Hackfest 2020

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Lightspeed SQL Injections
11-21, 17:30–18:20 (Canada/Eastern), Hackfest - Track 1
Language: English

This presentation will focus on private and new optimized SQL injection exploitation methods.

New private tools that exploit Blind SQL Injection vulnerabilities will be released. These ones are much more faster than the existing free and commercial tools
out there because the private ones use modern attack vectors (created by myself) which perform clever injections designed to hack databases in more efficient methods.

To explain this, graphs and tables will be used to show the differences between the best tools out there and the 3 private tools introduced in the talk.

All the techniques used by the tools, which are the result of original private research, will be exposed in high detail.

The most popular free tool to exploit SQL Injections, sqlmap, needs to make a maximum of 7 requests to retrieve a single character and it also has threading
limitations. There is a notable gap between sqlmap and my new tools because they only require a maximum of 3 requests to retrieve a character. They
are also finer not only because of the number of requests they require nor due to the threading capabilities they have, but also because the SQL injection itself runs much faster faster due to the instruction set they use.

Underground methods (some discovered by a fellow 1337 researcher and others by me) to test for SQL Injection and XSS vulnerabilities will be shown. These will transform pen-testing into an easier and more optimized task.


Vous pouvez voir toute la presentation ici:
https://docs.google.com/presentation/d/1lQ18wjfqL9xkbKi_6PcQ71EfrCrr6s9Xm6sZHOiCeqk/edit?usp=sharing

La presentation et finit e presque. Je vais publiquer aussi des noveux outils pour fair des injections SQL. Ces outils sont les plus rapids dans tout le monde. Le method que ces outils utilize est un peux plus complique en comparation avec les methods tranditionels pour fair des attaques. Je vais expliquer clairement comment est-ce que ces travail.

Excusez mon francais, je peux parler un peu mais la presentation va etre fait en anglais, parce que il y a 15 ans que je n'avais pas parler en votre langue.


Are you releasing a tool? – yes

Ruben Ventura [tr3w] got involved in the field of hacking and info-sec for around 17 years. He has worked performing pen-tests and security assessments for many international firms, governments and law-enforcement agencies from all around the world (also a bank). He has been presented as a speaker and trainer at many different conferences in his country of origin.

His interests include hacking, reverse engineering, meditation, music production, theoretical physics, psychology, lifting weights and coffee (lots).