www.apps3c.info – apps3c personal page

Java applet + serialization in 2024! What could go wrong?

apps3cCode, Notes8 Febbraio 2024

Recently, during a red team engagement with my colleague Maurizio, we came across a website that seemed very outdated. Quickly analyzing the HTML, we noticed something that brought a smile to our faces: a Java Applet. First thought: the backend will definitely not work …

Continua a leggere

Extending Burp Suite for fun and profit – The Montoya way – Part 4

apps3cCode, Notes30 Agosto 2023

Hi there! Today we will see how to add components to the Burp Suite interface that are useful for conveniently managing different scenarios. In detail, we will focus on how to create new tabs for processing HTTP requests and responses. But …

Continua a leggere

Extending Burp Suite for fun and profit – The Montoya way – Part 3

adminCode, Notes19 Luglio 2023

Hi there! In the last article of the series we learned how to develop the most commonly used type of Burp extensions during a penetration test, namely HttpHandler plugins (or HttpListener in the old APIs). These plugins allow us to inspect or modify all HTTP requests …

Continua a leggere

Extending Burp Suite for fun and profit – The Montoya way – Part 2

apps3cCode, Notes5 Luglio 2023

Hi there! Today we will cover how to develop the type of extension most commonly used during a penetration test, namely HttpHandler plugins (or HttpListener in the old APIs). These plugins allow us to inspect or modify all HTTP requests exiting from every tool …

Continua a leggere

Extending Burp Suite for fun and profit – The Montoya way – Part 1

apps3cCode, Notes5 Luglio 2023

Hi there! I have been thinking for a long time about releasing a course or lessons on developing extensions for Burp Suite (and to tell you the truth, I had already created a draft course with accompanying extensions some time ago), and what better …

Continua a leggere

A journey into IoT – Unknown Chinese alarm – Part 4 – Internal communications

apps3cNotes21 Dicembre 2022

Disclaimer: as many other security researchers approaching IoT, I have a background in computer science and I started to work on these subjects with little knowledge about electronics and often with a “YOLO” approach (blame it on an old colleague of mine …

Continua a leggere

Burp Suite and Protobuf

apps3cCode, Notes22 Novembre 2022

Hi, Last year (I know, I’m “a little” late with this article 😀 ) I tested a couple of applications that employed the Protocol Buffers data format (aka “Protobuf”) to serialize data transmitted using the HTTP protocol. Protobuf serializes data in binary format, …

Continua a leggere

Semgrep rules for Kotlin security assessment

apps3cCode, Notes12 Ottobre 2022

Hi, I recently had the chance to assess the security of many applications with a back-end written in the Kotlin language. Unfortunately, at the moment Semgrep‘s support for the Kotlin is still in “Beta” and there are not many public rules for this language. So, …

Continua a leggere

A journey into IoT – Unknown Chinese alarm – Part 3 – Radio communications

apps3cNotes5 Agosto 2022

Continua a leggere

Semgrep rules for PHP security assessment

apps3cNotes22 Giugno 2022

Hi! According to the official documentation, Semgrep is a lightweight, open-source, static analysis tool for finding bugs and enforcing code standards. It supports many different languages and can find bug variants with patterns that look like source code. Together with the tool, a collection of pre-written …

Continua a leggere

Cookie	Durata	Descrizione
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

www.apps3c.info Articoli.

Barra Laterale Scorrevole