Lab

BlueBorne kill-chain on Dockerized Android

Written by Angelo Delicato and Daniele Capone - 23 Sep 2021

Attacks on any device have become increasingly complex: attackers often string together multiple vulnerabilities in a chain of attacks that can cause devastating effects by requiring little user interaction. The main goals of this post are essentially two: first, we will do a general overview of the various phases of a cyber kill-chain and the […]

Bypass ASLR through function address inference

Written by Daniele Capone and Angelo Delicato - 15 Sep 2021

In this post, we are going to talk about Address Space Layout Randomization (ASLR) and a way to bypass this protection measure. We have reproduced this methodology on Android through the exploitation of an old CVE; however, it is possible to apply it in other contexts as well. Let’s go and see what it is […]

A secure private knowledge base with open-source tools

Written by Angelo Delicato - 8 Sep 2021

Every team has to keep its knowledge in order, it is mandatory to have an internal documentation that is well organized and easy to access. In this post we are going to show how to create a secure private knowledge base with an open-source tool, let’s go forward to it!

A container-based framework for Android emulation (and hacking)

Written by Angelo Delicato - 2 Sep 2021

Currently, there are 3.8 billion smartphone users in the world and this number is going to increase much more in the future; this situation poses a security risk for companies and people. Speaking about security, most of the companies around the world use Cyber Ranges to train their personnel, the problem is that current-generation Cyber […]

Using Docker Security Playground to create unserialize() Object Injection in Yet Another Stars Rating laboratory

Written by Gaetano Perrone - 14 Dec 2020

In previous post I’ve describe how it is possible to use Docker in order to setup a Docker environment to study Yet Another Stars Rating wordpress plugin https://wpscan.com/vulnerability/9207. Here I am going to show you how you can configure a vulnerable environment by using Docker Security Playground . Docker Security Playground installation Install DSP is […]

Leveraging Docker + VSCode to study web vulnerabilities

Written by Gaetano Perrone - 14 Dec 2020

Have you ever studied Docker? If you are a passionate about web hacking, study it! In this Post I am going to persuade you that using Docker to study web vulnerabilities is a good thing! If you want to understand more about this post, please follow Docker Documentation How do you find vulnerabilities? There are […]

CVE-2020-2229 JENKINS UP TO 2.251/LTS 2.235.3 TOOLTIP STORED CROSS SITE SCRIPTING

Written by Gaetano Perrone - 11 Dec 2020

In this Post, I show how I have create the Proof Of Concept for CVE-2020-2229 . I found a vulnerable version Jenkins 2.249 during a Penetration Test, I was trying to investigate available exploits for this vulnerability, but I did not find anything. Well, Jenkins is an amazing wonderful project, the best way that I […]

Web Application Hacking – An introduction

Written by Gaetano Perrone - 23 Nov 2020

When trying to find a methodology for performing a Penetration Test against a Web Application (meaning those that are accessed using a browser to communicate with a web browser), one should keep in mind that Hackers’ activities to find new vulnerabilities always involve a great deal of creativity. It is possible, though, to explore all […]

Web Application Hardening

Written by Gaetano Perrone - 18 Nov 2020

The problem of attacks on Web applications today is highly critical.To understand it, simply observe the following diagram, which shows the number of Kaspersky web antivirus detections per second: The average number of threats detected is about 200 per second! (You can see the threats in real time directly here.)But what can we do to […]

Scroll to top