What started as a simple DoS against the RIAA through a SQL injection vulnerability, originally posted to Reddit in tinyurl form.
UNION ALL SELECT BENCHMARK(100000000,MD5(’asdf’)),NULL,NULL,NULL,NULL%20–
led an attacker on to dump their entire database. I sure hope they don’t have backups — part of me thinks they deserve it and wants them to suffer… muwhahaha

Lesson 9: Yesterday was a bit of a whirlwind, discussing BGP, Whois/RWhois, and the DOM all in one big post. I’ll try and keep it short and sweet today.
Arshan Dabirsiaghi (leader of the OWASP Anti-Samy Project), commented on yesterday’s post regarding how web application security scanners are immature. He thinks they are immature because of […]

Lesson 8: Two days ago we covered VoIP assessments, and yesterday we covered Intranets and the use of proxies. Most of last week also covered internal network infrastructure assessments, except for some topics such as PDA phones and WiFi devices.
Today I wanted to talk about reconnaissance, which some people refer to as footprinting. […]

Lesson 7: Today I wanted to bring the real meaning behind these techniques into the spotlight. Learning about how IT groups do real security is only part of this.
I’m also talking about what I’ve seen that IT security shops don’t do. What penetration-testers or auditors don’t recommend. What everyone misses. This […]

Lesson 6: Last week was great as I started out talking about a variety of topics including –

Day 1 — Physical network segmentation / Browser tools
Day 2 — Kernel protection in network drivers / Crawling tools
Day 3 — Sandboxing / HTTP tools
Day 4 — Web application defenses / SQL injection tools
Day 5 — Secure channels […]