Today we publish the first post of a new series: Hacking Around. With this series, we want to share some interesting writeups about CTF machines around the most famous websites. So we present you a Previse Writeup (Hack The Box machine), let’s go!
Some weeks ago I saw one of my co-workers building a couple of Dockerfiles for some Network Security-related tools that do not have an official Docker Image. In my mind I thought: “this Docker Image will never be updated. I hate this”. An idea crossed my mind: how many tools do not have an official […]
After the post from last week about CVE-2021-25080 we received another CVE from a similar work on the same plugin. In this case, we found multiple XSS in Contact Entries Plugin: let’s dive into the vulnerability!
A year ago I discovered a stored XSS in Contact Form Entries plugin. It is an interesting case of Cross-Site Scripting vulnerability in headers.
Working in Cybersecurity is like living in the jungle. Every day you gotta watch out for possible threats that could endanger you. Today we talk about a new kind of vulnerability which is quite sneaky, because it is invisible. Yep, we are going to talk about Invisible Backdoors.
As of today, phishing emails are the most widely used infection vector. This means that the number of alerts related to emails to analyze is growing faster and faster. The problem is that analyzing an email is a complex and tedious process that can make an analyst waste the majority of its time on repetitive […]
Attacks on any device have become increasingly complex: attackers often string together multiple vulnerabilities in a chain of attacks that can cause devastating effects by requiring little user interaction. The main goals of this post are essentially two: first, we will do a general overview of the various phases of a cyber kill-chain and the […]
In this post, we are going to talk about Address Space Layout Randomization (ASLR) and a way to bypass this protection measure. We have reproduced this methodology on Android through the exploitation of an old CVE; however, it is possible to apply it in other contexts as well. Let’s go and see what it is […]
Every team has to keep its knowledge in order, it is mandatory to have an internal documentation that is well organized and easy to access. In this post we are going to show how to create a secure private knowledge base with an open-source tool, let’s go forward to it!
Currently, there are 3.8 billion smartphone users in the world and this number is going to increase much more in the future; this situation poses a security risk for companies and people. Speaking about security, most of the companies around the world use Cyber Ranges to train their personnel, the problem is that current-generation Cyber […]