23:36 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US  (Read 6335 times)
0 Members and 1 Guest are viewing this topic.
notsosecure
Newbie
*
Offline Offline

Posts: 12



View Profile WWW
« on: February 15, 2012, 01:30:29 PM »
Hello All,

This year at Black Hat Las vegas, I will be hosting a 1 day training course on the most popular web app hacking technique 'SQL Injection'.

Here is the abstract of the course:

"This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

Authentication Bypass
Extraction of arbitrary sensitive data from the database
Access and compromise of the internal network.
This training will target 3 databases:

MS-SQL
MySQL
Oracle

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Understand the problem of SQL Injection
Learn a variety of advanced exploitation techniques which hackers use
Learn how to fix the problem
Identify, extract, escalate, execute; we have got it all covered.

More details can be found here:
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

There are a few seats still left and the course will sell-out very soon. If you require more details feel free to contact me at sid-at-notsosecure-dot-com

Thanks
Sid
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: February 15, 2012, 03:59:29 PM »
Are you going to cover topics like sub-queries?  Grin
Logged
I'm an InterN0T'er
notsosecure
Newbie
*
Offline Offline

Posts: 12



View Profile WWW
« Reply #2 on: February 16, 2012, 01:35:43 AM »
Topics like sub-query are indeed covered. We start from very basic SQL Injection; authentication bypass and then gradually move to advanced topics such as blind injection, extracting data with out-of-band channels (like DNS), time based SQLI, heavy query, injection in order by, group by, limit etc. There are as many as 15 exercises to practice every technique. 
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #3 on: February 16, 2012, 04:44:31 PM »
Now that sounds like I can associate the word advanced to it  Smiley Thanks for the info!  Grin I was wondering how advanced it would be, as "advanced" is relative, compared to who's looking. After all, a complete beginner might think something relatively simple is advanced, while a MySQL pro, will probably think the common SQLI is easy, but it looks good, esp. that you included the "limit" injection angle / vector too, as that's definitely not as easy as a UNION SELECT :-)
Logged
I'm an InterN0T'er
notsosecure
Newbie
*
Offline Offline

Posts: 12



View Profile WWW
« Reply #4 on: May 03, 2012, 02:08:33 PM »
here is a video preview of the training:

http://www.youtube.com/watch?v=6pg-lRv8XTQ

only a few seats left......
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #5 on: May 03, 2012, 06:36:08 PM »
Interesting video, even though I've seen most already.  Smiley Very well produced  Grin
Logged
I'm an InterN0T'er
notsosecure
Newbie
*
Offline Offline

Posts: 12



View Profile WWW
« Reply #6 on: June 03, 2012, 03:54:13 AM »
A few seats still left in the course. The course has been completely re-written and contains only relevant/advanced instances/examples.

Such as SQLI in orderby, group by etc
SQL in stored procedures
double encoding
Injection in cookies, headers
OS code exec by UDF Injection
and loads more..

See you there!
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

Thanks
Sid
www.notsosecure.com
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.06 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.