• Happy Towel Day!

    “ So, carry a towel and…DON’T PANIC!” Towel Day is an annual tribute to the author Douglas Adams. It’s celebrated every year on 25 May: on this day, fans openly carry a towel with them, as described in Adams’ The… read more »
  • Vulnerabilities and Exploits, my own list of OSINT resources

    Website and mailing lists: any other suggestions would be very welcome. Today i’m glad to share a list of OSINT sources focused on Exploits and Vulnerabilities search. Enjoy! CVEdetails “The ultimate security vulnerability datasource” [embed]http://www.cvedetails.com/[/embed] CVE.mitre Common Vulnerabilities and Exposures is… read more »
  • My online account has been hacked! What can i do right now?

    Because “reset your password” is not enough! Some weeks ago i’ve written a post about the rules that must be followed when your PC was hacked, talking about system restore, backups and password change. So today i wat to share an… read more »
  • How to use the ip command instead of ifconfig

    Did you know that in 2009 it was announced that the ifconfig Linux command would be deprecated? On mostly Linux distribution the ifconfig command has been deprecated and will be definitely replaced by ip command.What are de differences between ifconfig… read more »
  • How to make a “Ultra-Geek” Linux Workstation

    “Avoid interpreted languages, web-based desktop apps, and JavaScript garbage” Yesterday i read a really inspiring article written by Joe Nelson, concerning the making of a extremely-geek Linux workstation, with a minimalist and reactive user interface. Truly interesting, imho, are the… read more »
  • Reverse shell with Netcat: some use cases

    What do you do if you have a Netcat that doesn’t support the -e or -c options to run a shell or your target doesn’t support /dev/tcp? On SANS Penetration Testing Blog i’ve read a really useful article about Netcat,… read more »
  • Turn static HTML into a web application with MAVO

    Without programming skills and without backends Mavo is a javascript library that extends HTML and allow the rapid development of simple web applications: - Mavo extends the syntax of HTML to describe Web applications that manage, store, and transform data. -… read more »
  • WCry/WannaCry Ransomware: a technical analysis

    A useful article by Endgame Amanda Rousseau has published on Endgame Blog a great technical analysis of WannaCry ransomware. The most interesting section of the analysis is, in my point of view, the execution flow of the malware, that explain all… read more »
  • Extracting credentials from Linux memory with MimiPenguin

    The linux porting of Mimikatz   Adapted from the idea behind the popular Windows tool mimikatz, Mimipenguin is a tool, developed by Hunter Gregal, that dumps the login password from the current linux desktop user. Takes advantage of cleartext credentials in… read more »
  • WannaCry Ransomware: What we know so far

    A press review constantly updated (last update: 20170515 10:00) How it works? Once WannaCry infects a PC behind the firewall, it can move laterally within networks and self-propagate to other systems, scanning and identifying systems with ports 139 and 445 open, listening… read more »
  • Yes, a security researcher saved the world by mistake!

    Spread of Wannacry Ransomware has been slowed simply registering a domain name In these hours everyone is writing something about Wannacry ransomware, often even providing discordant or misleading information. So if you want more information about the infection, take a look… read more »
  • Five online services to perform a port scanning

    …and a python script to rule them all! In early stages of penetration tests you could like to run a port scan on a host without having it originated from your IP address. You can use some online services that allows… read more »
  • Technology is wonderful: Microsoft’s “Project Emma”

    A wearable for Parkinson’s disease sufferers “Emma” is a wrist wearable that can help people suffering with Parkinson’s disease, created by Haiyan Zhang, Innovation Director at Microsoft Research in Cambridge. The device is named as the Parkinson’s sufferer that helped… read more »
  • How to use a cisco PCF file to connect to a corporate VPN with Linux

    In four simple steps! Do you have a configuration file for a cisco VPN client (PCF) and do you need to use it on your linuxbox? “It could work!” You can convert the PCF and connect to the corporate VPN with 4… read more »
  • The “Crazy Bad” vulnerability has been fixed by Microsoft in a very short time

    And ProjectZero releases the details of the vulnerability With an emergency update, Microsoft fixed the vulnerability in the Microsoft Malware Protection Engine discovered by ProjectZero over the weekend, and which the two described as “the worst Windows remote code exec… read more »
  • “Bond007.01”, a new botnet used for cryptocurrency mining and DDoS attacks

    Infects servers and earning around a thousand dollars a day This new botnet coming out of China and was discovered by researchers at GuardiCore Labs. The infected systems (up to 15,000 Windows servers) make up a wide variety of government, corporate,… read more »
  • The worst Windows RCE exploit of all time is coming?

    Google Project Zero’s researchers have discovered another critical remote code execution vulnerability in Microsoft’s Windows, and it seems something truly bad! UPDATE Microsoft immediately releases a fix, and ProjectZero releases vulnerability details: [embed]https://www.andreafortuna.org/the-crazy-bad-vulnerability-has-been-fixed-by-microsoft-in-a-very-short-time-9dd54c0d0ece[/embed] During the weekend, the Project Zero’s researchers Tavis… read more »
  • Composing music using the Higgs boson LHC data

    I discover it out late enough, but the project is fantastic! On Wednesday 4th July 2012, scientists at CERN announced that they had found a Higgs-like particle after analysing results from the Large Hadron Collider. After the announce, Domenico Vicinanza… read more »
  • Digital forensics on automotive infotainment systems

    It contains tons of historical data that can be useful in a after-crash analysis The current generation of automotive infotainment and telematics systems is very powerful, and offers a large set of features, like: Digital radio Satellite (GPS) navigation Bluetooth… read more »
  • Intel patches a remote code execution bug hidden in its chips since 2008

    For the past seven years, millions of Intel PCs have been potentially vulnerable Intel have announced that there is a privilege escalation vulnerability in their Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) products. These products provide… read more »