Blog

Hacking Around: Previse – HTB writeup

Written by Nicola d'Ambrosio - 17 Jan 2022

Today we publish the first post of a new series: Hacking Around. With this series, we want to share some interesting writeups about CTF machines around the most famous websites. So we present you a Previse Writeup (Hack The Box machine), let’s go!

RAUDI: Regularly and Automatically Updated Docker Images

Written by Angelo Delicato - 11 Jan 2022

Some weeks ago I saw one of my co-workers building a couple of Dockerfiles for some Network Security-related tools that do not have an official Docker Image. In my mind I thought: “this Docker Image will never be updated. I hate this”. An idea crossed my mind: how many tools do not have an official […]

Invisible Backdoors in Javascript and How to detect them

Written by Angelo Delicato - 29 Nov 2021

Working in Cybersecurity is like living in the jungle. Every day you gotta watch out for possible threats that could endanger you. Today we talk about a new kind of vulnerability which is quite sneaky, because it is invisible. Yep, we are going to talk about Invisible Backdoors.

ThePhish: an automated phishing email analysis tool

Written by Emanuele Galdi - 4 Nov 2021

As of today, phishing emails are the most widely used infection vector. This means that the number of alerts related to emails to analyze is growing faster and faster. The problem is that analyzing an email is a complex and tedious process that can make an analyst waste the majority of its time on repetitive […]

BlueBorne kill-chain on Dockerized Android

Written by Angelo Delicato and Daniele Capone - 23 Sep 2021

Attacks on any device have become increasingly complex: attackers often string together multiple vulnerabilities in a chain of attacks that can cause devastating effects by requiring little user interaction. The main goals of this post are essentially two: first, we will do a general overview of the various phases of a cyber kill-chain and the […]

Bypass ASLR through function address inference

Written by Daniele Capone and Angelo Delicato - 15 Sep 2021

In this post, we are going to talk about Address Space Layout Randomization (ASLR) and a way to bypass this protection measure. We have reproduced this methodology on Android through the exploitation of an old CVE; however, it is possible to apply it in other contexts as well. Let’s go and see what it is […]

A secure private knowledge base with open-source tools

Written by Angelo Delicato - 8 Sep 2021

Every team has to keep its knowledge in order, it is mandatory to have an internal documentation that is well organized and easy to access. In this post we are going to show how to create a secure private knowledge base with an open-source tool, let’s go forward to it!

A container-based framework for Android emulation (and hacking)

Written by Angelo Delicato - 2 Sep 2021

Currently, there are 3.8 billion smartphone users in the world and this number is going to increase much more in the future; this situation poses a security risk for companies and people. Speaking about security, most of the companies around the world use Cyber Ranges to train their personnel, the problem is that current-generation Cyber […]

Scroll to top