As you might see from my posts frequency, last months have been pretty busy to me. My hacking team and I are working really hard and we are achieving incredibly results which makes me happy but really busy as well. OpenSSL CCS Attack (CVE-2014-0224) is almost one month old and not super interesting to be […]Read more "OpenSSL CCS Attack"
I am not used to report malware analysis made by “big security companies” since easy to find in planty of media. Linking such a reports to my blog is useless because many of my reders would probably read those feeds before my blog. However today I ‘d like to share a pretty nice article written […]Read more "Malware Writers."
Today I found some notes on my desk abut the last Chaos Computing Club-Congress (CCC) in 2013. Since are pretty funny to me I decided to share them with you. Researchers, as reported to 29C3, were able to collect over 3 Million certificates with their Public Key. So far nothing interesting at all…They were able […]Read more "When Fun Comes to Crypto"
During the past months I received, throught my blog, requests on what to read during winter Holidays. I decided to publish a little list on some of the books (yes, I wrote “some” and not “all” ) that have been really useful for my carrer which I would totally suggest to everybody interested on such […]Read more "Good Readings"
It’s long time I don’t write on my own blog (more then two months) and if you look at the history bar on your right you will probably figure out I am slowing down my blog posts a bit if compared to the past years. This happens due the amount of work my security team […]Read more "Hacking through images"
Today I’d like to share another “funny BUG” (yep, believe me this is quite funny) through this summer time quick’n dirty post. The involved hunter is Nuzhny (no contacts provided to me, more infos here) who disclosed a Stack Overflow in Windows Calculator last week. You would think: “A BOF in Windows Calc.exe ? You’re […]Read more "BUG in WinCalc.exe"
Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]Read more "ZeuS Evolution: it’s time for P2P and RSA."
Dear folks, as you probably have noticed my blog-post frequence went down a little bit during the past 4 to 6 months, since I am super busy… I am still alive though :). Today I want to share an interesting IDA Pro plugin that I ‘ve been testing for awhile called idapathfinder. Once you installed […]Read more "Finding path to known functions through IDA-Pro"
During the past few days I had the opportunity to talk about security for entire days with amazing and passionate guys. I had a great feeling about the group in which I was, and a great feeling about every single person belonging to that group. During our discussions some folks asked to me very complex […]Read more "Vulnerability Classification"