Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

Via Giosuè Carducci, 21 - Pomigliano d'Arco (Italy)
Paseo Montjuic, número 30 - Barcelona (Spain)

info@hacktivesecurity.com

+39 06 8773 8747

Machine Learning Red Teaming

Offensive Machine Learning – practical introduction

Disclaimer This article is intended to be an introduction to machine learning applied to cybersecurity that is understandable even to those who approach it without a prior knowledge of the subject. In order to show weaknesses not all best practices will be followed and some logical errors will be voluntarily included, including code. Therefore, the […]

Active Directory

Inside the Mind of a Cyber Attacker: from Malware creation to Data Exfiltration (Part 2)

DISCLAIMER – This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall […]

Active Directory

Unveiling the Hidden Threat: Dissecting a Malware on PyPI repository

In the vast realm of software development, the Python Package Index has long been a trusted repository for Python packages. However, even the most reliable platforms are not immune to the ever-evolving landscape of cyber threats. My recent investigation led me to stumble upon a malicious package lurking within PyPI, disguised as a seemingly “innocent […]

Meet The Team

🇮🇹 Conosciamo Matteo Lucchetti – Penetration Tester/Red Teamer

I miei primi approcci nel campo dell’informatica risalgono circa alla fine degli anni ’90. Avevo poco più di cinque anni quando ho iniziato a mettere le mani sul computer dei miei genitori. Già allora ero molto curioso e mi affascinava esplorare quel vecchio sistema operativo che mi portava a perdermi tra le cartelle del file […]

Red Teaming

Inside the Mind of a Cyber Attacker: from Malware creation to Data Exfiltration (Part 1)

DISCLAIMER – This article is provided for educational and informational purposes only. The techniques, tools, and examples discussed are intended to promote a better understanding of cybersecurity and to enhance defensive measures. The usage of these techniques should strictly adhere to applicable laws, regulations, and ethical guidelines. The author and publisher of this article shall […]

Uncategorized

Hacking the Dutch government

A few months ago I found out that the dutch government is hosting a bug-bounty program that covers a lot of assets from their infrastructures. The program scope available at https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid appears to be really wide, with more than 1000 targets, that allowed to find some interesting application by running some basic passive subdomain enumeration […]

Exploitation

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

Introduction In the past few weeks, I worked with @LukeGix (checkout his blog post on the same vulnerability here) to exploit the CVE-2022-2602, a very interesting bug from multiple perspectives without a public exploit, that impacts the io_uring subsystem with an Use-After-Free vulnerability handling registered file descriptors.We used a Data-Only attack against kernel version 5.15.74 […]

Receive the latest news

Subscribe To Our Newsletter

Get notified about new articles