Posts

Showing posts from March, 2018

Django Security

Harden configuration -  https://gist.github.com/yehgdotnet/a59571b8e179b4198efa693ba16eb3d6 Prevent hard-coded passwords -  https://gist.github.com/yehgdotnet/339b37910f3f4c32523a379f4673b6d8 Windows Bash Script Wrapper for Python Code Scanner (PYT)   -  https://gist.github.com/yehgdotnet/074ab79528ccdac7653bb641beb3b7c5

Django: APIs prone to SQL Injection

.extra https://docs.djangoproject.com/en/2.0/ref/models/querysets/#django.db.models.query.QuerySet.extra       For example, this use of extra(): >>> qs.extra( ... select={'val': "select col from sometable where othercol = %s"}, ... select_params=(someparam,), ... ) is equivalent to: >>> qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,))) .raw https://docs.djangoproject.com/en/dev/topics/db/sql/ >>> for p in Person.objects.raw('SELECT * FROM myapp_person'): ... print(p) John Smith Jane Jones .execute do_sql from django.db import connection cursor = connection.cursor() cursor.execute('insert into table (column) values (%s)', (dinosaur,)) cursor.close() from handy.db import do_sql do_sql('insert into table (column) values (%s)', (dinosaur,)) RawSQL >>> from django.db.models.expressions import RawSQL >>> queryset.an

Tips for Passing SANS GIAC Exams (aka GIAC Exam Review)

Image
Read coursebook at least 3 times. Undoubtedly understand each and every concept. Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization.  Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots.  Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb materials faster.  From there, you can set up tools in your wide array of VMs/test laptops.

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

Image
<%  String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337"; response.setCharacterEncoding(attacker_controlled_charset); %>

Regular Expression Denial of Service - Java Demo | Practical Exploitation

https://gist.github.com/yehgdotnet/1cb57b55c40afb6d0d0cced57e921868 Output: [INFO] Executing Regular Expression check on AAAAAAAAAA [RESULT] String did not match [INFO] Ended Regular Expression... [INFO] Executing Regular Expression check on AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.COM........................................................................................................... [Deadloop]