- CNBC International: “Chinese drone maker DJI is dominating the market – despite being blacklisted by the U.S.” (06 February)
- Cybersecurity Podcast, un podcast di Nicolas Fasolo: “Intervista a un Vulnerability Researcher” (24 January)
- Rev3rse Security: Intervista con Gabriele Peiretti, Paolo Stagno e Omar El Hamdani (20 Dicembre)
- Speaker at m0leCon: “The Talented Mr. RiPPLey” (19 November)
During the last twenty years Microsoft heavily invested in Windows OS security: both in exploit mitigations, security by design and enforcing security boundaries. Protected Process (PP) and its lightweight cousin, Protected Process Light (PPL), have increased their field of application and are nowadays actively used across various sectors (e.g., DRM and EDR protection, to “shield” main OS functionalities).
As a result, PP/PPL bypasses have also become a hot topic in the industry. This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technology, including past and novel vulnerabilities as well as attack vectors.
As part of the presentation, we will discuss the implementation of PP/PPL processes. The security model of PP/PPL processes will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
A special focus will be on subverting and bending the technology to our will in order to disarm or counter EDR products. While the topic of PP/PPL processes has been shared before at major security conferences in the past, this talk will extend these aspects to include Early Launch AntiMalware (ELAM) and reverse engineering/debugging protected processes.
- Shellsharks Podcast: Vuln Research & Exploit Dev w/ VoidSec – Spotify (16 November)
- Technical reviewer for the “Windows and Linux Penetration Testing from Scratch” book (08 August)
- Intelligence Online: “Exodus Intelligence finds new growth in N-day vulnerabilities” (05 May)
- Twitch & YouTube: “Non c’é DUE senza TRE con Voidsec – Offensive Security”; Italian Only (06 February)
- Featured on “SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999)” (11 February)
- CVE-2021-44228: Wowza Streaming Engine v. <= 4.8.16+1 – RCE (Log4j)
- Speaker at HITB (Hack In The Box): “DriverBuddyReloaded – an IDA Python script to assist with the reverse engineering of Windows kernel drivers” (24-25 November, Abu Dhabi)
- CVE-2021-41285: Crucial Ballistix MOD Utility v. <= 2.0.2.5 – Multiple Privilege Escalation (LPE/EoP)
- CVE-2021-40826, CVE-2021-40827 – Clementine Music Player v. <= v.1.3.1
- YouTube: “A Researcher Life” – Alla ricerca di 0-day
- Twitch Live Session: “A Researcher Life” – Alla ricerca di 0-day (Italian Only)
- CVE‑2021‑1079 – NVIDIA GeForce v.<= 3.31 Vulnerability Disclosure Acknowledgment
- CVE-2021-26237, CVE-2021-26236, CVE-2021-26235, CVE-2021-26234, CVE-2021-26233 – FastStone Image Viewer v.<= 7.5
- CVE-2020-1337 – Windows Print Spooler Elevation of Privilege Vulnerability
- Featured on bleepingcomputer: Unpatched bug in Windows print spooler lets malware run as admin (August)
- Featured on attackerkb: CVE-2020-1337 (August)
- Arctic Code Vault Contributor – (22 July): Joined the Arctic Code Vault project, some of my repos will be preserved forever in the Artic.
- Speaker at IASSP (Istituto Alti Studi Strategici e Politici – Strategic and Political Studies Institute):”Cyberwarfare and Cybercrime” (29 February / 31 March) – Video Stream (Italian Only)
- Speaker at m0leCon:”SCADA, a PLC’s story” (30 November)
During the last few years, SCADA quickly gained the major news headlights with different frightening articles: from STUXNET to breaches like the electrical power supply grid in Ukraine (December 2015). Since SCADA systems are actively used across various industries (oil & gas, pharma, power plants, critical infrastructures) to perform critical operations on daily basis, SCADA security has also become a hot topic in the industry.
This talk will provide a comprehensive overview of the most common SCADA components, known malware and incidents as well as security issues affecting this technology, including existing vulnerabilities in different modules. As part of the presentation, we will disassemble and reverse engineer a PLC and its protocol. This model will be used to demonstrate some aspects of discovered security vulnerabilities.
- Delaini & Partners Breaking News Newsletter: Cybercrime e strategie difensive
Il crescente trend dei cyber attacchi pone, a chiunque lavori nel campo IT, un’importante quesito: siamo pronti? L’obiettivo di questo breve articolo è cercare di sensibilizzare e indirizzare l’attenzione del pubblico verso alcune attività che possono identificare sistemi vulnerabili, rivelare vulnerabilità ignote, gestioni errate dei processi di sicurezza, configurazioni di sistema e applicativi non corrette; tutto questo prima che il sistema venga compromesso dai malintenzionati.I rischi sono reali, vediamo quindi assieme quali sono le “armi” a nostra disposizione.
- DerbyCon – REST in Peace: Abusing GraphQL to attack underlying infrastructure (min 44:10); GraphQL Security Toolkit
- RAI – “Il Mattino di Radio1” (min 17:10). Radio Interview, topic: “Cyberwarfare” (09 July)
- La Repubblica – “Cyberguerra, colabrodo Italia”; published my research regarding the State of Industrial Control Systems (ICS) in Italy (07 July)
- Speaker at Typhooncon: “A Drone Tale, All Your Drones Are Belong To Us” (13-14 June)
- Launched ECG closed beta. ECG is the first and the only commercial solution able to detect real and complex security vulnerabilities in TCL/ADP source-code. (11 June)
- RubyZip Arbitrary File Write (24 April)
- Metasploit RCE via RubyZip Arbitrary File Write (Zip Slip) – CVE-2019-5624 (24 April)
- pwnhead Ranked as the 6th best Italian Security Researcher and 60th in the world (12 January)
- Speaker at Hacktivity: “A Drone Tale, All your drones are belong to us” (12-13 October)
- Speaker at SEC-T: “A Drone Tale, All your drones are belong to us” (13-14 September)
- TIM Telecom Italia Wall of Fame – Multiple Vulnerabilities (August)
- Featured on Hacker Journal 221: Article (June)
- Speaker at Hackinbo: “A Drone Tale, All your drones are belong to us” (26 May)
- Featured on The Register: Why you shouldn’t trust a stranger’s VPN: Plenty leak your IP addresses (29 March)
- Featured on Securityinfo: Molte VPN permettono di individuare l’IP di chi naviga (29 March)
- Featured on Reddit /r/netsec (Top Trending): I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%) (28 March)
- Featured on bleepingcomputer: Many VPN Providers Leak Customer’s IP Address via WebRTC Bug (28 March)
- Featured on Security Affairs: 20% of tested VPN providers leaks users’ IPs via WebRTC (28 March)
- Oracle JD Edwards EnterpriseOne Tools – Multiple XSS (cpujan2018-3236628) (16 January)
- SSD Advisory – Angular-CLI Authentication Bypass (04 October)
- 0day.today – HPE OpenCall Media Platform (OCMP) <= 4.3.2 – Remote File Inclusion/Multiple Cross-Site Scripting Vulnerabilities
- PACKT Publishing – Digital Forensics with Kali Linux (02 May)
- HPESBGN03686 rev.1 – HPE OpenCall Media Platform (OCMP), Remote Code Execution, Cross-Site Scripting. CVE-2017-5799 CVE-2017-5798 (24 April) Seclists & Vuldb
- SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities (24 April)
- DroneSec – Hacking the DJI Phantom 3 (24 January)
- How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools – Hacking the DJI Phantom 3 (14 January)
- Tech Economy, skuola.net, Il Giornale, ANSA.it, La Stampa, Corriere della Sera, Il Fatto Quotidiano, TGcom24, Leggo – 18app.italia.it CERT Responsible Disclosure (26 November)
- HackInBo Winter Edition 2016 (29 October)
- CheFuturo – Botnet Hunters, quei cacciatori che setacciano il web e vanno a caccia di malware
- PACKT Publishing – Kali Linux 2: Windows Penetration Testing (14 July)
- Finalist at European Security Blogger Awards (08 June)
- Security Focus, 0Day Today & Exploit Database – VirIT Explorer Lite & Pro v.8.1.68 – Local Privilege Escalation Vulnerability (19 May)
- Exploit-DB – Phorum Open Source PHP Forum – Multiple Vulnerabilities (21 Aprile)
- Security Affairs: Security experts from VoidSec discovered multiple of flaws in the Avactis PHP Shopping Cart – (18 Aprile)
- Exploit-DB – Avactis PHP Shopping Cart – Multiple Vulnerabilities (13 Aprile)
- eBay – Wall of Fame – Paolo Stagno (@Void_Sec – http://voidsec.com) (Novembre 2015) – CSRF
- The Washington Post: How the Internet black market profits off trans discrimination – (29 Gennaio)
An analysis by the cybersecurity analyst Paolo Stagno, commissioned by The Washington Post, found dozens of sellers offering common HRT medications in Deep Web marketplaces like Hansa and Valhalla, typically for $1 to $2 per pill.
- Security Affairs: Aethra botnet made up of 12000 Italian devices threatens businesses – (23 Dicembre)
- JavaScript2img – Wall of Fame – Paolo Stagno (@Void_Sec – http://voidsec.com) (25 Novembre)
- WineHat – (Torino, 7-8 Novembre) – Reporter: Reportage WineHat 2015
- Software Zone – Pirate’s Night Show (04 Novembre)
- Pirate’s Night Show – Web Application Penetration Test pt2 con Paolo Stagno (03 Novembre)
- Pirate’s Night Show – Web Application Penetration Test con Paolo Stagno (27 Ottobre)
- HackInBo – (Bologna, 17 Ottobre) – Reporter: Reportage HackInBo 2015 – Winter Edition
- Pirate’s Night Show – Advanced Persistent Threat con Paolo Stagno (13 Ottobre)
- VoidSec CTF: Secure the Flag – Web based CTF (Sabato 26 Settembre – Domenica 11 Ottobre)
- Pirate’s Night Show – CyberSecurity con Paolo Stagno (22 Settembre)
- eBay – Wall of Fame – Paolo Stagno (@Void_Sec – http://voidsec.com) (3 Agosto) – HTTP Response Splitting
- Vice: That Social Network App ‘Backed’ by Anonymous Uses Weak Encryption – (23 Giugno)
- Seclists.org: Minds.com – Several Issues – (23 Giugno)
- The Interdisciplinary Internet Institute (theiii): The new privacy-friendly social network: Minds. But is it secure? – (19 Giugno)
- Security Affairs: Voidsec disclosed a number of flaws affecting Minds.com Platform – (18 Giugno)
- HackInBo – (Bologna, 23-24 Maggio) – Reporter: Reportage HackInBo Lab edition
- Infosec Institute: Hacking communities in the Deep Web – (15 Maggio)
- Infosec Institute: PoS Malware is More Effective and Dangerous – (10 Aprile)
- Droidcon – (Torino, 9-10 Aprile) – Relatori: Android (Un)Security Guidelines
- Security Summit – (Milano, 17-18-19 Marzo) – Contributore per iDIALOGHI del Rapporto Clusit – Panoramica degli Attacchi 2014
e relatore del talk: “APT, Social Network e Cybercriminali: strategie difensive”
Il Rapporto 2015 è frutto del lavoro di un centinaio di esperti e della collaborazione di un gran numero di soggetti pubblici e privati, che hanno condiviso con Clusit informazioni e dati di prima mano e condiviso le proprie esperienze sul campo. Inizia con una panoramica degli eventi di cyber-crime e incidenti informatici più significativi degli ultimi dodici mesi. Si tratta di un quadro estremamente aggiornato della situazione globale, con particolare attenzione alla situazione italiana. - Ghost Blogging Platform – Multiple Vulnerabilities CVE-2015-1407
- HackInBo – (Bologna, 11 Ottobre) – Reporter: Reportage HackInBo winter edition
- Lega Nerd – Shellshock/BashBug: quello che dovete sapere – (Torino, 29 Settembre)
- SamKnows – (Torino, 25 Settembre) – European Commission Broadband Performance Monitoring
- Cyberia – (Torino, 14 Settembre) – Reporter
Free Libre Open Source Software con la partecipazione di Richard Stallman - SMAU – (Torino, 13 Maggio) – Reporter
- HackInBo – (Bologna, 3 Maggio) – Reporter: Reportage HackInBo spring edition
- Deftcon – (Milano, 11 Aprile) – Reporter: Reportage Deftcon 2014
- Droidcon – (Torino, 6-7 Febbraio) – Reporter: Reportage Droidcon 2014
- La Repubblica – White hat sotto la Mole – (Torino, 2 Novembre)
- Linux Day – (Torino, 26 Ottobre) – Relatori: Penetration test con Kali Linux
Reportage e slide della presentazione - La Repubblica – Anonymous contro i siti del Csi – (Torino, 26 Ottobre)
- HackInBo – (Bologna, 20 Settembre) – Reporter: Reportage HackInBo 2013
- Symantec Cyber Readiness Challenge – (Roma, 23 Maggio) – 10° classificati
Reportage Symantec Challenge