Hacking

The word “hacking” has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber-criminals as “crackers”), the second definition is much more commonly used.

Detect SQL Injection (SQLi) and XSS

LibInjection-Detect-SQL-Injection-SQLi-and-Cross-Site-Scripting-XSS.png

SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.

Read More »

Machine Learning Network Share Password Hunting Toolkit

Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C#. The tool is discussed in more detail on this blog here, but is summarised below also. SharpML performs a number of operations with a view to mining file shares, querying Active Directory for users, dropping an ML model and associated rules, performing Active Directory authentication checks, with a view to automating the process of hunting for passwords in file shares by feeding the mined data into the ML model.

Read More »

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.