Nhon0sq0svxjisrxtuha

Ep. 16 - NoSQL Injection: Blind Injection Fundamentals

How Can Response Times Aide Attackers?

Talk Scope

  1. Exercise: Learn about Blind Injection and leverage it to find vulnerable server-side logic
  2. Exercise: Use logical operators to dump all documents within a MongoDb collection
  3. Exercise: Learn how attackers leverage client-side code to find vulnerable server-side routing functionality


Class Curriculum


  First Section
Available in days
days after you enroll

Your Instructor


Zach Roof
Zach Roof

I started my tech tutorial journey when I was bedridden for 6 months because I couldn't get healthcare insurance. While I might of been in extreme physical pain, I persisted because the instructors that I watched during that time filled me with immense joy. Towards the end of that experience, I vowed that once I gained the appropriate expertise, I'd provide quality tutorial content to the greater tech community.


In the years after my disability, I've held positions as a Frontend Developer, Backend Developer, Application Security Engineer and a DevOps/Security Engineer. My professional path has ranged from large corporate settings to an intimate blockchain startup.


Now, the next progression in my journey is to take all of my experience and provide quality security tutorials to the greater tech community.