Recent Posts

Categories

Archives

Penetration Testing: The Art or The Science?

September 20, 2013

So, I have been penetration testing for a while now. Over the years, I have seen penetration testing evolve dramatically. Back in the days, tools were not as smart as they are now. Now, we have state of art tools (burp Pro, Net Sparker, HP Web Inspect to name a… Read More

Pwning Postgres 9.1

September 12, 2013

I recently came across a Postgres based SQL Injection in a web application. The database in question was the latest version (9.1). I was in luck and the back-end database user was “postgres” which is the default superuser account in Postgres. If you recall, Postgres and Php allows execution of… Read More

The Art of Exploiting Injection Flaws@Black hat Vegas 2013

April 23, 2013

Hello All, The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, CRLF etc etc. I think, 2 days is not enough time to learn the… Read More

A Collaboration worth mentioning..

November 3, 2012

Hello All, It has been a long time since you have heard from me 🙁 I am quite excited to share the news that I will be at Black Hat UAE 2012 to present a new talk titled ‘The Art of Exploiting Logical Flaws’. So, as most of you would… Read More

What to/not to expect from pentest

May 3, 2012

Hello, it has been a while since I posted something (nothing unusual), but I really wanted to touch on a sensitive/controversial topic. Firstly, the blog just represent my personal opinion and not that of my employer, so do not draw any conclusions! So, to start the debate, I have a… Read More