Recent News

Raptor at INFILTRATE 2019

2019 marks 20 years of my professional career in information security. What better way to…

Local privilege escalation via CDE dtprintinfo

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier,…

Find hidden friends and communities for any Facebook user

Find hidden Facebook friends and draw a community network graph

A journey into IoT – Hardware hacking: UART

Hi! Today I will publish the first article of a series (I hope!) of posts…

CVE-2018-14665 exploit: local privilege escalation on Solaris 11

I was investigating another 0day, when I noticed that Solaris 11 is also affected by…

Universal Android SSL Pinning Bypass #2

Following the frida script published last year by Piergiovanni, we found another way to bypass…

CVE-2018-14665 exploit: local privilege escalation on OpenBSD 6.3 and 6.4

This is my take on the recent Xorg vulnerability (CVE-2018-14665): "A flaw was found in…

From query manipulation to password extraction

Recently, I analyzed an AngularJS web application that executed queries on the backend in a…