SQL Injection Lab
In 2015, we launched a SQLi lab for attendees to learn SQLi. The challenges ranged from Basic to advanced. While, we no longer support the lab, we have decided to make all the content freely available. Note: some of the techniques described here may not work in the latest edition of the database(s).
Information Security Industry operates on shoulders of giants. We at NotSoSecure are passionate about opensource and as such work with a lot of opensource tooling and we strive to give back to the community also. Tools section lists out various tools build by NotSoSecure current and past employees. Some of the prominent one's are listed below.
- UDP Hunter
UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely known UDP protocols for IPv6 and IPv4 hosts. As of today, UDP Hunter supports 19 different service probes. The tool allows you to do bulk scanning of large networks as well as targeted host scanning for specific ports and more. Once an open service is discovered, UDP Hunter takes it one step further and even provides you guidance on how you can possibly exploit the discovered services. UDP Hunter provides reports in a neat text format, however, support for more formats is under way.
- Android Application Analyzer
The tool is used to analyze the content of the android application in local storage.
The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these pre-published keys.
- Password Cracking Rule
"Our super rule came out on top in all our tests, as well as others we looked at after. We’re sorry to disappoint any Lord of the Rings fans (“One ring to rule them all!”), but despite our rule name, there likely won’t ever be one rule to rule them all as other rule based attacks wouldn’t exist if there was. Password attacks should always be executed factoring in all variables, in particular the available time, hardware resources, dictionary size and algorithm."