NotSoSecure Blog

Pwning Postgres 9.1

12 Sep 2013

I recently came across a Postgres based SQL Injection in a web application. The database in question was the latest version (9.1). I was in luck and the back-end database…

Read More

Read More

A Collaboration worth mentioning..

03 Nov 2012

Hello All, It has been a long time since you have heard from me I am quite excited to share the news that I will be at Black Hat UAE…

Read More

What to/not to expect from pentest

03 May 2012

Hello, it has been a while since I posted something (nothing unusual), but I really wanted to touch on a sensitive/controversial topic. Firstly, the blog just represent my personal opinion…

Read More

Black Hat Eu 2012

18 Mar 2012

Hello All, as always it has been a while since I posted something. Some things never change….. Anyways, I was privileged to speak at yet another Black Hat. This time…

Read More

Hacking Oracle From Web: Part 2

28 Oct 2011

It has been a long time since I posted something. In 2010, I released a paper which talked about how to execute OS code when exploiting a SQL Injection in…

Read More

LDAP/XPATH Injection tools

16 Aug 2011

At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting…

Read More

APPSECUSA CTF! Another Write Up

06 Jul 2011

I recently came across the Appsec USA CTF. I must say it was a fantastic CTF and i wish there were more CTFs around application security topics. Well done Appsec…

Read More