DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Blog

Critical Web Security Risks - Injection

6/12/2019

 
#Injection: 
Websites and apps occasionally need to run commands on the underlying databases or operating system to add or delete data, execute a script, or start other apps. If unverified inputs are added to a commands string or a database command, attackers can launch commands at will to take control of a server, device or data.

How does it work?
​If a website, app or device incorporates user input within a command, an attacker can insert a "payload" command directly into said input. If that input is not verified, an attacker then "injects" and runs their own commands.

Why it's bad?
Once attacker can make commands, they can control your website, apps and data.

Example:
SQL Injection was used in SONY Hack in 2014. The attackers used Server Message Block Worm tool to install several malicious components, including a backdoor and other tools. 
The SMB Worm Tool was equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. The worm moves throughout an infected network through brute-force authentication attacks on windows SMB Share and connects to a command and control (C2) infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore, and the United States​


Comments are closed.

    Mac Forensics
    Windows Forensics
    Forensic Tools

    Categories

    All
    Attack
    Bash
    Bigdata
    Corporate
    Ctf
    Data
    Digital Forensics
    Docker
    EDR
    Forensics
    Hacking
    Hadoop
    HDFS
    Health Care
    Linux
    Memory
    Network
    Network Forensics
    PCIP
    SQL
    Windows
    Wireshark

    Archives

    January 2023
    October 2019
    September 2019
    July 2019
    June 2019
    May 2019
    March 2019
    April 2018
    March 2018
    February 2018
    July 2017
    June 2017
    May 2017
    November 2015
    October 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity