An SQL injection is an attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed. Below are links to SQL Injection Cheat Sheets and Tools to play with in your virtual […]
Need a quick handy reference guide for Metasploit? Jack Rhysider put together a bunch of the most common commands in a cheat sheet style for quick reference.
Oracle Injection: http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/ MySQL Injection: http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/ http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://attack.samsclass.info/sqlol-raw/search-raw.htm https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. How to use Wireshark to inspect packets and isolate network and system problems [pdf] Wireshark Display Filters via Packetlife [pdf]
tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS […]
PDF download: analyzing-malicious-document-files Authored by Lenny Zeltser with feedback and contributions from Pedro Bueno, Frank Boldewin, an dDidier Stevens. Creative Commons v3 “Contribution” license for this cheat sheet version 2. This and other malware analysis topics are covered in Lenny’s Reverse-Engineering Malware(REM) course, which he teachesat SANS Institute—for details visit LearnREM.com
How to respond to a network distributed denial‐of‐service (DDoS) incident. General Considerations DDoS attacks often take the form of flooding the network with unwanted traffic; some attacks focus on overwhelming resources of a specific system. It will be very difficult to defend against the attack without specialized equipment or your ISP’s help. Often, too many […]