Rubyzip insecure ZIP handling & Metasploit RCE (CVE-2019-5624)
This is a re-posting of the original article "On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624)" that I have wrote on Doyensec
During one of our projects we had the opportunity to audit a Ruby-on-Rails (RoR) web application handling zip files using the Rubyzip gem. Zip files have always been an interesting entrypoint to triggering multiple vulnerability types, including path traversals and symlink file overwrite attacks. As the library under testing had symlink processing disabled, we focused on path...
During the previous months I've been a speaker for various international conferences: Hackinbo (Italy, 26-27 May), Sec-T (Stockholm, 13-14 September) and Hacktivity (Budapest, 12-13 October) with a talk named: "A Drone Tale: All Your Drones Belongs To Us".
A talk where I detailed analysed the DJI Phantom 3 model’s architecture , its attack vectors, reverse-engineered the SDK and the network protocol. I also had a specific focus section on Drones Forensics Artefacts Analysis and Methodology.
Here you can find and download...
voidsec2022-01-14T09:14:37+01:00For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know).
Telegram Secret Chat
If you are not practical with the concept of Telegram’s Secret Chat:
“Secret chats are meant for people who want more secrecy than...
voidsec2022-01-14T09:15:07+01:00This is a re-posting of the original article "Instrumenting Electron Apps for Security Testing" that I have wrote on Doyensec
What is Electron?
While for the traditional desktop application various security techniques exists in order to...
voidsec2022-01-14T09:15:30+01:00This is a re-posting of the original article "GraphQL - Security Overview and Testing Tips" that I have wrote on Doyensec
With the increasing popularity of GraphQL technology we are summarizing some documentation and tips about common security mistakes.
What is GraphQL?
GraphQL is a data query language developed by Facebook and publicly released in 2015. It is an alternative to REST API.
Even if you don’t see any GraphQL out there, it is likely you’re already using it since it’s running on...
voidsec2022-01-14T09:15:47+01:00(Edited on 06/04: in order to reflect the actual situation)
TL:DR: VPN leaks users’ IPs via WebRTC.
I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%)
You can check if your VPN leaks visiting: http://ip.voidsec.com
Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0
Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details....
Uncommon Phishing and Social Engineering Techniques
voidsec2022-01-14T09:16:16+01:00Sorry if you didn’t hear anything from me for a while but it was a very busy year and the new incoming one will bring a lot of news for me and for the voidsec project, I will speak about it soon in a new blog post.
Today I will like to write about some uncommon techniques that I’ve used during social engineering and phishing campaign. Maybe they are not overpowered but they can be pretty useful.
Behind the Scene
voidsec2022-01-14T09:16:58+01:00Recently, during a penetration test I have found a vulnerable installation of the Joomla CMS. Yes, I already know that this vulnerability is quite old and that there is a ready to use Metasploit module but here is the catch: the module and other scripts available on internet weren’t working against my environment, furthermore, during the last year a lot of new vulnerabilities rely on the PHP Object Injection and Serialize/Unserialize.
That's the reason why I thought it was a...
voidsec2022-01-14T09:17:27+01:00More than an year ago (and before crazy and scary things like WannaCry and Petya happened) I had an idea for a research about the darkest shade of wearing a black hat, by the mean of getting some piece of information and statistics and write an analysis. Not a technical one, but something more like a financial analysis of the cybercrime business model and now I’m going to publish the results (it's even more present now than an year...
voidsec2022-01-14T09:17:49+01:00It has been a while since my last blog post, so I’m (finally) writing the write-up of the: VoidSec CTF Secure the flag.
The CTF was made possible thanks to the sponsorship with Bitdefender that put some licenses for its product as a prize for the first three winners.
This CTF was web based, no binary exploitation nor reverse engineering and/or crypto was involved.
Before I dive into deep, let me explain what was the goal of this CTF and why it...