To begin with, my introduction: I'm Emilio Pinna, IT security researcher, developer, Linux user and open source enthusiast for 15 years. I have a master degree in Computer Engineering at Polytechnic University of Turin and I'm currently working as Penetration Tester in the banking and financial industry.

You can download the software I wrote, the security advisories I published and follow my blog posts rss feeds to keep you up to date with my works. I'll try to publish techical posts avoiding vague informations and personal digressions: I'll save you from these pains keeping a practical tone.

So, Less Talk More Code.

Latest posts

Jul 30
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution » advisory, cgi, command execution, CVE-2014-5073, pentesting, rce, security, vmturbo, vulnerability
Oct 13
Breaking Joomla! at Joomladay 2013 » joomla, joomladay2013, naples, security, slides, talk, vulnerabilities
Sep 16
Moodle 2.5.0-1 badges/external.php PHP Object Injection » advisory, CVE-2013-5674, moodle, object injection, pentesting, php, security, vulnerability, xss
Aug 05
Joomla core 3.1.5 reflected XSS vulnerability » advisory, CVE-2013-5583, joomla, pentesting, security, vulnerability, xss
Jul 17
Facebook OAuth token hijacking via XSS » oauth, openredirect, pentesting,, security, vulnerability, xss
Jan 31
Weevely 1.0 released! » backdoor, hacking, networking, pentesting, pivoting, postexploit, security, webshell, Weevely
Jan 15
Core dump analysis in cross-compiled enviroinments » arm, coredump, crash, crosscompile, debug, embedded, gdb
Jan 05
Il ritorno delle Alici » advisory, agpf, agpwi, alice, csrf, discus.conf, embedded, gate, openrg, sblocco, telecom
Sep 02
Alice Gate AGPF: CSRF reconfiguration vulnerability details » advisory, agpf, agpwi, alice, details, discus.conf, embedded, gate, openrg, post, sblocco, telecom
Sep 02
Alice Gate AGPF e AGPWI: CSRF reconfiguration vulnerability » advisory, agpf, agpwi, alice, csrf, discus.conf, embedded, gate, openrg, sblocco, telecom
Jul 30
Dissecting goes static » dissecting, mynt, python, static, wordpress
Jul 27
Penetration testing with httpfs: RFI » C, filesystem, fuse, hacking, lfi, linux, networking, pentesting, php, rfi, security, Weevely
Jul 25 Weevely tutorial » backbox, hacking,, pentesting, security, tutorial, Weevely
Jul 10
Weevely 0.7 - network proxing » backdoor, hacking, networking, pentesting, php, portscan, proxy, python, security, Weevely
Jun 22
FCKEditor reflected XSS vulnerability » advisory, ckeditor, csrf, CVE-2012-4000, fckeditor, pentesting, security, xss
May 11
Weevely as HTTP proxy and port scanner » hacking, networking, pentesting, php, pivoting, portscan, proxy, security, Weevely
Apr 04
Weevely goes to GitHub » coding, git, github, pentesting, Weevely
Mar 20
Weevely 0.6 - SQL FTP bruteforce, TCP backdoors and enhanced terminal » backdoor, brute force, hacking, linux, pentesting, python, security, shell, sql, Weevely
Jan 03
Backbox 2.01 » backbox, distribution, linux, pentesting, security, ubuntu, Weevely
Dec 28
Weevely 0.5.1 - NIDS evasion, cookies and SQL shell » hacking, nids evasion, obfuscation, pentesting, python, security, sql, Weevely
Oct 20
Weevely 0.4 OUT » backdoor, coding, hacking, linux, pentesting, php, python, security, Weevely
Aug 28
Modular Weevely » backdoor, coding, linux, modules, pentesting, php, security, Weevely
Jul 21
Link: Clickjacking Attacks Unresolved » browser, clickjacking, facebook, hacking, javascript, oauth, security, twitter, vulnerability
Jun 07
Forumfree & Forumcommunity stored XSS » advisory, forumcommunity, forumfree, hacking, security, vulnerability, xss
Jun 03
Fastweb Myfastpage authentication control bypass » advisory, fastweb, hacking, javascript, myfastpage, security, vulnerability, xss
May 30
LSB image and audio steganography » C, coding, steganography, tunneling
May 18
Tunneling IP over RTP » encapsulation, IP over RTP, linux, networking, python, rtp, security, sip, steganography, tunneling, voip, vpn
May 12
Kusaba X CSRF XSS vulnerabilites » /b/, 4chan, advisory, csrf, hacking, security, sql injection, vulnerability, xss
May 08
A volte ritornano
Jul 20
WebEnum, enumerate everything » brute force, coding, fuzzing, pentesting, python, security, sql injection
Jul 04
YouTube comments hacked by 4chan » /b/, 4chan, hacking, javascript, youtube
Jul 03
Bash networking tricks » bash, networking, shell, Tricks
Jun 28
Enabler - cisco enable bruteforcer » brute force, C, cisco, coding, hacking, router
Jun 23
How to bypass PHP safe mode » backdoor, hacking, hardening, php, security, Weevely
Jun 18
Scovare i pacchetti meno usati con unusedpkg » bash, coding, debian, linux, slacware, ubuntu, unusedpkg
Jun 17
La soluzione » python, Tricks