Hi! Here you can download the slides of my talk presented at HackInBo 2017 Winter Edition named "Advanced mobile penetration testing with Brida". Federico Dotta - Advanced mobile penetration testing…
Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the colleague of mine Gianluca and I wrote in order to make it possible to use…
Introduction Brida is a Burp Suite Extension that, working as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged…
Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see…
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser, but failed when inserting Burp Suite in the middle (with NTLM suitably configured). Sniffing with…
In this period, I spend a huge portion of my working time doing penetration test on mobile applications, mainly Android and iOS. I personally consider this kind of test much…
Recently I became one of the authors of one of the most useful (in my opinion) Burp Suite Plugin, Autorize. Autorize is a plugin created by Barak Tawily, that helps to speed up…
Recently an analysis of Foxglove Security on a vulnerability on Java Deserialization disclosed in January by frohoff and gebl (http://frohoff.github.io/appseccali-marshalling-pickles/) has highlighted a very dangerous issue in Java world. frohoff…
