Cyber Security Blog of Chris Dale

  • Why it’s easy being a hacker – A SQL injection case study

    Finding SQL injections today is like picking apples from an apple tree. It’s very easy, and anyone can do it. Ask any hacker you want, SQL injection is everywhere. There have been many folks predicting the end of SQL Injection, however, year after year we see it in the OWASP Top 10.

  • Is social engineering an actual threat?

    A question was raised on a security community (security.stackexchange.com) on whether or not social engineering is still a threat. The question refers to Kevin Mitnick’s book from 2002: “The Art of Deception: Controlling the Human Element of Security“. The person writing the question asks if we shouldn’t be immune to these types of attacks and techniques after…

  • SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)

    SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)

    I 2013 tilbyr SANS mentor basert studium her i Bergen, oppstart 6. Mars. Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Mentor er…

  • Evolution of the Nmap source code

    Evolution of the Nmap source code

    This awesome codeswarm of the Nmap sourcecode shows the development of Nmap from 2005 to todays date. Pretty impressive development history, and also fun to watch!

  • Nmap preset scans – Options and scan types explained

    Nmap preset scans – Options and scan types explained

    Zenmap is the GUI for the very popular free port scanner Nmap. It comes pre loaded with 10 different scan types which we will take closer look at them in this article. Some of the scan types are kind of obvious, however they may not be to everyone.

  • Handy SQL queries

    Finding filetypes stored in a MySQL table If your system allows fileuploads, and you have a database table where you store all the fileuploads, it could be interesting to see what types and how many types of files are being uploaded to your system. This query will find all filetypes uploaded to the system. Replace…

  • Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)

    Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)

    Hvordan kan det ha seg at en liten gruppe tenåringer klarer å ta ned store nettsider både i Norge og utlandet? Jeg tar en nærmere titt på hvordan slike angrep kan utføres fra gutterommet til en fjortenåring. 

  • Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

    Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history

    Cross site scripting is vulnerabilities in web applications that involves injecting valid HTML or scripts in some form or way. XSS is a very widespread vulnerability (see OWASP TOP 10) on the internet today. It is both easy to eliminate and easy to detect. It is however usually harder to exploit than for example SQL…

  • Ways to retrieve a missing persons account passwords

    Since the creation of this post, many other ways of retrieving a password has been discovered, e.g. Mimikatz, Lan Turtle & Responder, Konboot and more. Norwegian newspaper claims police is lacking missing persons social media password Today, a major newspaper, VG announced that the progress in the of a missing person case may be set…

Looking to get in touch?

All Things Chris
Chris Dale
River Security