NotSoSecure Blog

Hacking Oracle XE from Web

22 Oct 2013

Note: You can practice the below mentioned hack in our SQLi Lab In last few years, I have done a few talks/webinar on how to exploit SQL Injection in a…

Read More

Penetration Testing: The Art or The Science?

20 Sep 2013

So, I have been penetration testing for a while now. Over the years, I have seen penetration testing evolve dramatically. Back in the days, tools were not as smart as…

Read More

Pwning Postgres 9.1

12 Sep 2013

I recently came across a Postgres based SQL Injection in a web application. The database in question was the latest version (9.1). I was in luck and the back-end database…

Read More

Read More

A Collaboration worth mentioning..

03 Nov 2012

Hello All, It has been a long time since you have heard from me I am quite excited to share the news that I will be at Black Hat UAE…

Read More

What to/not to expect from pentest

03 May 2012

Hello, it has been a while since I posted something (nothing unusual), but I really wanted to touch on a sensitive/controversial topic. Firstly, the blog just represent my personal opinion…

Read More

Black Hat Eu 2012

18 Mar 2012

Hello All, as always it has been a while since I posted something. Some things never change….. Anyways, I was privileged to speak at yet another Black Hat. This time…

Read More

Hacking Oracle From Web: Part 2

28 Oct 2011

It has been a long time since I posted something. In 2010, I released a paper which talked about how to execute OS code when exploiting a SQL Injection in…

Read More