• We already discussed the basics of the Padding Oracle Attack in a previous video. In this video, we will look at a proof of concept on a ASP.NET application.

    This proof-of-concept exploit performs a Padding Oracle attack against a simple ASP.NET application (it can be any application) to download a file from the remote Web Server. In this example…[Read more]

  • “SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real…[Read more]

  • PentesterLab is an easy and straight forwards way to learn the basics of penetration testing. It provides vulnerable systems in a virtual image, and accompanying exercises that can be used to test and understand vulnerabilities.

  • If you need to change the URL of a page as it is shown in search engine results, we recommend that you use a server-side 301 redirect. This is the best way to ensure that users and search engines are directed to the correct page. The 301 status code means that a page has permanently moved to a new location.

    301 redirects are particularly useful…[Read more]

  • For some time, Apache and Microsoft have commanded the lion’s share of the Web server market. While Apache is the clear-cut winner in the Netcraft and Security Space monthly surveys, Internet Information Server dominates among Fortune 1000 enterprises.
    SWatch Reader Favorite! IIS and Apache are the two most widely deployed Web servers. Not…[Read more]

  • When it comes to creating applications, there is a need for multiple environments to support the development process. It typically starts on the developers own computer, then on to an integration environment, a QA testing environment, possibly a UAT (User Acceptance Testing) environment, and then finally production. Depending on your organization,…[Read more]

  • TrustedSec is proud to announce the release of the Social-Engineer Toolkit (SET) v5.0 codename: The Wild West. This version is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin…[Read more]

  • Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

    BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection v…[Read more]

  • It really has been a long time since I last posted. This post is more of an essay, so it may be a TL;DR for some, but hopefully a there is some good information for those who wish to break into Penetration testing or at the very least something I can point people to next time I’m, asked.

    As I’m sure is the experience of other Penetration T…[Read more]

  • Henry864 replied to the topic Pen Testing Lab in the forum Tutorials 5 years, 2 months ago

    Introducing the Offensive Security Penetration Testing Labs (OSPTL), a safe virtual network environment designed to be attacked and penetrated as a means of learning and sharpening your pen testing skills. The OSPTL was created using our years of experience running the Offensive Security Training Labs, as well as the large number of pen tests we…[Read more]

  • Kali Linux is the evolution of Backtrack a notorious Digital Forensic and Intrusion Detection software suite with a whole lot of tools for Penetration Testing. Offensive Security, the creators of Backtrack and Kali Linux, decided to incorporate many new changes to what was then to be called Backtrack 6. Since it had been completely built from…[Read more]

  • Cyber criminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends. In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks,…[Read more]

  • Henry864 replied to the topic Should I learn C? in the forum Programming 5 years, 2 months ago

    I am not going to tell you that you need to know C/C++ because it is the language that every hacker has to know to be worth of such a name. I am not even going to try to convince you that C/C++ has a shrinking community and this will make the wages rise for those fortunate programmers knowing such language. I will not even use the card of the…[Read more]

  • Index Security tube Linux Assembly Expert Sale rapid share media fire mega upload hot file, via torrent download, emule download, full free download, Index Security tube Linux Assembly Expert Sale rar zip password, crack serial keygen cd key download or anything related.
    Index Security tube Linux Assembly Expert Sale | Security tube Linux Assembly…[Read more]

  • If you are indeed a beginner programmer, you may wish to consider the books in the 2nd book list I wrote up in A Python Reading List by Wesley Chun:

    Hello World! Computer Programming for Kids and Other Beginners, 2nd ed., Warren Sande and Carter Sande, Manning
    Invent your Own Computer Games with Python, 2nd edition, Al Sweigart
    Python for…[Read more]

  • If you are indeed a beginner programmer, you may wish to consider the books in the 2nd book list I wrote up in A Python Reading List by Wesley Chun:

    Hello World! Computer Programming for Kids and Other Beginners (http://helloworldbookblog.com), 2nd ed., Warren Sande and Carter Sande, Manning
    Invent your Own Computer Games with Python…[Read more]

  • Until recently the exact model of how ALSR and other memory protection mechanisms work on Linux was something that I knew only at a high level. Recently I’ve done a lot of work where I’ve had the need to bypass these mechanisms (in a cooperative setting), and I want to explain for readers exactly how the memory protection model on x86/Linux…[Read more]

  • Web servers are often the vector through which hackers mount successful online attacks. Understanding the nature of exploitable risks at this level is essential to properly protecting applications from malicious actors. This course looks at a broad range of risks in web server implementations and more importantly, how you can defend against these…[Read more]

  • I realize that parameterized SQL queries is the optimal way to sanitize user input when building queries that contain user input, but I’m wondering what is wrong with taking user input and escaping any single quotes and surrounding the whole string with single quotes.

    Any single-quote the user enters is replaced with double single-quotes, which…[Read more]

  • Henry864 replied to the topic Email testing in the forum Web Applications 5 years, 2 months ago

    We’re fans of this tool because of the various email program display views. It’s always important to know how things will appear for all of your readers and the different programs they use. Email on Acid offers a free version that shows what your email looks like in Gmail and Outlook 2003, plus they take a look at your HTML and let you know if the…[Read more]

  • Load More

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?