Hello and welcome to the Monday, December 12, 2022 edition of the Sandsenet Stormsetters Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Rob on Friday published an update to his port scanner written in PowerShell.

The original version worked but was slow compared to... an update to his port scanner written in PowerShell.

The original version worked but, well, was slow compared to other tools, particular,

of course, NMAP.

So a Rob updated tool to actually perform scans in parallel, which did significantly increase the overall speed and then, of course, also led to results

that are actually faster than NMAP.

Well, take a look at his post

for the entire code of the sport scanner.

And the Clorati Team 802 research team

published a blog post with a trick that Dase allows them to bypass common

web application firewalls. The attack they focused on was SQL Injection. Sequel injection is, of course,

quite popular. OASP top 10 and all, and various replication

firewalls do have rules to detect a SQL injection.

The problem with detecting signal injection attacks is that of course with SQL, we have

a wide range of formats, queries and such that can be used in order to bypass some of these

rules.

And web application firewalls then have to sort of play catch up, not just with creative ways

how attackers are bypassing the rules, but also with SQL servers who keep sort of adding

features and making it more difficult

...