Enviar búsqueda
Cargar
osquery injection
•
1 recomendación
•
922 vistas
Ömer Çıtak
Seguir
Omer CItak osquery injection slide, #hacktrickconf 2018
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 13
Descargar ahora
Descargar para leer sin conexión
Recomendados
Twitter for Beginners
Twitter for Beginners
Cynthia Garrety
Opencamp: Future-Proofing Wordpress Content
Opencamp: Future-Proofing Wordpress Content
Keith Anderson
Sql Injection
Sql Injection
Andrey Korshikov
Injection flaw teaser
Injection flaw teaser
NotSoSecure Global Services
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
Nat Sakimura
JavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive data
Charlie Gracie
JWT: jku x5u
JWT: jku x5u
snyff
Deconstructing and Evolving REST Security
Deconstructing and Evolving REST Security
Roberto Cortez
Recomendados
Twitter for Beginners
Twitter for Beginners
Cynthia Garrety
Opencamp: Future-Proofing Wordpress Content
Opencamp: Future-Proofing Wordpress Content
Keith Anderson
Sql Injection
Sql Injection
Andrey Korshikov
Injection flaw teaser
Injection flaw teaser
NotSoSecure Global Services
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
OpenID in the Digital ID Landscape: A Perspective From the Past to the Future
Nat Sakimura
JavaOne 2016 - JVM assisted sensitive data
JavaOne 2016 - JVM assisted sensitive data
Charlie Gracie
JWT: jku x5u
JWT: jku x5u
snyff
Deconstructing and Evolving REST Security
Deconstructing and Evolving REST Security
Roberto Cortez
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Ömer Çıtak
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
Ömer Çıtak
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Ömer Çıtak
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
Ömer Çıtak
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
Ömer Çıtak
How to Make Web RTS Game?
How to Make Web RTS Game?
Ömer Çıtak
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)
Ömer Çıtak
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
Ömer Çıtak
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlama
Ömer Çıtak
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Ömer Çıtak
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Ömer Çıtak
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Ömer Çıtak
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Ömer Çıtak
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Más contenido relacionado
Más de Ömer Çıtak
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Ömer Çıtak
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
Ömer Çıtak
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Ömer Çıtak
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
Ömer Çıtak
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
Ömer Çıtak
How to Make Web RTS Game?
How to Make Web RTS Game?
Ömer Çıtak
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)
Ömer Çıtak
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
Ömer Çıtak
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlama
Ömer Çıtak
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Ömer Çıtak
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Ömer Çıtak
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Ömer Çıtak
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Ömer Çıtak
Más de Ömer Çıtak
(13)
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
How to Make Web RTS Game?
How to Make Web RTS Game?
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlama
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Último
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Último
(20)
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
osquery injection
1.
2.
whoami Security Researcher @
Netsparker Ltd. Developer @ Another Times Author @ Ethical Hacking “Offensive & Defensive” Book Digital Nomad - instagram/birazdaburadacalisalim Core Team @ Arka Kapi Dergi Blog: omercitak.com | Twitter: @om3rcitak
3.
osquery
4.
osquery
5.
osquery
6.
osquery
7.
osquery python
8.
osquery injection Query: select
username, description from users where username=' " + name + " '
9.
osquery injection Query: select
username, description from users where username=' " + name + " ' 1- Detect column count
10.
osquery injection Query: select
username, description from users where username=' " + name + " ' 1- Detect column count 2- Detect table names
11.
osquery injection Query: select
username, description from users where username=' " + name + " ' 1- Detect column count 2- Detect table names 3- Generate query and inject union based query
12.
osquery injection demo
13.
spas Blog: omercitak.com |
Twitter: @om3rcitak
Descargar ahora