Bitcrack Cyber Security Blog

Jul

23

Got Hashes. Need Plains | Hands-on Password Cracking

Our training workshop at BSides Las Vegas 2023 August 8th 15h00 The course outline is shown below. Participant Requirements Please

Jul 23, 2023

1 min read

Jun

27

BSides Athens 2023: Defending Appsec [Slides]

Defending Appsec 3 After Defending_Appsec 3 After.pdf 3 MB download-circle

Jun 27, 2023

Mar

06

Remote Stealth Brute-force of Oracle Database Passwords

During an internal penetration test we discovered an Oracle database of version 11g Release 2 in the client’s network.

Mar 6, 2023

8 min read

Dec

26

Robots & Passwords - OpenAI and Password Cracking

With a lot of interest in OpenAI recently, it has become apparent that one can also use the technology for

Dec 26, 2022

6 min read

Nov

29

Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files

Broadcom offers a number of products and networking solutions such as switches, extensions etc. These products come with their own

Nov 29, 2022

1 min read

Nov

21

BSides Cape Town 2022 CTF

We're sponsoring a Password Hash Cracking Contest For BSides Cape Town 2022! The Flag to Capture? Passwords...lots and lots

Nov 21, 2022

1 min read

May

19

Gaining access through error-based SQLi using WebSockets

Introduction In the previous Pwning the portal blog post, we extracted the source code of a corporate login portal through

May 19, 2022

4 min read

Jan

12

Pwning the portal: from database dump to session hijacking

Introduction I find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for

Jan 12, 2022

5 min read

Oct

15

Misusing BeyondTrust Remote Support Leads To Data Exposure

BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of

Oct 15, 2021

4 min read

Sep

08

Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]

AcyMailing [https://www.acymailing.com/] is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more

Sep 8, 2021

4 min read

Got Hashes. Need Plains | Hands-on Password Cracking

BSides Athens 2023: Defending Appsec​ [Slides]

Remote Stealth Brute-force of Oracle Database Passwords

Robots & Passwords - OpenAI and Password Cracking

Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files

BSides Cape Town 2022 CTF

Gaining access through error-based SQLi using WebSockets

Pwning the portal: from database dump to session hijacking

Misusing BeyondTrust Remote Support Leads To Data Exposure

Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]

BSides Athens 2023: Defending Appsec [Slides]