Blog

Analysis of the Joomla RCE (CVE-2015-8562)

Recently, during a penetration test I have found a vulnerable installation of the Joomla CMS. Yes, I already know that this vulnerability is quite old and that there is a ready to use Metasploit module but here is the catch: the module and other scripts available on internet weren’t working against my environment, furthermore, during the last year a lot of new vulnerabilities rely on the PHP Object Injection and Serialize/Unserialize. That's the reason why I thought it was a...

18/09/2017By Read more...

Descending into Cybercrime

More than an year ago (and before crazy and scary things like WannaCry and Petya happened) I had an idea for a research about the darkest shade of wearing a black hat, by the mean of getting some piece of information and statistics and write an analysis. Not a technical one, but something more like a financial analysis of the cybercrime business model and now I’m going to publish the results (it's even more present now than an year...

30/06/2017By Read more...

VoidSec CTF: Secure the Flag – Writeup

It has been a while since my last blog post, so I’m (finally) writing the write-up of the: VoidSec CTF Secure the flag. The CTF was made possible thanks to the sponsorship with Bitdefender that put some licenses for its product as a prize for the first three winners. This CTF was web based, no binary exploitation nor reverse engineering and/or crypto was involved. Before I dive into deep, let me explain what was the goal of this CTF and why it...

30/05/2017By Read more...

Cerber Dropper Ransomware Analysis

Before the month ends (I’m sorry but my time was really sucked up by planning and developing the HackInBo’s CTF, that I hope you will enjoy) I would like to post this very small and brief analysis of the latest JavaScript dropper used by the Cerber Ransomware in its campaign. I would also like to thank the Hacktive Security’s guys for the following sample: Dropper: MD5 afd5aa687ed3931d39f180f8e15500e1 SHA1 11460389a303e58086a2b7dbdab02437fb001434 SHA256 8b00174be5f9dd6a703bc5327e1be4161cd3922ca9a338889717370b53d4ca71 Cerber Ransomware: MD5 2dd3bd1801989ff6625aa041761cbed3 SHA1 08f28d5a7d32528fdb2b386334669d6b2b4226cb SHA256 a27c202bffde364fc385e41a244649e8e7baaec97c44c45cd02bb59642e1fb0e This time I will...

27/03/2017By Read more...

Hacking the DJI Phantom 3

Finally, during Christmas time, I had some spare time to play with my flying beast; I’m speaking about trying to hack my DJI Phantom 3. It was my first time that I operate with drones or similar embedded system and at the beginning I didn’t have any clue about how I could interact with it. The Phantom 3 comes with an aircraft, controller and an Android/iOS app. Let’s start from the beginning: As a first step, I have analysed the protocols, the connection...

13/01/2017By Read more...

HackInBo 2016 – Winter Edition

Saturday 29th October I was in Bologna for the HackInBo and during this week a lot of you, foreign readers, asked me what the HackInBo is, if it was good and what type of event is it, so, I will try to break it down. The HackInBo is probably the first and the only Italian security oriented event without sales pitches and marketing. It is hard to describe because it is very different from any other events that I can...

03/11/2016By Read more...

Cybersecurity in Italy

First of all, a small disclaimer: any statement inside this article is based on my own personal point of view. I deliberately generalized and I am aware of the presence of certain exceptions in my country, but this sum up my opinion and there will be people that will be not aligned with those thoughts. After almost 5 years inside the cyber-security field I would like to point out some elements, that according to my point of view, are not...

03/07/2016By Read more...

The Curse of the Antivirus Solution

This is the main article for the VirIT Explorer Local Privilege Escalation Exploit`s, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section. As a penetration tester I've realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case. I will always recommend AV...

19/05/2016By Read more...

Hackinbo Lab

Anche quest’anno a Bologna si terrà l’HackInBo, evento gratuito dedicato alla sicurezza informatica che si prefigge l’obiettivo di informare il pubblico italiano riguardo gli ultimi sviluppi di questo settore. L’evento è organizzato da Mario Anglani e come sempre, è rivolto a tutti quelli che per lavoro o per passione vogliono approfondire le tematiche relative alla sicurezza informatica. Questa sesta edizione, che si terrà a Bologna presso Best Western Plus Tower Hotel in Viale Lenin 43, la durata dell’evento che sarà...

08/05/2016By Read more...

ImageTragick PoC

ImageMagick Is On Fire — CVE-2016–3714 There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild. A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. For more information about this vulnerability visit: https://imagetragick.com/ or...

04/05/2016By Read more...