Blind SQL Injections are a category of SQL injection. Unlike traditional SQL injections, they do not directly provide the results of queries or detailed error messages.
The attacker must therefore rely on indirect clues, such as changes in the application’s behaviour or variations in response times, to exploit the vulnerability.
Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires specific configurations.
In this article, we will explain how a kerberoasting attack works. We will also look at how to identify and exploit a vulnerable environment, as well as methods for protecting against it.
Although XML is an old language, it is still widely used, particularly in the banking sector. If you’re a pentester or a developer, you’re likely to come across XML at some point.
This format presents a number of specific vulnerabilities, including XPath injections.
Buffer overflow is one of the oldest and most exploited vulnerabilities. Despite this long history, they remain a major threat today.
Whether on servers or critical applications, the consequences of a buffer overflow can be devastating. In this article, we will explore in detail the principles of buffer overflow and the different types of attack. We will also detail the methods of exploitation, as well as the security best practices to protect against them effectively.
Man in the Middle (MitM) attacks exploit network configuration flaws and the absence of robust security mechanisms to guarantee the integrity and confidentiality of exchanged data.
These attacks consist of intercepting and manipulating communications between two parties, generally a client and a server, without their knowledge.
With a good Internet connection and high-performance hardware, users can have the impression that their actions on a web page are instantaneous or almost.
However, it should not be forgotten that a server takes time to process requests. Even if it is a matter of milliseconds, this delay may be of interest to an attacker. These are known as race condition attacks.
Various subdomain enumeration techniques are used to identify the attack surface of a domain or organisation.
The aim is to obtain as complete a list as possible of all the subdomains associated with the targeted domain.
At Vaadata, we carry out this type of enumeration almost systematically during our audits. This is done as part of a global reconnaissance phase, in order to provide our clients with an overview of the subdomains and servers exposed.
Kerberos is an authentication protocol used in a Microsoft Active Directory context. The lack of knowledge about how it works can lead to the introduction of vulnerabilities that can be exploited by an attacker.
In this article, we will explain the principle and operation of the Kerberos authentication protocol.
