Introduction To SQLmap And Firewall Bypassing





ABSTRACT

Most cyber-attacks in the world that involve websites occurs due to lack of updates and the failure to validate the user input. Starting from buffer overflow vulnerability, which is a system level vulnerability up to the vulnerabilities that exist today, the fundamental problem has always been the input validation. One of the main threats is SQL Injection that left many worried about their application and databases. The problem is more then a decade old, but still is present inside lots of websites. SQL injection like all other major web application security problems fall in the category of input validation attacks.
0 Comments

A Beginners Guide To Using IPTables


ABSTRACT

Readers, there are numerous reasons ... It is well known that the Internet is an unmanaged an decentralized network, running under a set of protocols, which are not designed to ensure the integrity and confidentiality of information and access controls.
There are several ways to breach a network, but these ways do nothing more than take advantage of flaws within network protocols and services.
Tags: 0 Comments

Certified Penetration Testing Consultant - C)PTC Review


Although most of the attacks have moved towards Web Application, but the most critical information resides upon the network and is not being exposed to the Web application, therefore a lot of the organizations are allocating a certain amount of budget to obtain a better security model. However, now a days network penetration testing is becoming a tedious job due to the fact that organizations are now implementing multiple layers of defenses. In such cases a better strategy and advanced attack strategies are required for conducting a better security assessment.

Recently, I got a chance to take the C | PTC course which was focused primarily on testing huge network infrastructures. So, therefore I thought to write an unbiased review about the course contents and the examination.
Tags: 0 Comments

The Hacker's Manifesto



Every hacker has his own manifesto, and this is what our team member "Rafael Souza" has sent to us as as his manifesto. 
This is my manifest... I dedicated more than half of my life to studying the martial arts, and the study of “Hacking”;these two seemingly unrelated paths, found many common points that I would like to share.
The first commonality is that normally people today are more interested in products "fast food", something that is fast, easy, with minimal effort and maximum results. Anyone who has really studied and practiced legitimate hacking knows that as in the Martial Arts Hacking is a way of life that never ends!
You see a simple example of this is to see the hundreds of self-defense academies that teach the individual how to defend against assaults, etc...When in fact they are just creating a false sense of security about the individual and therefore the individual will be more in danger.
Tags: 1 Comments

Rhainfosec XSS Challenge 1 - Writeup




Update - The challenge is still up on hack.me - https://hack.me/101575/bypass-blacklist-based-waf-challenge.html

 On 7th January 2014, we announced an XSS challenge for the whole infosec community, the challenge was based upon blacklist based protection and the task was to bypass the blacklist based protection and to execute the javascript. Based upon unique IP addresses we had 1740 participants and more then 80k unique vectors were recorded into our log file which is a tremendous turn out, the size of the log file was around 4.4 mb, which is pretty huge. Out of 1740 participants only 17 were able to solve it, which is less then 1% (0.97 to be exact).

Tags: 0 Comments

RHAinfoSec XSS Challenge - 1




Welcome readers,

This turns out to be the first post of the Year 2014, I would like to start this post by wishing you a very happy new year, sorry for the delay as i was extremely occupied with my final examinations. And as they are over by now, i would like to start this year by putting up a small challenge for my readers. 
Tags: 0 Comments
Subscribe to: Posts ( Atom )

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.

Design By My Blogger Tricks / Home / Back To Top ▲