Il mio primo approccio al mondo dell’informatica, differentemente da quanto ci si aspetterebbe, è stato simile a quello di molti altri che, come me, sono nati alla fine degli anni ’90: la prima volta che ho interagito con un computer non ho fatto altro che accenderlo, aprire un file mp3 con il media player di […]
Disclaimer This article is intended to be an introduction to machine learning applied to cybersecurity that is understandable even to those who approach it without a prior knowledge of the subject. In order to show weaknesses not all best practices will be followed and some logical errors will be voluntarily included, including code. Therefore, the […]
DISCLAIMER – This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall […]
The devil and holy water THE SITUATION Having had the opportunity to observe a few hundred companies over the past 30 years, to date there is a greater and growing awareness of information security issues or corporate security more generally. It can be said that a good portion of the corporate and medium-sized enterprise has […]
In the vast realm of software development, the Python Package Index has long been a trusted repository for Python packages. However, even the most reliable platforms are not immune to the ever-evolving landscape of cyber threats. My recent investigation led me to stumble upon a malicious package lurking within PyPI, disguised as a seemingly “innocent […]
I miei primi approcci nel campo dell’informatica risalgono circa alla fine degli anni ’90. Avevo poco più di cinque anni quando ho iniziato a mettere le mani sul computer dei miei genitori. Già allora ero molto curioso e mi affascinava esplorare quel vecchio sistema operativo che mi portava a perdermi tra le cartelle del file […]
DISCLAIMER – This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall […]
Il mio percorso professionale è iniziato nel mondo delle TLC nel 1983, tra le braccia della Mamma dei Fili nazionale: da lì in poi ho avuto la fortuna sfacciata di partecipare a più o meno tutte le corse all’oro legate alla continua rivoluzione tecnologica. Dai fosfori verdi della CLI del terminale 3270 fino a Chat […]
A few months ago I found out that the dutch government is hosting a bug-bounty program that covers a lot of assets from their infrastructures. The program scope available at https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid appears to be really wide, with more than 1000 targets, that allowed to find some interesting application by running some basic passive subdomain enumeration […]
Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very interesting bug from multiple perspectives without a public exploit, that impacts the io_uring subsystem with an Use-After-Free vulnerability handling registered file descriptors.We used a Data-Only attack against kernel version 5.15.74 […]