RCE via Deserialization in App X
Chain di deserializzazione non sicura che porta a RCE su server interno. PHP unserialize + gadget chain.
read_more →
__ __ ______ __ ______ ______
/\ \/ \ /\ ___\ /\ \ /\ ___\ /\ ___\
\ \ _ \ \ \ __\ \ \ \____ \ \ __\ \ \ __\
\ \ \ \ \ \ \_____\ \ \_____\ \ \_____\ \ \_____\
\/_/ \/_/ \/_____/ \/_____/ \/_____/ \/_____/
root@localhost:~
$ whoami
|
$ cat about.txt
$ _
[ PENETRATION TESTER | BUG BOUNTY | CVE HUNTER ]
[ SCROLL ↓ ]
[ CURRICULUM ]
// EXPERIENCE
- 2023–now Senior Security Researcher @ Company
- 2021–2023 Penetration Tester @ Security Firm
- 2019–2021 Junior Security Analyst
// SKILLS
- Web App Security • OWASP
- Network Pentesting • Red Team
- Reverse Engineering • Malware Analysis
- Exploit Development • C/C++ • Python
- CTF • Bug Bounty (HackerOne, Bugcrowd)
// CERTIFICATIONS
- OSCP • OSCE
- eJPT • CEH
- CISSP (optional)
// EDUCATION
- Master / Laurea in Cybersecurity / Informatica
- Universidad / Politecnico
[ WRITEUPS ]
// Vulnerability writeups & technical posts
SSRF to Cloud Metadata
Bypass dei filtri SSRF per raggiungere metadata endpoint su AWS/GCP. Stealing instance credentials.
read_more →IDOR in API v2 – Mass Data Leak
IDOR su endpoint API che esponeva dati di tutti gli utenti. Impact: PII, payment info.
read_more →[ CVE DISCOVERED ]
// Public vulnerabilities credited
| CVE ID | PRODUCT | TYPE | SEVERITY | YEAR |
|---|---|---|---|---|
| CVE-2024-XXXX | Vendor Product Name | RCE / Auth Bypass | CRITICAL | 2024 |
| CVE-2023-XXXX | Another Software | SSRF / XSS | HIGH | 2023 |
| CVE-2023-YYYY | Web Framework | IDOR / Info Disclosure | MEDIUM | 2023 |
[ CONTACT ]
// Get in touch for collab, talks, or responsible disclosure
PGP key available on request