Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered – from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

We cover a lot of ground today on a variety of topics:

• I have an Oculus Quest now and I love it. My handle is turdsquirt if you ever wanna shoot some zombies together.

• I share a story that yes, does involve poop – but only the mention of it. It’s nothing like the epic tale (tail?) of my parents’ dog pooping in my son’s dresser drawers.

• I had a really fun pentest recently where I found some good old school SQL injection. I took to Slack to share and since then, several of you have reached out to ask how I found the vulnerability. Here are some steps/tips I talk about on today’s episode that will help:

  • Watch Sunny’s Burp courses on Pluralsight to enhance your Burp abilities
  • Install CO2 from the BApp store
  • When doing a Web app pentest, feed various fields SQL injection payloads, such as the ones in PayloadsAlltheThings
  • Grab a copy of sqlmap
  • Use sites like this one to help tune your sqlmap commands to find vulnerabilities. In the end, my command I used to dump contents of important tables was this:

-D NAME_OF_DATABASE -T NAME_OF_INTERESTING_TABLE -C InterestingColumn1,InterestingColumn2 --dump -v 3 --delay=1 --timeout=150 --random-agent --fresh-queries -t dump.log

• Also, practice your SQL injection (and other skills) on the OWASP Juice Shop!