Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q${"zkz".toString().replace("k", "x")}doap2 The value returned was “igk6qzxzdoap2”,…
In this period, I spend a huge portion of my working time doing penetration test on mobile applications, mainly Android and iOS. I personally consider this kind of test much…
Recently I became one of the authors of one of the most useful (in my opinion) Burp Suite Plugin, Autorize. Autorize is a plugin created by Barak Tawily, that helps to speed up…
Bypassing RFID HID Corporate 1000 physical access control system: improving the firmware of Proxmark III One of still most used physical access control system in corporate environment is HID Corporate…
Recently an analysis of Foxglove Security on a vulnerability on Java Deserialization disclosed in January by frohoff and gebl (http://frohoff.github.io/appseccali-marshalling-pickles/) has highlighted a very dangerous issue in Java world. frohoff…
Some days ago, I had to test a web application consisting in a Java applet. Like always, I direct all traffic through my favourite HTTP Proxy, Burp Suite, but the…
Some days ago we decided to test Windows To Go. After installing Windows 8.1 on a Sandisk Extreme USB 3.0 64 GB key we incurred into a problem. The system…
Some days ago we tried to use the "exploit/multi/http/hp_sys_mgmt_exec" Metasploit module on one of our targets. The host was vulnerable but a Meterpreter session was not opened: [crayon-5fc6dca489aa3336547091/] After some…
