Skip to the content
Hacktive Security Blog
  • Pin Posts
  • Home
  • Alessandro Groppo

Alessandro Groppo

0
7
CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF
Exploitation

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

Alessandro Groppo
December 21, 2022December 27, 2022
Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very...
Read More
0
9
Linux Kernel Exploit Development: 1day case study
Exploitation

Linux Kernel Exploit Development: 1day case study

Alessandro Groppo
June 13, 2022December 27, 2022
Introduction I was searching for a vulnerability that permitted me to practise what I've learned in the last period on Linux Kernel Exploitation with a...
Read More
0
2
KRWX: Kernel Read Write Execute
Exploitation

KRWX: Kernel Read Write Execute

Alessandro Groppo
March 12, 2022March 12, 2022
Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few...
Read More
0
1
ownCloud Multiple Vulnerabilities
Application Security

ownCloud Multiple Vulnerabilities

Alessandro Groppo
July 27, 2020June 27, 2021
During one of our research activities we discovered several flaws in the ownCloud product.ownCloud is a popular open-source cloud service similar to Google Drive and the last...
Read More
0
0
Android IPC: Part 2 – Binder and Service Manager Perspective
Mobile

Android IPC: Part 2 – Binder and Service Manager Perspective

Alessandro Groppo
April 26, 2020June 21, 2021
Introduction As mentioned in the previous article, Android uses the Binder for IPC communications. Good to know, the Binder was not created by Google. Its...
Read More
0
0
Multiple SSRF on Vanilla Moodle Installations
Application Security

Multiple SSRF on Vanilla Moodle Installations

Alessandro Groppo
April 14, 2020June 21, 2021
During the time dedicated to research we found 2 Server-Side Request Forgery on Moodle. The first one is a Blind SSRF already discovered in 2018 and tracked...
Read More
0
3
Android IPC: Part 1 – Introduction
Mobile

Android IPC: Part 1 – Introduction

Alessandro Groppo
April 5, 2020June 21, 2021
Introduction In the last few months I was studying Android Internals in order to perform some security research in the future. I first tried to...
Read More
0
0
A true story of mobile device geolocation
Application Security

A true story of mobile device geolocation

Alessandro Groppo
December 4, 2019June 21, 2021
TL;DR During the monthly research activity, in accordance with the relative Respnsible Disclosure program, we found and went in depth with an interesting security issue...
Read More
0
3
Rusty Joomla RCE
Application Security

Rusty Joomla RCE

Alessandro Groppo
October 3, 2019June 21, 2021
Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December...
Read More
0
0
Prestashop
Application Security

Prestashop <= 1.7.6.0 RC 1 - Insecure Direct Object Reference

Alessandro Groppo
July 8, 2019June 21, 2021
During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as...
Read More

Recent Post

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

Lock Picking – Part 1

How an Akamai misconfiguration earned us USD 46.000

Workshop: Linux Kernel Exploitation 101 – Part 2

Workshop: Linux Kernel Exploitation 101 – Part 1

Top Category

Application Security

Mobile

Exploitation

  • Pin Posts
Copyright © 2023 Hacktive Security Blog. All rights reserved.
Theme: Masonry Grid By Themeinwp. Powered by WordPress.
To the Top ↑ Up ↑