• Firefox configuration hardening, using a single file

    A custom user.js configuration file designed to make your Firefox more secure A user.js file is an alternative method of modifying Firefox’s preferences: it can make certain preference settings more or less “permanent” in a specific profile, and is also a… read more »
  • Search and download exploits from command line, with getsploit

    A python script that search and download exploit from Vulners Database getsploit is a command line search and download tool for Vulners Database. It was inspired by searchsploit, the tool used for search and download from https://www.exploit-db.com. It allows you to… read more »
  • Understanding EXT4

    A really interesting series of articles on SANS Digital Forensics Blog On 2010, Hal Pomeranz has started on SANS Digital Forensics blog a series of technical articles about EXT4 filesystem. What is EXT4? EXT4 is a journaling file system for Linux,… read more »
  • Windows XP is too unstable to spread WannaCry?

    After all, the BSOD is also a useful feature! The researchers of security firm Kryptos Logic has performed an extensive analysis of well known WannaCry ransomware. One of the findings is really interesting (and funny!): WannaCry can infect machines that still… read more »
  • How to query the ‘Have I been pwned?’ service from command line?

    Pretty simple, with a node.js application Have I Been Pwned? is a website created by security expert Troy Hunt, that allows internet users to check if their personal data has been compromised by data breaches. The site collects and analyzes… read more »
  • Malicious documents analysis: my own list of tools

    It’s important to have the right tools to analyze suspect documents! Currently, the main malware infection vehicle remains the classic malicious document attached to an email. So it is very important to have the right tools to analyze suspect documents.… read more »
  • AdBlock or uBlock? Neither!

    Block ads directly from the hosts file Browser extensions for Ads blocking usually works well, but in some cases they use a lot of memory and CPU, especially with really complex web pages. A really god solution for ads blocking, with… read more »
  • Google Dorks, a brief list of resources

    Google hacking for fun and profit In 2002, Johnny Long began to collect interesting Google search queries that uncovers vulnerable systems or sensitive information, and calls them “Google dorks”. We identify with “Google Dorking” the method for finding vulnerable targets using… read more »
  • linux-insides: all about linux kernel

    …in a free collaborative book! linux-insides is a online project developed by 0xAX focused on the making of a book about the linux kernel and its insides: The goal is simple — to share my modest knowledge about the insides of the… read more »
  • Today i’m definitely lazy…

    ..it’s Monday and I don’t want to write anything! It’s true, I didn’t prepare any articles on the weekend, however by accident I saw this nice strip on CommitStrip and… http://www.commitstrip.com/en/2017/02/28/definitely-not-lazy/ (Seriously, how many times did he do this?) [embed]http://www.commitstrip.com/en/2017/02/28/definitely-not-lazy/[/embed]… read more »
  • A seven-years-old remote code execution vulnerability affect all Samba versions since 3.5.0!

    This vulnerability could lead to the next WannaCry? A serious vulnerability in Samba could leave unpatched machines open to an attack similar to WannaCry. The vulnerability has been assigned the CVE-2017–7494 and is described as a remote code execution from… read more »
  • Happy Towel Day!

    “ So, carry a towel and…DON’T PANIC!” Towel Day is an annual tribute to the author Douglas Adams. It’s celebrated every year on 25 May: on this day, fans openly carry a towel with them, as described in Adams’ The… read more »
  • Vulnerabilities and Exploits, my own list of OSINT resources

    Website and mailing lists: any other suggestions would be very welcome. Today i’m glad to share a list of OSINT sources focused on Exploits and Vulnerabilities search. Enjoy! CVEdetails “The ultimate security vulnerability datasource” [embed]http://www.cvedetails.com/[/embed] CVE.mitre Common Vulnerabilities and Exposures is… read more »
  • My online account has been hacked! What can i do right now?

    Because “reset your password” is not enough! Some weeks ago i’ve written a post about the rules that must be followed when your PC was hacked, talking about system restore, backups and password change. So today i wat to share an… read more »
  • How to use the ip command instead of ifconfig

    Did you know that in 2009 it was announced that the ifconfig Linux command would be deprecated? On mostly Linux distribution the ifconfig command has been deprecated and will be definitely replaced by ip command.What are de differences between ifconfig… read more »
  • How to make a “Ultra-Geek” Linux Workstation

    “Avoid interpreted languages, web-based desktop apps, and JavaScript garbage” Yesterday i read a really inspiring article written by Joe Nelson, concerning the making of a extremely-geek Linux workstation, with a minimalist and reactive user interface. Truly interesting, imho, are the… read more »
  • Reverse shell with Netcat: some use cases

    What do you do if you have a Netcat that doesn’t support the -e or -c options to run a shell or your target doesn’t support /dev/tcp? On SANS Penetration Testing Blog i’ve read a really useful article about Netcat,… read more »
  • Turn static HTML into a web application with MAVO

    Without programming skills and without backends Mavo is a javascript library that extends HTML and allow the rapid development of simple web applications: - Mavo extends the syntax of HTML to describe Web applications that manage, store, and transform data. -… read more »
  • WCry/WannaCry Ransomware: a technical analysis

    A useful article by Endgame Amanda Rousseau has published on Endgame Blog a great technical analysis of WannaCry ransomware. The most interesting section of the analysis is, in my point of view, the execution flow of the malware, that explain all… read more »
  • Extracting credentials from Linux memory with MimiPenguin

    The linux porting of Mimikatz   Adapted from the idea behind the popular Windows tool mimikatz, Mimipenguin is a tool, developed by Hunter Gregal, that dumps the login password from the current linux desktop user. Takes advantage of cleartext credentials in… read more »