Injecting Brains Into Blind SQL Injection - Optimizing Data Exfiltration

Explore a groundbreaking approach to optimizing Blind SQL Injection (BSQLI) in this conference talk from the Hack In The Box Security Conference. Discover Hakuin, a novel method that leverages Machine Learning and statistics to significantly improve BSQLI performance. Learn how probabilistic language models and adaptive strategies are used to efficiently infer database schemas and content. Understand the internal design of Hakuin, its implementation challenges, and see how it compares to industry-standard BSQLI tools through benchmarking results. Witness a live demonstration of Hakuin's capabilities in quickly exfiltrating database information from a vulnerable web application. Gain insights from cybersecurity researchers Jakub Pruzinec and Dr. Nguyen Anh Quynh as they present their innovative work in web application security and discuss the upcoming release of Hakuin's full source code.

#HITB2023HKT D1T1 - Injecting Brains Into Blind SQL Injection - Jakub Pruzinec & Quynh Anh Nguyen