Disclaimer: as many other security researchers approaching IoT, I have a background in computer science and I started to work on these subjects with little knowledge about electronics and often with a “YOLO” approach (blame it on an old colleague of mine ). …
www.apps3c.info Articoli.
DISCLAIMER: as many other security researchers approaching IoT, I have a background in computer science and I started to work on these subjects with little knowledge about electronics and often with a “YOLO” approach (blame it on an old colleague of mine …
Hi! Years ago ( 🙁 ) I wrote an article with the purpose of starting a series to introduce various IoT concepts to hackers and penetration testers that approach the topic for the first time. Unfortunately, that article was left alone for a long …
Hi, A few days ago, Hack In Paris published on YouTube the videos of the talks of the 2021 edition, including our talk on Brida 0.5! The video of our talk “Easy” mobile penetration testing with Brida is available here. In …
Hi! Last Friday my colleague Piergiovanni and I presented the new features of Brida 0.4 and 0.5 at Hack In Paris 2021! We presented two versions because we were supposed to introduce Brida 0.4 during Hack In Paris 2020, but due to the …
Hi! I just released version 0.7 of the Java Deserialization Scanner, with a small improvement in the “Exploiting” tab. In this tab, it is possible to use the ysoserial tool to generate exploitation payloads, once the presence of a deserialization issue has been confirmed using …
Hi! Today I’m publishing a new Ghidra extension based on the same idea of Brida, a Burp Suite extension created with my colleague Piergiovanni. The idea is simple: everything is better if it can take advantage of Frida‘s super powers! 😀 ghidra2frida is a Ghidra …
Hi! Today we have released another little Ghidra script named ListingLover. What is it for? Well, almost exactly one year ago, a guy named Guy ( 😀 ) published a series of wonderful IDA Pro reversing tips. One of them made me discover a feature …
Hi! This is my first article on HN Security‘s blog and I think that showcasing a little tool developed together with Marco to help us in our everyday’s mobile assessments could be a good pick for a new beginning! The tool is called FOX. …
Hi! I published on my GitHub repository an exploit for PrimeFaces CVE-2017-1000486 based on an existent one created by pimps (the original one is here). CVE-2017-1000486 is a RCE issue in many versions of PrimeFaces disclosed by Minded Security in …