Notsosecure - notsosecure.com
General Information:
Latest News:
The Art of Exploiting Injection Flaws@Black hat Vegas 2013 24 Apr 2013 | 12:03 am
Hello All, The popular course on Injection Flaws will return to Las Vegas at Black hat 2013. The 2 days hands on course covers Injection flaws and ONLY injection flaws. We dont talk about XSS, CSRF, ...
A Collaboration worth mentioning.. 3 Nov 2012 | 11:05 am
Hello All, It has been a long time since you have heard from me I am quite excited to share the news that I will be at Black Hat UAE 2012 to present a new talk titled ‘The Art of Exploiting Logical ...
What to/not to expect from pentest 4 May 2012 | 10:04 am
Hello, it has been a while since I posted something (nothing unusual), but I really wanted to touch on a sensitive/controversial topic. Firstly, the blog just represent my personal opinion and not th...
Black Hat Eu 2012 18 Mar 2012 | 09:11 pm
Hello All, as always it has been a while since I posted something. Some things never change….. Anyways, I was privileged to speak at yet another Black Hat. This time i was a 2nd speaker and along wi...
Hacking Oracle From Web: Part 2 29 Oct 2011 | 03:32 am
It has been a long time since I posted something. In 2010, I released a paper which talked about how to execute OS code when exploiting a SQL Injection in a web app which talks to oracle database. Bac...
LDAP/XPATH Injection tools 17 Aug 2011 | 05:14 am
At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, x...
APPSECUSA CTF! Another Write Up 7 Jul 2011 | 07:39 am
I recently came across the Appsec USA CTF. I must say it was a fantastic CTF and i wish there were more CTFs around application security topics. Well done Appsec team and organizers. The official wri...
BSQLBF v 2.7 21 Jun 2011 | 05:36 am
An updated version is now available for download. This supports “-nomatch” switch. The -nomatch switch is exactly opposite of the -match switch, ie, it will look for the supplied unique keyword which ...
Upcoming Conferences 4 Jun 2011 | 08:34 pm
It has been a long time since i posted something here ; infact, so long that i even forgot the password for the blog So, Just a small update on the things i have got lined up for the upcoming Confere...
Oracle CPU Jan 2011 19 Jan 2011 | 08:23 pm
Oracle recently patched a vulnerability which I reported in 2009. The vulnerability was a SQL Injection in procedure mdsys.reset_inprog_index(). This procedure cannot be executed by public and when I ...
