README

2024-09-19 02:41:35 +02:00 · 2022-08-15 10:51:48 +08:00 · 2022-08-15 10:51:48 +08:00 · d9f0fc774c
commit d9f0fc774c
parent 57095bb106
1 changed files with 7 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,7 @@
-# hakuin
-A framework for Blind SQLI optimization with language models
+# Hakuin: Injecting Brain into Blind SQL Injection
+
+SQL Injection (SQLI) is a pervasive web attack where malicious input is used to dynamically build SQL queries in an unpredicted manner. Among many potential exploitations, the hacker may opt to exfiltrate the application database (DB). The exfiltration process is straightforward when the web application responds to injected queries with its data. In case the content is not exposed, the hacker can still deduce it using Blind SQLI (BSQLI), an inference technique based on response differences or time delays. Unfortunately, a common drawback of BSQLI is its low inference rate (one bit per request), which significantly limits the volume of data extracted.
+
+Hakuin is a novel approach based on machine learning techniques to optimize BSQLI. Using probabilistic language models trained on millions of DB schemas, Hakuin infers data smartly. Compared to standard search solutions widely adopted in the industry, our method offers a significant performance improvement: Hakuin is about 4 times more effective.
+
+Watch out this space for code release, soon!