Paolo Cavaglià
@Paupu_95Penetration Tester @ShielderSec | Bachelor's Degree in Computer Engineering | IT and Cyber Security lover!
Similar User
@BrunoModificato
@smaury92
@ShielderSec
@zi0Black
@MaitaiThe
@ila_marco_
@syrion89
@Sev1rus
@0xakuma
@Mindlaess_
@Urb4nz
@Her0_IT
@cpelliccioni
@gedigi
@lorenzostella
Cheers -- here in beautiful Bali 🏖️ for #theSAS2024 conference! If you happen to be here, please reach out and let's have a chat 🍻
Attending @TheSAScon in the beautiful Bali🏝️? Make sure not to miss @suidpit's talk about his novel research on the macOS 🍎 sandbox and how to bypass it. 🗓️ Wednesday, October 23 - 15:10
It's always cool to contribute to free and open-source projects 🎉 ★★★★★ - Would recommend!
We wanted to give a shout out to @smaury92, who found a ReDoS security issue with Thunderbird Appointment. This resulted in us fixing the issue and removing deprecated urls! It's fantastic community contributions like this that makes Thunderbird so much more than the sum of its…
🧵 1. @IrpiMedia Un filo manco troppo sottile collega l'hacker che ha messo la tenda dentro il ministero della Giustizia ai mercati neri dove si comprano armi e droga sul web. Con @SimoneOlivelli risaliamo il corso del fiume fino a una vecchia conoscenza irpimedia.irpi.eu/carmelo-miano-…
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia
For the weekend, we gift you with not one, but TWO ways to escalate `sudo iptables` (+ a couple other boring preconditions) into a r00t shell - read how @smaury92 and @suidpit managed to climb your friendly neighborhood 🔥wall! shielder.com/blog/2024/09/a…
It's a pleasure to sponsor once again @cybersaiyanIT for #RomHack2024! We are looking forward to meet y'all in Rome next week. ICYMI we're #hiring, you can find the job post here: romhack.io/job-opportunit…
#RomHack2024 is 9 days away and today we want to thank our #sponsors! This edition was sponsored by 20 companies and you can have a look to the full list here romhack.io/#sponsor Take your time to visit their website, without their support RomHack could not be organized ⬇️
lua interpreters something something fakeobj addrof something something wasm something deda.lol/posts/2024-09-…
We're excited to announce one of our giveaways thanks to "@CaidoIO" 🎉 We will pick 5 winners to win a 1-year Caido Pro license! To enter: 1️⃣ Follow us @BugBountyDefcon and @CaidoIO 2️⃣ Like this post ❤️ 3️⃣ Retweet this post 🔁 You have time to participate until Friday (9/13)!
🍎 With many #macOS security mechanisms at work, one might wonder how malware manages to bypass them. Get ready for a deep dive into macOS security architecture and novel evasion techniques during Pietro Tirenna's (@suidpit) talk at #TheSAS2024. 🚀 Secure your seat:…
During a recent engagement @Mindlaess_ hacked his way through @vtigercrm which led to discover a privilege escalation and a SQL injection. Learn more in the dedicated advisories: - CVE-2024-42994 #sqli shielder.com/advisories/vti… - CVE-2024-42995 #privesc shielder.com/advisories/vti…
Back in December 2023 our researchers @Th3Zer0 @suidpit and @Mindlaess_ performed an audit sponsored by @awscloud and facilitated by @OSTIFofficial on boost. It resulted in 7 findings and 15 new fuzzers. The report is now public, check the details here: shielder.com/blog/2024/05/b…
In early 2023 we (@Th3Zer0 & @smaury92) collaborated with @SecureDrop to start designing and prototyping the #E2EE messaging protocol for a future version of SecureDrop. 📄 blog post: securedrop.org/news/introduci… 💻 poc code: github.com/freedomofpress…
Today, we’re publishing a proposed end-to-end encrypted messaging protocol for a future version of SecureDrop. Seeking feedback from cryptographers and protocol designers! securedrop.org/news/introduci…
Exciting news! We've just released a new blog post on mobile app security, where @suidpit and @Th3Zer0 used their intent-fu to discover vulnerabilities (CVE-2024-26131, CVE-2024-26132) in @element_hq, a @matrixdotorg client for Android. #writeup #CVE shielder.com/blog/2024/04/e…
Our audit with @ShielderSec, @brefphp, was published today! Thanks to @awscloud for their sponsorship of this work, and @matthieunapoli for his contributions to bref and this audit. Read more at ostif.org/bref-audit-com…
We recently partnered with @OSTIFofficial to perform a security audit sponsored by @awscloud on @brefphp The audit resulted in 5 findings promptly addresses by @matthieunapoli The report is now public, check the details here: shielder.com/blog/2024/03/b…
This year @nullcon was a blast full of great talks! Our team had much fun and even managed to score the 🥇 (@smaury92) and 🥈 (@suidpit) place in the @intigriti Live Hacking Event. Thanks @antriksh_s, @intidc, @RoadRunnerHacks, et al!
During a recent Red Team Assessment @Th3Zer0 and @smaury92 discovered a vulnerability in @PostgreSQL's #PgAdmin which in the worst case allows unauthenticated attackers to run arbitrary server-side code. Check out the #RCE advisory and patch now! shielder.com/advisories/pga…
🎁 Source Code Disclosure in IIS 10.0! Almost. There is a method to reveal the source code of some .NET apps. Here's how it works. 👉 swarm.ptsecurity.com/source-code-di…
TL;DR Product security folks: do not blindly trust the attack requirements shared by the researchers. Security researchers: when testing embedded devices make sure to mimic correctly all their configurations (i.e. the NVRAM content). 7/7
United States Trends
- 1. #OnlyKash 34,9 B posts
- 2. Jaguar 48,6 B posts
- 3. Joe Douglas 10,6 B posts
- 4. $MOOCAT 1.574 posts
- 5. Embiid 22,5 B posts
- 6. Maxey 14,5 B posts
- 7. Rodgers 13,2 B posts
- 8. Nancy Mace 64,2 B posts
- 9. Woody 15,3 B posts
- 10. Jets 43,1 B posts
- 11. #HMGxCODsweeps N/A
- 12. #HowToTrainYourDragon 16,1 B posts
- 13. Cenk 11,2 B posts
- 14. Howard Lutnick 18,4 B posts
- 15. #ysltrial 6.423 posts
- 16. Toothless 15,5 B posts
- 17. B-52 1.943 posts
- 18. Zach Wilson 1.653 posts
- 19. Saleh 19,5 B posts
- 20. Sarah McBride 58,3 B posts
Who to follow
-
BrunoZero
@BrunoModificato -
smaury
@smaury92 -
Shielder
@ShielderSec -
zi0Black
@zi0Black -
maitai
@MaitaiThe -
Goten
@ila_marco_ -
Raffaele Sabato
@syrion89 -
Severus
@Sev1rus -
Francesco Giordano
@0xakuma -
Mindless
@Mindlaess_ -
Urb4nz
@Urb4nz -
Her0
@Her0_IT -
Carlo Pelliccioni
@cpelliccioni -
Gerardo Di Giacomo
@gedigi -
phosphore
@lorenzostella
Something went wrong.
Something went wrong.