Conosciamo Alessio Romano – Penetration Tester
Il mio primo approccio al mondo dell'informatica, differentemente da quanto ci si aspetterebbe, è stato simile a quello di molti altri che, come me, sono...
🇮🇹 Conosciamo Enrico Ingenito – Sales Manager
Il mio percorso professionale è iniziato nel mondo delle TLC nel 1983, tra le braccia della Mamma dei Fili nazionale: da lì in poi ho...
Workshop: Linux Kernel Exploitation 101 – Part 2
https://youtu.be/2FMTdFbjIsk Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Workshop: Linux Kernel Exploitation 101 – Part 1
https://youtu.be/gkXsH0eJQvY Slide: https://hacktivesecurity-my.sharepoint.com/:b:/p/alessandro/EX9sSrCCRIlLqvkHoRl7_jQBB6xKgV_qLL9UA5fIwf2Cbw?e=cCQpixMateriale utilizzato nel video (per poter replicare i lab): https://hacktivesecurity-my.sharepoint.com/:u:/p/alessandro/EX08cV3wTzZJsEeEQwZvw80BbybF2CpUmJdsXXGlY0hnwA?e=JaGru3Il materiale è stato testato con Ubuntu 20.04 con architettura x86_64. Non dovrebbero esserci...
Responsible disclosure – Reflected XSS on hireon.amazon.com
On March 13th, by using dnsrecon (https://github.com/darkoperator/dnsrecon) and a huge wordlist, I came across with an Amazon domain (hireon.amazon.com) with a Reflected XSS. Usually I...
Happy Hacking Easter (story of privacy violation into an eggshell)
In accordance with ethics of responsible disclosure, the vendor was informed but emails were left unreplied/ignored Timeline First email on 08 March 2016Second email on...
Symantec Security Information Manager, multiple vulnerabilities (XSS, SQLi, Information Disclosure)
Hi there, we missed here for quite a while but one more time we are back with something (hopefully) interesting. In the past months we...
Abusing Ruzzle protocol, privacy violation and more…
In the beginning of January 2013 we started a security research project focused on some of the most spreaded mobile applications and considering how popular Ruzzle became...