First, my introduction: I'm Emilio Pinna, IT security researcher, developer, Linux user and open source enthusiast for 15 years. Master Degreed at Computer Engineering at Politecnico di Torino, currently working as penetration tester in the banking and financial industry.

You can download the software I wrote, the security advisories I published and follow my blog posts rss feeds to keep you up to date with my works. I'll try to publish techical posts avoiding vague informations and personal digressions: I'll save you from these pains keeping a practical tone.

So, Less Talk More Code.

Latest posts

Jul 30
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution » advisory, cgi, command execution, CVE-2014-5073, pentesting, rce, security, vmturbo, vulnerability
Oct 13
Breaking Joomla! at Joomladay 2013 » joomla, joomladay2013, naples, security, slides, talk, vulnerabilities
Sep 16
Moodle 2.5.0-1 badges/external.php PHP Object Injection » advisory, CVE-2013-5674, moodle, object injection, pentesting, php, security, vulnerability, xss
Aug 05
Joomla core 3.1.5 reflected XSS vulnerability » advisory, CVE-2013-5583, joomla, pentesting, security, vulnerability, xss
Jul 17
Facebook OAuth token hijacking via XSS » oauth, openredirect, pentesting,, security, vulnerability, xss
Jan 31
Weevely 1.0 released! » backdoor, hacking, networking, pentesting, pivoting, postexploit, security, webshell, Weevely
Jan 15
Core dump analysis in cross-compiled enviroinments » arm, coredump, crash, crosscompile, debug, embedded, gdb
Jan 05
Il ritorno delle Alici » advisory, agpf, agpwi, alice, csrf, discus.conf, embedded, gate, openrg, sblocco, telecom
Sep 02
Alice Gate AGPF: CSRF reconfiguration vulnerability details » advisory, agpf, agpwi, alice, details, discus.conf, embedded, gate, openrg, post, sblocco, telecom
Sep 02
Alice Gate AGPF e AGPWI: CSRF reconfiguration vulnerability » advisory, agpf, agpwi, alice, csrf, discus.conf, embedded, gate, openrg, sblocco, telecom
Jul 30
Dissecting goes static » dissecting, mynt, python, static, wordpress
Jul 27
Penetration testing with httpfs: RFI » C, filesystem, fuse, hacking, lfi, linux, networking, pentesting, php, rfi, security, Weevely
Jul 25 Weevely tutorial » backbox, hacking,, pentesting, security, tutorial, Weevely
Jul 10
Weevely 0.7 - network proxing » backdoor, hacking, networking, pentesting, php, portscan, proxy, python, security, Weevely
Jun 22
FCKEditor reflected XSS vulnerability » advisory, ckeditor, csrf, CVE-2012-4000, fckeditor, pentesting, security, xss
May 11
Weevely as HTTP proxy and port scanner » hacking, networking, pentesting, php, pivoting, portscan, proxy, security, Weevely
Apr 04
Weevely goes to GitHub » coding, git, github, pentesting, Weevely
Mar 20
Weevely 0.6 - SQL FTP bruteforce, TCP backdoors and enhanced terminal » backdoor, brute force, hacking, linux, pentesting, python, security, shell, sql, Weevely
Jan 03
Backbox 2.01 » backbox, distribution, linux, pentesting, security, ubuntu, Weevely
Dec 28
Weevely 0.5.1 - NIDS evasion, cookies and SQL shell » hacking, nids evasion, obfuscation, pentesting, python, security, sql, Weevely
Oct 20
Weevely 0.4 OUT » backdoor, coding, hacking, linux, pentesting, php, python, security, Weevely
Aug 28
Modular Weevely » backdoor, coding, linux, modules, pentesting, php, security, Weevely
Jul 21
Link: Clickjacking Attacks Unresolved » browser, clickjacking, facebook, hacking, javascript, oauth, security, twitter, vulnerability
Jun 07
Forumfree & Forumcommunity stored XSS » advisory, forumcommunity, forumfree, hacking, security, vulnerability, xss
Jun 03
Fastweb Myfastpage authentication control bypass » advisory, fastweb, hacking, javascript, myfastpage, security, vulnerability, xss
May 30
LSB image and audio steganography » C, coding, steganography, tunneling
May 18
Tunneling IP over RTP » encapsulation, IP over RTP, linux, networking, python, rtp, security, sip, steganography, tunneling, voip, vpn
May 12
Kusaba X CSRF XSS vulnerabilites » /b/, 4chan, advisory, csrf, hacking, security, sql injection, vulnerability, xss
May 08
A volte ritornano
Jul 20
WebEnum, enumerate everything » brute force, coding, fuzzing, pentesting, python, security, sql injection
Jul 04
YouTube comments hacked by 4chan » /b/, 4chan, hacking, javascript, youtube
Jul 03
Bash networking tricks » bash, networking, shell, Tricks
Jun 28
Enabler - cisco enable bruteforcer » brute force, C, cisco, coding, hacking, router
Jun 23
How to bypass PHP safe mode » backdoor, hacking, hardening, php, security, Weevely
Jun 18
Scovare i pacchetti meno usati con unusedpkg » bash, coding, debian, linux, slacware, ubuntu, unusedpkg
Jun 17
La soluzione » python, Tricks