Category: Blog

  • Nmap preset scans – Options and scan types explained

    Nmap preset scans – Options and scan types explained

    Zenmap is the GUI for the very popular free port scanner Nmap. It comes pre loaded with 10 different scan types which we will take closer look at them in this article. Some of the scan types are kind of obvious, however they may not be to everyone.

  • Handy SQL queries

    Finding filetypes stored in a MySQL table If your system allows fileuploads, and you have a database table where you store all the fileuploads, it could be interesting to see what types and how many types of files are being uploaded to your system. This query will find all filetypes uploaded to the system. Replace…

  • Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)

    Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)

    Hvordan kan det ha seg at en liten gruppe tenåringer klarer å ta ned store nettsider både i Norge og utlandet? Jeg tar en nærmere titt på hvordan slike angrep kan utføres fra gutterommet til en fjortenåring. 

  • Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

    Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

    Cross site scripting is vulnerabilities in web applications that involves injecting valid HTML or scripts in some form or way. XSS is a very widespread vulnerability (see OWASP TOP 10) on the internet today. It is both easy to eliminate and easy to detect. It is however usually harder to exploit than for example SQL…

  • Ways to retrieve a missing persons account passwords

    Since the creation of this post, many other ways of retrieving a password has been discovered, e.g. Mimikatz, Lan Turtle & Responder, Konboot and more. Norwegian newspaper claims police is lacking missing persons social media password Today, a major newspaper, VG announced that the progress in the of a missing person case may be set…

  • Can you use ONE WORD to describe the most important information security solution in your arsenal

    One word On LinkedIn there was a word game in the group “Information Security Community“. The deal was to name what you think is the single most important thing in IT security. The now over 1 year old discussion is still active and keeps popping up in my LinkedIn newsletters. While I do not agree…

  • Enumeration with practical examples from SQLMap

    Enumeration with practical examples from SQLMap

    SQLMap – http://sqlmap.sourceforge.net/ SQLMap is an open source and free automatic SQL injection and database takeover tool. I’ve found it extremely usefull for doing blind SQL injection as it is normally extremely tedious work to get it done quickly. However for this article I will only cover the enumeration function.

  • Unlocking locked laptop – From physical access to recovering NT hashes

    A friend of mine worked at the IT department of a school and we had a talk about what consequences it may have if a laptop without disk encryption got into the wrong hands. He could not see what the big deal was if a student computer got lost so I suggested that if he…