Sunday, November 22, 2015

sqlmap Talk

I recently gave a talk at a Community SANS event in Colorado Springs, CO led by Ronald Hamann and Sol Warnock. The class was "SEC504: Hacker Tools, Techniques, Exploits and Incident Handling" and on day four students were introduced to SQL Injection attacks. Keeping with the class material, the sqlmap talk provided a glimpse into the tool, some interesting switches and provided context around raw access to the HTTP requests. When using sqlmap sometimes it can be very useful to increase visibility into the interactions between the attack traffic and the target application. sqlmap has built-in features that provide for this and simply using a proxy to view the traffic is convenient as well. Like most talks that I give, the slides show only a fraction of the communicated information, in this case I included a demo video at the end: Youtube Video

The slides are located here. I thoroughly enjoyed the talk and of course the awesome students. Many thanks to SANS, Sol and Ron!