• Sep 2, 2020

    Backdoorplz, a privilege escalation tool for Windows

    Security pentester Jean Maes published a tool on Github called Backdoorplz. Backdoorplz [1] is a portable executable (PE) file that creates a user ("LegitAdmin" with password "Backdoor123!") on a Windows device and adds it to the local administrators group of granting administrator privileges to the user. The command… read more »
  • Aug 31, 2020

    iOS Forensics: HFS+ file system, partitions and relevant evidences

    In order to perform a correct forensic analysis on a Apple device, a basic knowledge of storage, file allocation methods relevant files paths is always required. So, let’s try to write down some basic information… The HFS+ filesystem The Hierarchical… read more »
  • Aug 28, 2020

    “Fish Tank”: composing from a fishbowl

    "Fish Tank" is the title of my new EP, released last week on all major streaming services. It comes from a set of musical ideas collected during the COVID-19 lockdown occured in Italy in the past months. I lived for… read more »
  • Aug 26, 2020

    SharpKatz, a C# port of Mimikatz

    There are many version of Mimikatz, and today I’d like to share a C# port, “SharpKatz”. SharpKatz has been developed by security researcher b4rtik, and released on Github [1]. The tool implements the Sekurlsa module of Mimikatz used for attacks such… read more »
  • Aug 24, 2020

    Weekly Privacy Roundup #15

    “We will have more Internet, larger numbers of users, more mobile access, more speed, more things online and more appliances we can control over the Internet.” - Vinton Cerf Primary Indian ticket vendor suffers crippling data breach One of India’s… read more »
  • Aug 21, 2020

    Routopsy: hacking Routing with Routers

    A really interesting talk by Szymon Ziolkowski and Tyron Kemp by SensePost, presented at BlackHat USA 2020. During their engagements, researchers found various networks vulnerable to insecure, misconfigured, and often overlooked networking protocols, including dynamic routing protocols (referred to as DRP‘s) and… read more »
  • Aug 19, 2020

    Pen Test Partners: Boeing 747 walk through, from a hacker’s perspective

    The Boeing 747 is one of the best known and most popular airliners of all time. Designed in the 1960s and entered service in 1970, it was the largest airliner in the world in terms of passenger capacity for 37… read more »
  • Aug 17, 2020

    SANS Institute: how to turn a data breach into an educational opportunity

    The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide.In a notification posted recently on their site, the organization states that a phishing attack that target an employee allowed a threat actor to… read more »