Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM#Ivanti https://t.co/weWtiB72Dv
I've prepared 3 easy wargame challenges for HITCON CMT 2024 event, plus my coworker's challenge for a total of 7 challenges. I hope everyone enjoys them🥳
I've prepared 3 easy wargame challenges for HITCON CMT 2024 event, plus my coworker's challenge for a total of 7 challenges. I hope everyone enjoys them🥳
It's a short story about how do I perform a strange MSSQL Injection when the database doesn't even exist.
I'm trying to write in English this time, and I had a hard time writing. I hope everyone can still like it.
https://t.co/ULeMDfCFfT
If an attacker exploits 0day to compromise service and leaves backdoor. After some time, victim fixes 0day but leaves backdoor behind. Then another attacker exploits new vuln to find backdoor and uses it to compromise enterprise, how do you describe second attack in ATT&CK?
@logonfail If 2 attacks are by 2 different attack group, would you still choose technique under "Persistence"? or choose technique under "Initial Access"?
🎄SQLi was first reported 25 years ago, by a researcher once known as Rain Forest Puppy, in Phrack Magazine on this day in 1998.
🎁 Happy birthday SQLi! 🎁
🐛Despite being around for 25 years, it's still essential knowledge for pentesters.