Category: security

flAWS training complementary solution

Disclaimer This document is not a write-up or a standalone solution to flAWS training but a complementary solution in order to add more details or alternative ways to solve some steps compared to the

Disable clipboard events override

Everyone encountered at least once a form that ask you to confirm your password or email address to check you didn't make some mistake when re-typing it. But it's not rare at all to have those websi

SQL Injection - MySQL comment: the double dash mystery

Intro# When doing penetration testing using a black box approach, you may find a SQL injection (SLQi) by fuzzing with common payloads. Except if there is a verbose error disclosing the original SQL qu

Check SSH fingerprint

Display the default fingerprint# Of a key# You can either use the public key or private key to obtain the fingerprint (default is SHA256 in base64). $ ssh-keygen -lf ./id_ed25519 256 SHA256:jISolPDpdv

Block automated scanners from scanning a website

Disclaimer# This post describes how to block automated scanners from scanning a website. Requirements# You will need: fail2ban nginx (another web server can work too but this will need some modificat

Types of SQL Injection

SQL Injection, also known as SQLi, is one of the most common vulnerabilities in web application. Goal of the article# The goal of this article is not to explain what is an SQL injection or how they wo