Havent been on in a while, figured it was time to get back to it. Let's talk about buffer overflows for a minute. The first thing that you as a reader needs to remember is that if you are going to try this, do it in your own lab. I do not endorse or promote hacking into any equipment that is not yours. Let's begin:
First Run your favorite...

Havent been on in a while, figured i was over due. In this article i am going to tell you a really simple way to prevent basic xss injections on your jsp websites. Here we go:

After you have created a basic form for your main page, generally it will either be sent to a servlet, or to another jsp page. The preoblem is by default without using a...

Sql injection is a way to get information from a database, login as an authenticated user, or even delete records in a database. Sql injection can be performed on Sql and MySql servers. Many times to find the vulnerable server an attacker will perform simple injections, then escalate to more complex ones. Lets start with an example url and sql...

Let's talk about buffer overflows, how they work, and what they actually are.

Buffer overflows are found by an attacker sending a long string of characters into a program or remote connection / port until it crashes. Once it crashes the attacker can actually attach a debugger to the process to see the memory address that it crashed at. This...

It is always a good thing in our profession, or for those of who are in the non-profession, to stay anonymous on the web. One of my favorite tools for this is called socks chain. Many would argue that tor is the best, and i am here to tell you why socks chain is better than tor. Let's begin with tor and what it does and does not do....

So far i have covered some of the basics for a few different things such as metasploit, and web injection attacks. Now im going to cover antivirus bypass with metasploit. Many of you understand encryption, and encoding through the use of certain tools encoding can be used through the metasploit framework to hide your payload from the antivirus...

let's change gears for a bit and talk about system and network access. Root or Admin access is all fine and good, but lets go System and Kernel level. If any of you have used Rootkits, you know the power that they have over the system. In this blog post i will cover the ways that rootkits can be used in conjunction with metasploit to maintain...

In this entry i will talk about injection flaws in the 3 major forms:

1) Sql injection - Occurs when sanitaion is not performed with user validation from a website that uses SQL databases; can occur in ASP, PHP, and JSP applications.

2) Ldap Injection - Occurs when user input is not validated from a website or app that uses a vulnerable string...

It would seem that a security researcher has found an html injection flaw in youtube's comment section!

The way it works:

When creating a comment a <script> tag is added at the beginning of the comment, then html is added after the tag. The script tag is self terminated. At this point youtube has stripped the "<" part...