Sunday, March 25, 2018

Django: APIs prone to SQL Injection

.extra
   
For example, this use of extra():
>>> qs.extra(
...     select={'val': "select col from sometable where othercol = %s"},
...     select_params=(someparam,),
... )
is equivalent to:
>>> qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))

.raw
>>> for p in Person.objects.raw('SELECT * FROM myapp_person'):
...     print(p)
John Smith
Jane Jones

.execute
do_sql
from django.db import connection

cursor = connection.cursor()
cursor.execute('insert into table (column) values (%s)', (dinosaur,))
cursor.close()
from handy.db import do_sql

do_sql('insert into table (column) values (%s)', (dinosaur,))
RawSQL
>>> from django.db.models.expressions import RawSQL
>>> queryset.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))

Wednesday, March 21, 2018

Tips for Passing SANS GIAC Exams (aka GIAC Exam Review)

  1. Read coursebook at least 3 times. Undoubtedly understand each and every concept.
  2. Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization. 
  3. Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots. 
  4. Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb materials faster.  From there, you can set up tools in your wide array of VMs/test laptops.  There could be configuration changes/running procedures changes/ with those latest new tools - That will delay your time in completion of each learning section. 
  5. For extremely busy individuals, it's best to purchase on-demand training than physical training.  On-demand training allows you to better absorb materials at your own pace, let you research, try your own testing.  The only drawback is being slow if you get distracted among daily tasks/your own schedules/being lazy/doing other areas of security stuffs.
  6. Practice exams offered by SANS are only for look-and-feel of exam simulator. They are incredibly and incomparably easier than the actual exam. Don't let it fool you.


Tuesday, March 13, 2018

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% 
String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";
response.setCharacterEncoding(attacker_controlled_charset);
%>


Monday, March 12, 2018

Regular Expression Denial of Service - Java Demo | Practical Exploitation




https://gist.github.com/yehgdotnet/1cb57b55c40afb6d0d0cced57e921868


Output:
[INFO] Executing Regular Expression check on AAAAAAAAAA
[RESULT] String did not match
[INFO] Ended Regular Expression...
[INFO] Executing Regular Expression check on AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.COM........................................................................................................... [Deadloop]
     
 

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...