A Drone Tale

During the previous months I've been a speaker for various international conferences: Hackinbo (Italy, 26-27 May), Sec-T (Stockholm, 13-14 September) and Hacktivity (Budapest, 12-13 October) with a talk named: "A Drone Tale: All Your Drones Belongs To Us". A talk where I detailed analysed the DJI Phantom 3 model’s architecture , its attack vectors, reverse-engineered the SDK and the network protocol. I also had a specific focus section on Drones Forensics Artefacts Analysis and Methodology. Here you can find and download [...]

Telegram Secret Chat Bug

For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know). Telegram Secret Chat If you are not practical with the concept of Telegram’s Secret Chat: “Secret chats are meant for people who want more secrecy than [...]

Instrumenting Electron Apps for Security Testing

This is a re-posting of the original article "Instrumenting Electron Apps for Security Testing" that I have wrote on Doyensec What is Electron? The Electron Framework is used to develop multi-platform desktop applications with nothing more than HTML, JavaScript and CSS. It was initially developed for GitHub's Atom editor and since then it was used to create applications like Discord, Ghost, GitHub, Skype, Slack, Wire and a lot more. While for the traditional desktop application various security techniques exists in order to [...]

GraphQL – Security Overview and Testing Tips

This is a re-posting of the original article "GraphQL - Security Overview and Testing Tips" that I have wrote on Doyensec With the increasing popularity of GraphQL technology we are summarizing some documentation and tips about common security mistakes. What is GraphQL? GraphQL is a data query language developed by Facebook and publicly released in 2015. It is an alternative to REST API. Even if you don’t see any GraphQL out there, it is likely you’re already using it since it’s running on [...]

VPN Leak

(Edited on 06/04: in order to reflect the actual situation) TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%) You can check if your VPN leaks visiting: Here you can find the complete list of the VPN providers that I’ve tested: Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details. (especially the “$$$” [...]

Uncommon Phishing and Social Engineering Techniques

Sorry if you didn’t hear anything from me for a while but it was a very busy year and the new incoming one will bring a lot of news for me and for the voidsec project, I will speak about it soon in a new blog post. Today I will like to write about some uncommon techniques that I’ve used during social engineering and phishing campaign. Maybe they are not overpowered but they can be pretty useful. Behind the Scene All of [...]

Analysis of the Joomla RCE (CVE-2015-8562)

Recently, during a penetration test I have found a vulnerable installation of the Joomla CMS. Yes, I already know that this vulnerability is quite old and that there is a ready to use Metasploit module but here is the catch: the module and other scripts available on internet weren’t working against my environment, furthermore, during the last year a lot of new vulnerabilities rely on the PHP Object Injection and Serialize/Unserialize. That's the reason why I thought it was a [...]

Descending into Cybercrime

More than an year ago (and before crazy and scary things like WannaCry and Petya happened) I had an idea for a research about the darkest shade of wearing a black hat, by the mean of getting some piece of information and statistics and write an analysis. Not a technical one, but something more like a financial analysis of the cybercrime business model and now I’m going to publish the results (it's even more present now than an year [...]

VoidSec CTF: Secure the Flag – Writeup

It has been a while since my last blog post, so I’m (finally) writing the write-up of the: VoidSec CTF Secure the flag. The CTF was made possible thanks to the sponsorship with Bitdefender that put some licenses for its product as a prize for the first three winners. This CTF was web based, no binary exploitation nor reverse engineering and/or crypto was involved. Before I dive into deep, let me explain what was the goal of this CTF and why it [...]

Cerber Dropper Ransomware Analysis

Before the month ends (I’m sorry but my time was really sucked up by planning and developing the HackInBo’s CTF, that I hope you will enjoy) I would like to post this very small and brief analysis of the latest JavaScript dropper used by the Cerber Ransomware in its campaign. I would also like to thank the Hacktive Security’s guys for the following sample: Dropper: MD5 afd5aa687ed3931d39f180f8e15500e1 SHA1 11460389a303e58086a2b7dbdab02437fb001434 SHA256 8b00174be5f9dd6a703bc5327e1be4161cd3922ca9a338889717370b53d4ca71 Cerber Ransomware: MD5 2dd3bd1801989ff6625aa041761cbed3 SHA1 08f28d5a7d32528fdb2b386334669d6b2b4226cb SHA256 a27c202bffde364fc385e41a244649e8e7baaec97c44c45cd02bb59642e1fb0e This time I will not take in exam the binary, [...]