Month: December 2021

MS SQL Server is a Relational Database Management System (RDBMS). One simple way to think of a relational database is a group of tables that have relations. This was a pretty basic lab. My key learnings were how to use the sqsh command to connect to MS SQL. Syntax – sqsh -S server -U username…

IP Addresses Every computer (host) that connects to a network needs to have a logical address. For instance, a host can be any system with network access, such as a laptop, a smartphone, or a Raspberry Pi. We refer to this address as logical because it’s assigned by software and could change over time, for…

Packet analysis is a technique used to capture and intercept network traffic that passes the computer’s network interfaces. Packet analysis may also be called with different terms such as packet sniffer, packet analyzer, protocol analyzer, or network analyzer. As a cybersecurity individual, gaining packet analysis skills is an important requirement for network troubleshooting and communication…

Packet analysis is a technique used to capture and intercept network traffic that passes the computer’s network interfaces. Packet analysis may also be called with different terms such as packet sniffer, packet analyzer, protocol analyzer, or network analyzer. As a cybersecurity individual, gaining packet analysis skills is an important requirement for network troubleshooting and communication…

What is NoSQL? A NoSQL database refers to a non-relational database that is short for non SQL and Not only SQL. It is a data-storing and data-retrieving system. NoSQL databases are commonly used nowadays for big Data and IoT devices due to their powerful features such as fast queries, ease of use to developers, scale…

What is a Local File Inclusion (LFI) vulnerability? It is a web application vulnerability that allows the attacker to include and read local files on the server. These files could contain sensitive data such as cryptographic keys, databases that contain passwords, and other private data. An LFI vulnerability happens due to a developer’s lack of…

What is an XSS vulnerability? Cross-Site Scripting (XSS) is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. If you can get JavaScript to run on a victim’s computer, there are numerous things you can achieve. This can range from stealing the victim’s…

What is Fuzzing? Fuzzing is an automated means of testing an element of a web application until the application gives a vulnerability or valuable information. When we are fuzzing, we provide information as we would typically when interacting with it, just at a much faster rate. This means that we can use extensive lists known…

Content Discovery Content discovery allows us to find things that we aren’t supposed to see. For example, we may be able to find the following by traversing the web server as long as we know the names: Configuration files Passwords and secrets Backups Content management systems Administrator dashboards or portals Dirbuster is a tool that…