Jakub Pruzinec

Thrilled to announce the release of Hakuin - a blazing fast framework for Blind SQL Injection optimization and automation. github.com/pruzko/hakuin Hakuin made it to this year's @wootsecurity and @HITBSecConf. #HITB2023HKT, #woot23 Special thanks to @capstone_engine.

We'll be presenting our talk on temporary email addresses at #BHMEA24 on the 26th of November. Looking forward! CC: @k4kTuSS @capstone_engine

Hakuin, a blazing fast Blind SQL Injection framework, made it to BlackHat Middle East & Africa this year! Come check out my two sessions (14 Nov 3pm, 15 Nov 5pm) at the arsenal track. Hakuin: github.com/pruzko/hakuin #BHMEA #BHMEA23

@clintgibler Thanks for the shout-out. BTW the framework is actively developed and new features are added!

🛠️ Hakuin A Blind SQL Injection optimization & automation framework that uses pre-trained & adaptive language models to extract data from vulnerable web apps By @offbyfour #bugbountytips #ai github.com/pruzko/hakuin

@ron190jsql My point here is that if you deduplicate the "users_sex" column then you'll get "male" & "female" but there is no way you can tell which users are male/female (without additional requests). Same goes for "product_category". I like the feature tho, will probably do it as well.

- jSQL deduplicates values which leads to "values detached from their indices" and "loss of information" Hmm, it just avoids wasting time, no loss, I don't get the point here. Though I'm glad it has been noticed, sure we see that removing duplicates is efficient on the chart.

It's paper time again, jSQL quoted among three "state-of-the-art" tools by the team of researcher @offbyfour and doctor aquynh. I heard feedbacks sounding worse than that.

@ron190jsql You can have parallelism on bit/character/column level and achieve the same performance. One advantage I see with bit-extraction is that it can be easily combined with single-request-multiple-bits extraction (see "Blind sql injection attacks optimization" by Ruben Ventura).

Also some pertinent remarks about jSQL I can discuss: - bitwise operation allows 7 queries in parallel - 3 Python tools, 1 Java tool: I feel attacked

@ron190jsql Hey, thx for finding time to read our paper, I'll try to address your comments.

Just presented our paper "Hakuin: Optimizing Blind SQL Injection with Probabilistic Language Models" at @wootsecurity. Thanks everyone for making WOOT23 a great experience! Paper: wootconference.org/papers/woot23-… Slides: wootconference.org/slides/17-Haku… cc: @capstone_engine

Session 4: Web & Network Security! "Scripted Henchmen: Leveraging XS-Leaks for Cross-Site Vulnerability Detection" "Hakuin: Optimizing Blind SQL Injection with Probabilistic Language Models" "Towards Simultaneous Attacks on Multiple Cellular Networks"