• Mar 20, 2017

    Are you still using telnet on Cisco devices? I think you should disable it!

    The vulnerability is still unpatched Cisco has published an advisory concerning a vulnerability in its product, discovered while analyzing the “Vault 7” documentation published by Wikileaks last week. The vulnerability affects the Cluster Management Protocol in Cisco IOS and Cisco… read more »
  • Mar 20, 2017

    Open Source Intelligence tools for social media: my own list

    A constantly updated list of OSINT Sources   I continue the publication of my lists of OSINT sources, this time with a list focused on social networks public data. Twitter AllMyTweets View all tweets from any Twitter user on one page.… read more »
  • Mar 17, 2017

    Madame R. Sidney Pratten’s Guitar School

    One of the most important guitarists of the 19th century A very interesting article of Daniel Nistico on Classical Guitar N Stuff, that made me discover Sidney Pratten and her method book: “Guitar School”. Catharina Josepha Pratten (1821–1895) was one of… read more »
  • Mar 16, 2017

    My personal list of OSINT sources: search tools

    All the informations are online, you just need to know how to find them In a previous post, we discovered the real power of OSINT sources, now let’s start to see some helpful links from my personal list. Today the focus… read more »
  • Mar 15, 2017

    OSINT, the secret weapon of 4channers

    “A good rule of the Internet is to never tell 4chan something is impossible.” What happened between Shia LaBeouf and some users of 4chan? The news now is fairly well known, but I try to summarize the main points of… read more »
  • Mar 14, 2017

    BinSkim: a great tool for Windows PE Binary security assessments

    Validate compiler/linker settings and other security-relevant binary characteristics BinSkim is one of the tools released by Microsoft with Open Source license. Is a binary static analysis tool that scans Windows Portable Executable (PE) files in order to validate compiler/linker settings… read more »
  • Mar 13, 2017

    Gathering e-mail accounts information with Infoga

    Really simple tool, but very effective! Infoga is a python script that allows gathering email information with Google, Bing, and Shodan: Infoga is a tool for gathering e-mail accounts information from different public sources (search engines, pgp key servers). Is… read more »
  • Mar 9, 2017

    D’oh! Another Apache Struts 2 vulnerability!

    Upgrade now, some attacks are already in progress! Another serious vulnerability was discovered in Apache Struts 2. Affected versions Apache Struts 2.3.5–2.3.31 Apache Struts 2.5–2.5.10 The vulnerability The vulnerability (CVE-2017–5638), firstly reported by the security researcher Nike Zheng, is a… read more »