[AD Hacking] 0x00 - Introduction to the Series

The AD Hacking series is going to bring lots of content about hacking into Active Directory environments. The goal here is to present the theory of how these contexts work behind the curtains, the way it opens space for maaany vulnerabilities and misconfigurations inside a corporate network, and specially multiple ways you can leverage and exploit that as an Ethical Hacker. Lab Demonstrations Most articles in the series will present the main tools we can use to exploit flaws with placeholders for you to replace according to the context of your test, HOWEVER, there will always be example DEMOs in there too, so you can see the usage in a simulated lab environment!...

September 13, 2024 · 2 min · 338 words · Iuri Moro

[Secure Coding] 0x01 - SQL Injection

TL;DR SQL Injection (SQLi) attacks remain a significant threat even in modern web applications. They exploit vulnerabilities in how web apps interact with databases, often through improperly handled user input. While ORMs (Object Relational Mappers) reduce the risk, they don’t eliminate it entirely— especially when developers bypass them for manual queries. The best protection is using prepared statements and implementing input filtering. Additionally, you should always store sensitive data, like passwords, securely, as a way to prevent any successful attacks to read it....

September 8, 2024 · 6 min · 1224 words · Iuri Moro