7Safe Limited Penetration Testing Services » News & Events

Interview With 7Safe Pentester Reveals Latest Tools & Exploits in IT Security

7Safe Limited — Fri, 16 Dec 2011 15:45:13 +0000

Head of Penetration Testing at 7safe Sumit Sidharth (Sid), was recently interviewed by the Pentest Magazine to provide insights into his specialism in application and database security. Speaking from over seven years of successful experience within the IT Security Industry, ‘Sid’ talks candidly about his contributions towards a number of white-papers, articles, advisory, tools and exploits to the industry. Some of the highlights include Sid’s extensive research into the area of SQL injection and his latest work in Oracle database vulnerabilities.

To view full interview click here

CSTA Ethical Hacking Certification Tutorial: DNS enumeration & client-side exploitation

7Safe Limited — Mon, 21 Nov 2011 17:30:25 +0000

This webinar features two practical exercises taken from the 7Safe Certified Security Testing Associate (CSTA) infrastructure pen testing course: The first on DNS enumeration using Fierce, the second on client-side exploitation using Metasploit.

Ethical hacking techniques from this webinar are demonstrated by 7Safe’s renowned Course Manager Jerome Smith, which is hosted by FishNet Security Director of Training, Barry Cooper. Questions are taken from the webinar audience.

FishNet Security is an Accredited Training Partner for CSTA, 7Safe’s premier infrastructure ethical hacking certification course.

Hacking Oracle From the Web: Part 2

7Safe Limited — Mon, 31 Oct 2011 12:32:23 +0000

The first sequel of this paper was released in 2010 and it discussed the privileges needed to execute OS code when exploiting a SQL Injection in a web application which has an Oracle back-end.

This paper examines new techniques to execute multiple statements via SQL Injection. No special privileges are needed to use these techniques and they work for all versions of Oracle Database from Oracle 9i to 11g R2. The paper specifically outlines how to achieve privilege escalation and OS code execution when exploiting SQL Injection vulnerability in a web app which in-turns connect to an Oracle database.

Click here to view white paper