SQLi is still a thing?

🍃Quote of the week:

SQL injection is one of the least sophisticated yet most dangerous threats to web application security ~ Kevin Mitnick

What To Expect 🫡

• Finding and exploiting SQLi using manual methods and automated tooling💉
• A Cloud Security Engineer roadmap to get you from zero to hero ☁️
• A comprehensive research playbook for Android security 📱

One of the best SQLi writeups I’ve seen in a minute💉

I haven’t found SQLi in a pentest or during the little bug bounty hunting that I do, but apparently, some people do. This write-up goes into detail about how you could potentially exploit SQLi using both manual methods and automated tooling. Here’s the TLDR:

• Identify SQL injection vulnerability using error-based SQLi technique.

• Use SQLMap for automatic detection, leveraging time-based SQLi to confirm.

• Overcome length filter via manual enumeration by focusing on metadata extraction.

• Use shorter query payloads, nested queries, and built-in functions for efficiency.

• Achieve database and table name extraction by bypassing the web application’s imposed character limit restrictions - shorter payloads.

  • https://readme.synack.com/defeating-length-filters-to-dump-the-database-sqli

Cloud security roadmap 🛣️

Pwnedlabs released a guide to get into cloud security a while ago. This guide covers some of the following areas:

• Linux and Containers
• Cloud Security Principles
• Hacker Mindset
• Automation and Scripting 06
• Data Encryption, Keys, and Storage 09

https://pwnedlabs.io/roadmaps/cloud-security-engineer/roadmap.pdf

Android Security Research Playbook 📱

Darkwolf Solutions also recently released something; a playbook for Android research. I haven’t looked at the entire thing, but best believe I will be. I skimmed through the table of contents and bookmarked the thing immediately!

https://github.com/DarkWolf-Labs/playbooks/blob/main/Android-Security-Research-Playbook.pdf