SlideShare uma empresa Scribd logo

ShmooCon 2009 - (Re)Playing(Blind)Sql

Transferir como PPT, PDF
Chema Alonso
Chema Alonso

This session describes some special ways to perform (B)SQLI attacks. This talk was delivered at Shmoocon 2k9 by Palako and Chema Alonso

Tecnologia
1 de 54
(Re) Playing with (Blind) SQL Injection José Palazón “Palako” Mobile Security at Yahoo! Chema Alonso Informatica64 Microsoft MVP Enterprise Security
Spain (…not only bulls…)
SQL Injection attacks http://www.phrack.org/issues.html?id=8&issue=54 A long time ago, in a galaxy far, far away…
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Serialized SQL Injection
Serialized SQL Injection ,[object Object],[object Object],[object Object]
SQL Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL ,[object Object],[object Object]
Oracle ,[object Object],[object Object]
Demo: Serialized SQL Injection
Arithmetic Blind SQL Injection
Blind Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injection Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injection Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injection Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Arithmetic Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Arithmetic Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Arithmetic Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Arithmetic Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo: ,[object Object],[object Object],[object Object]
Remote File Downloading using Blind SQL Injection techniques
Accessing Files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Server 2K - External Data Sources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Server 2K – Bulk option ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Server 2k5 – 2k8 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Oracle – Plain Text files ,[object Object],[object Object],[object Object],[object Object]
Oracle – DBMS_LOB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo RFD
Time-based Blind SQL Injection using heavy queries
Time-Based Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Exploit for Solar Empire Web Game
Deep Blind SQL Injection ,[object Object],[object Object],[object Object]
Time-Based Blind SQL Injection ,[object Object],[object Object]
Yes, we can!
“ Where-Clause” execution order ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The heavy condition first Condition2 (100 sec) Condition1 (10 sec) Condition2 & condition1 Response Time TRUE FALSE FALSE 110 sec TRUE TRUE TRUE 110 sec FALSE Not evaluated FALSE 100 sec
The light condition first Condition1 (10 sec) Condition2 (100 sec) Condition1 & condition2 Response Time TRUE FALSE FALSE 110 sec TRUE TRUE TRUE 110 sec FALSE Not evaluated FALSE 10 sec
Time-Based Blind SQL Injection using Heavy Queries ,[object Object],[object Object],[object Object],[object Object],[object Object]
Time-Based Blind SQL Injection using Heavy Queries ,[object Object],[object Object],[object Object],[object Object],[object Object]
“ Default” tables to construct a heavy query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
“ Default” tables to construct a heavy query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ex 1: MS SQL Server ,[object Object]
Ex 1: MS SQL Server ,[object Object]
Ex 2: Oracle ,[object Object]
Ex 2: Oracle ,[object Object]
Ex 3: Access 2000 ,[object Object]
Ex 3: Access 2000 ,[object Object]
Ex 4: Access 2007 ,[object Object]
Ex 4: Access 2007 ,[object Object]
Marathon Tool ,[object Object],[object Object],[object Object],[object Object],[object Object]
Demo: Marathon Tool
Prevention: Don´t forget Bobby Tables! SANITIZE YOUR QUERIES!
¿Preguntas? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File Downloading
Chema Alonso
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
Chema Alonso
 
Recursive Query Throwdown
Recursive Query ThrowdownRecursive Query Throwdown
Recursive Query Throwdown
Karwin Software Solutions LLC
 
Avoiding cursors with sql server 2005 tech republic
Avoiding cursors with sql server 2005 tech republicAvoiding cursors with sql server 2005 tech republic
Avoiding cursors with sql server 2005 tech republic
Kaing Menglieng
 
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source CodeUsing Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Nicolas Bettenburg
 
ORM Injection
ORM InjectionORM Injection
ORM Injection
Simone Onofri
 
Schemadoc
SchemadocSchemadoc
Schemadoc
Karwin Software Solutions LLC
 
Artem Storozhuk "Building SQL firewall: insights from developers"
Artem Storozhuk "Building SQL firewall: insights from developers"Artem Storozhuk "Building SQL firewall: insights from developers"
Artem Storozhuk "Building SQL firewall: insights from developers"
Fwdays
 

Recomendados

Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File Downloading
Chema Alonso
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
Chema Alonso
 
Recursive Query Throwdown
Recursive Query ThrowdownRecursive Query Throwdown
Recursive Query Throwdown
Karwin Software Solutions LLC
 
Avoiding cursors with sql server 2005 tech republic
Avoiding cursors with sql server 2005 tech republicAvoiding cursors with sql server 2005 tech republic
Avoiding cursors with sql server 2005 tech republic
Kaing Menglieng
 
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source CodeUsing Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Using Fuzzy Code Search to Link Code Fragments in Discussions to Source Code
Nicolas Bettenburg
 
ORM Injection
ORM InjectionORM Injection
ORM Injection
Simone Onofri
 
Schemadoc
SchemadocSchemadoc
Schemadoc
Karwin Software Solutions LLC
 
Artem Storozhuk "Building SQL firewall: insights from developers"
Artem Storozhuk "Building SQL firewall: insights from developers"Artem Storozhuk "Building SQL firewall: insights from developers"
Artem Storozhuk "Building SQL firewall: insights from developers"
Fwdays
 
Apache Solr + ajax solr
Apache Solr + ajax solrApache Solr + ajax solr
Apache Solr + ajax solr
Net7
 
Ad java prac sol set
Ad java prac sol setAd java prac sol set
Ad java prac sol set
Iram Ramrajkar
 
JDBC
JDBCJDBC
JDBC
Sunil OS
 
Advanced Java - Praticals
Advanced Java - PraticalsAdvanced Java - Praticals
Advanced Java - Praticals
Fahad Shaikh
 
Sql injection 幼幼班
Sql injection 幼幼班Sql injection 幼幼班
Sql injection 幼幼班
hugo lu
 
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
Lucidworks
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
Mahesh Gupta (DBATAG) - SQL Server Consultant
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
lucenerevolution
 
Tutorial on developing a Solr search component plugin
Tutorial on developing a Solr search component pluginTutorial on developing a Solr search component plugin
Tutorial on developing a Solr search component plugin
searchbox-com
 
Using Apache Solr
Using Apache SolrUsing Apache Solr
Using Apache Solr
pittaya
 
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UNSolr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
Lucidworks
 
.Net Framework 2 fundamentals
.Net Framework 2 fundamentals.Net Framework 2 fundamentals
.Net Framework 2 fundamentals
Harshana Weerasinghe
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL Wrong
Karwin Software Solutions LLC
 
Porting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPorting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQL
Peter Eisentraut
 
Webinar: What's New in Solr 7
Webinar: What's New in Solr 7 Webinar: What's New in Solr 7
Webinar: What's New in Solr 7
Lucidworks
 
NOSQL and Cassandra
NOSQL and CassandraNOSQL and Cassandra
NOSQL and Cassandra
rantav
 
Embedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for JavaEmbedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for Java
Jevgeni Kabanov
 
Sql killedserver
Sql killedserverSql killedserver
Sql killedserver
ColdFusionConference
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMEREVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
Advance Java Programs skeleton
Advance Java Programs skeletonAdvance Java Programs skeleton
Advance Java Programs skeleton
Iram Ramrajkar
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014
Chema Alonso
 

Mais conteúdo relacionado

Mais procurados

Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
lucenerevolution
 
NOSQL and Cassandra
NOSQL and CassandraNOSQL and Cassandra
NOSQL and Cassandra
rantav
 
Embedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for JavaEmbedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for Java
Jevgeni Kabanov
 

Mais procurados (20)

Apache Solr + ajax solr
Apache Solr + ajax solrApache Solr + ajax solr
Apache Solr + ajax solr
 
Ad java prac sol set
Ad java prac sol setAd java prac sol set
Ad java prac sol set
 
JDBC
JDBCJDBC
JDBC
 
Advanced Java - Praticals
Advanced Java - PraticalsAdvanced Java - Praticals
Advanced Java - Praticals
 
Sql injection 幼幼班
Sql injection 幼幼班Sql injection 幼幼班
Sql injection 幼幼班
 
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
Optimize Is (Not) Bad For You - Rafał Kuć, Sematext Group, Inc.
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
 
Tutorial on developing a Solr search component plugin
Tutorial on developing a Solr search component pluginTutorial on developing a Solr search component plugin
Tutorial on developing a Solr search component plugin
 
Using Apache Solr
Using Apache SolrUsing Apache Solr
Using Apache Solr
 
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UNSolr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
Solr vs. Elasticsearch, Case by Case: Presented by Alexandre Rafalovitch, UN
 
.Net Framework 2 fundamentals
.Net Framework 2 fundamentals.Net Framework 2 fundamentals
.Net Framework 2 fundamentals
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL Wrong
 
Porting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQLPorting Applications From Oracle To PostgreSQL
Porting Applications From Oracle To PostgreSQL
 
Webinar: What's New in Solr 7
Webinar: What's New in Solr 7 Webinar: What's New in Solr 7
Webinar: What's New in Solr 7
 
NOSQL and Cassandra
NOSQL and CassandraNOSQL and Cassandra
NOSQL and Cassandra
 
Embedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for JavaEmbedded Typesafe Domain Specific Languages for Java
Embedded Typesafe Domain Specific Languages for Java
 
Sql killedserver
Sql killedserverSql killedserver
Sql killedserver
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMEREVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
 
Advance Java Programs skeleton
Advance Java Programs skeletonAdvance Java Programs skeleton
Advance Java Programs skeleton
 

Destaque

Destaque (9)

MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
 
LDAP Injection Techniques
LDAP Injection TechniquesLDAP Injection Techniques
LDAP Injection Techniques
 
Metadata Security: MetaShield Protector
Metadata Security: MetaShield ProtectorMetadata Security: MetaShield Protector
Metadata Security: MetaShield Protector
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
 
Disclosing Private Information from Metadata, hidden info and lost data
Disclosing Private Information from Metadata, hidden info and lost data Disclosing Private Information from Metadata, hidden info and lost data
Disclosing Private Information from Metadata, hidden info and lost data
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security Scenarios
 
Defcon 17 Tactical Fingerprinting using Foca
Defcon 17 Tactical Fingerprinting using FocaDefcon 17 Tactical Fingerprinting using Foca
Defcon 17 Tactical Fingerprinting using Foca
 

Semelhante a ShmooCon 2009 - (Re)Playing(Blind)Sql

How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
Hongyang Wang
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
Rich Helton
 

Semelhante a ShmooCon 2009 - (Re)Playing(Blind)Sql (20)

How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy Queries
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Sql injection
Sql injectionSql injection
Sql injection
 
JDBC – Java Database Connectivity
JDBC – Java Database ConnectivityJDBC – Java Database Connectivity
JDBC – Java Database Connectivity
 
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Sql lite android
Sql lite androidSql lite android
Sql lite android
 
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
 
[Www.pkbulk.blogspot.com]dbms07
[Www.pkbulk.blogspot.com]dbms07[Www.pkbulk.blogspot.com]dbms07
[Www.pkbulk.blogspot.com]dbms07
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAsOracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
 
Oracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAsOracle Database 12c - New Features for Developers and DBAs
Oracle Database 12c - New Features for Developers and DBAs
 
JDBC for CSQL Database
JDBC for CSQL DatabaseJDBC for CSQL Database
JDBC for CSQL Database
 

Mais de Chema Alonso

CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
Chema Alonso
 

Mais de Chema Alonso (20)

CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
 
Foca API v0.1
Foca API v0.1Foca API v0.1
Foca API v0.1
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismo
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con Python
 
Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang Botnet
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

ShmooCon 2009 - (Re)Playing(Blind)Sql