โŒ

Reading view

There are new articles available, click to refresh the page.

Conosciamo Alessio Romano โ€“ Penetration Tester

Il mio primo approccio al mondo dellโ€™informatica, differentemente da quanto ci si aspetterebbe, รจ stato simile a quello di molti altri che, come me, sono nati alla fine degli anni โ€™90: la prima volta che ho interagito con un computer non ho fatto altro che accenderlo, aprire un file mp3 con il media player di [โ€ฆ]

Inside the Mind of a Cyber Attacker: from Malware creation to Data Exfiltration (Part 2)

DISCLAIMER โ€“ This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall [โ€ฆ]

Security VS Corporate Management

The devil and holy waterย  THE SITUATIONย  Having had the opportunity to observe a few hundred companies over the past 30 years, to date there is a greater and growing awareness of information security issues or corporate security more generally. It can be said that a good portion of the corporate and medium-sized enterprise has [โ€ฆ]

๐Ÿ‡ฎ๐Ÿ‡น Conosciamo Matteo Lucchetti โ€“ Penetration Tester/Red Teamer

I miei primi approcci nel campo dellโ€™informatica risalgono circa alla fine degli anni โ€™90. Avevo poco piรน di cinque anni quando ho iniziato a mettere le mani sul computer dei miei genitori. Giร  allora ero molto curioso e mi affascinava esplorare quel vecchio sistema operativo che mi portava a perdermi tra le cartelle del file [โ€ฆ]

Inside the Mind of a Cyber Attacker: from Malware creation to Data Exfiltration (Part 1)

DISCLAIMER โ€“ This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall [โ€ฆ]

Hacking the Dutch government

A few months ago I found out that the dutch government is hosting a bug-bounty program that covers a lot of assets from their infrastructures. The program scope available at https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid appears to be really wide, with more than 1000 targets, that allowed to find some interesting application by running some basic passive subdomain enumeration [โ€ฆ]

Intigriti November XSS Challenge

The bug bounty program Intigriti hosts an XSS challenge every month. This time, the challenge was about bypassing CSP by reloading a VueJS instance, getting able to exploit a client side template injection. My solution can be summarized in 4 main steps: Finding reflection and achieving HTML Injection Accessing an abusable piece of code, containing [โ€ฆ]

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very interesting bug from multiple perspectives without a public exploit, that impacts the io_uring subsystem with an Use-After-Free vulnerability handling registered file descriptors.We used a Data-Only attack against kernel version 5.15.74 [โ€ฆ]

Workshop: Linux Kernel Exploitation 101 โ€“ Part 2

Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale รจ stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci problemi con altre release. Per iscriverti al workshop del 25 settembre, segui le pagine social di Cyber Saiyan (organizzazione di Romhack) Linkedin: https://www.linkedin.com/company/cyber-saiyan/ Twitter: https://twitter.com/cybersaiyanIT Link allโ€™evento: https://romhack.camp/camp-schedule/ Inoltre, per rimanere [โ€ฆ]

Workshop: Linux Kernel Exploitation 101 โ€“ Part 1

Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale รจ stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci problemi con altre release. Per iscriverti al workshop del 25 settembre, segui le pagine social di Cyber Saiyan (organizzazione di Romhack) Linkedin: https://www.linkedin.com/company/cyber-saiyan/ Twitter: https://twitter.com/cybersaiyanIT Link allโ€™evento: https://romhack.camp/camp-schedule/ Inoltre, per rimanere [โ€ฆ]

Dynamic caching: What could go wrong?

Tl;DrThe Engintron plugin for CPanel presents a default configuration which could expose applications to account takeover and / or sensitive data exposure due to cache poisoning attacks. Whenever a client sends a request to a web server, the received response is processed and served by the back-end service each time. In case of an high [โ€ฆ]

Linux Kernel Exploit Development: 1day case study

Introduction I was searching for a vulnerability that permitted me to practise what Iโ€™ve learned in the last period on Linux Kernel Exploitation with a โ€œreal-lifeโ€ scenario. Since I had a week to dedicate my time in Hacktive Security to deepen a specific argument, I decided to search for a public vulnerability without a public [โ€ฆ]

KRWX: Kernel Read Write Execute

Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few tools that assissted me (and currently assist) on better understanding specific topics. Today I want to release my favourine one: KRWX (Kernel Read Write Execute). It is a simple LKM [โ€ฆ]

Intigriti XSS Challenge โ€“ December 2021

The approach to this challenge was completely different from the past two months, as the vulnerable component was on the backend, forcing us to approach it as a black box scenario. The page presents a simple submittable get form providing the open and payload parameters. To reach that from the UI, a user has to [โ€ฆ]
โŒ