To begin with, my introduction: I'm Emilio Pinna, IT security researcher, developer, Linux user and open source enthusiast for 15 years. I have a master degree in Computer Engineering at Polytechnic University of Turin and I'm currently working as Penetration Tester in the banking and financial industry.
You can download the software I wrote, the security advisories I published and follow this blog posts rss feed to keep you up to date with my works. I'll try to publish techical posts avoiding vague informations and personal digressions: I'll save you from these pains keeping a practical tone.
So, Less Talk More Code.
- 2016 Aug 02
- Sandbox Breakout - A View of the Nunjucks Template Engine » CVE-2014-5073 , advisory , vmturbo , pentesting , security , vulnerability , rce , cgi , command execution
- 2014 Jul 30
- VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution » CVE-2014-5073 , advisory , vmturbo , pentesting , security , vulnerability , rce , cgi , command execution
- 2013 Oct 13
- Breaking Joomla! at Joomladay 2013 » joomla , naples , joomladay2013 , security , vulnerabilities , slides , talk
- 2013 Sep 16
- Moodle 2.5.0-1 badges/external.php PHP Object Injection » CVE-2013-5674 , advisory , moodle , pentesting , security , vulnerability , xss , php , object injection
- 2013 Aug 05
- Joomla core 3.1.5 reflected XSS vulnerability » CVE-2013-5583 , advisory , joomla , pentesting , security , vulnerability , xss
- 2013 Jul 17
- Facebook OAuth token hijacking via repubblica.it XSS » pentesting , security , oauth , xss , vulnerability , repubblica.it , openredirect
- 2013 Jan 15
- Core dump analysis in cross-compiled enviroinments » embedded , gdb , crosscompile , arm , debug , coredump , crash
- 2012 Sep 02
- Alice Gate AGPF: CSRF reconfiguration vulnerability details » advisory , alice , gate , agpf , agpwi , post , discus.conf , openrg , embedded , telecom , details , sblocco
- 2012 Sep 02
- Alice Gate AGPF e AGPWI: CSRF reconfiguration vulnerability » advisory , alice , gate , agpf , agpwi , csrf , discus.conf , openrg , embedded , telecom , sblocco
- 2012 Jun 22
- FCKEditor reflected XSS vulnerability » CVE-2012-4000 , advisory , ckeditor , csrf , fckeditor , pentesting , security , xss
- 2011 Jun 03
- Fastweb Myfastpage authentication control bypass » advisory , fastweb , hacking , javascript , myfastpage , security , vulnerability , xss
- 2011 May 30
- LSB image and audio steganography » C , coding , steganography , tunneling
- 2011 May 18
- Tunneling IP over RTP » encapsulation , IP over RTP , linux , networking , python , rtp , security , sip , steganography , tunneling , voip , vpn
- 2011 May 12
- Kusaba X CSRF XSS vulnerabilites » /b/ , 4chan , advisory , csrf , hacking , security , sql injection , vulnerability , xss
- 2010 Jul 03
- Bash networking tricks » bash , networking , shell , Tricks
- 2010 Jun 28
- Enabler - cisco enable bruteforcer » brute force , C , cisco , coding , hacking , router
- 2010 Jun 18
- Scovare i pacchetti meno usati con unusedpkg » bash , coding , debian , linux , slacware , ubuntu , unusedpkg