Hackfest 2020

This presentation will focus on private and new optimized SQL injection exploitation methods.

New private tools that exploit Blind SQL Injection vulnerabilities will be released. These ones are much more faster than the existing free and commercial tools
out there because the private ones use modern attack vectors (created by myself) which perform clever injections designed to hack databases in more efficient methods.

To explain this, graphs and tables will be used to show the differences between the best tools out there and the 3 private tools introduced in the talk.

All the techniques used by the tools, which are the result of original private research, will be exposed in high detail.

The most popular free tool to exploit SQL Injections, sqlmap, needs to make a maximum of 7 requests to retrieve a single character and it also has threading
limitations. There is a notable gap between sqlmap and my new tools because they only require a maximum of 3 requests to retrieve a character. They
are also finer not only because of the number of requests they require nor due to the threading capabilities they have, but also because the SQL injection itself runs much faster faster due to the instruction set they use.

Underground methods (some discovered by a fellow 1337 researcher and others by me) to test for SQL Injection and XSS vulnerabilities will be shown. These will transform pen-testing into an easier and more optimized task.