| Website | https://m3ssap0.github.io |
| GitHub | https://github.com/m3ssap0 |
| https://www.linkedin.com/in/antoniofrancescosardella | |
| Meethack Torino | https://www.meetup.com/it-IT/meethack/ |
Antonio Francesco Sardella
- 38 Followers
- 93 Following
- 93 Posts
AppSec Engineer | Security Engineering Manager | Organizer of Meethack (Torino) | CTF player | he/him | ๐ดโโ ๏ธ ๐ช๐บ ๐ฎ๐น | Opinions are my own.
daniel:// stenberg://Who could have figured out that automatically downloading half the internet and ten thousand always-changing dependencies every time you build could actually be a weakness?
We got this "HIGH security problem" reported for #curl earlier today:
"The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences (e.g., ../../), cURL writes files outside the current working directory, allowing arbitrary file overwrite. In automated or privileged environments (CI/CD, root containers), this leads to Remote Code Execution (RCE), privilege escalation, and supply chain risk."
Never a dull moment.
Jerry ๐ฆ๐๐ฆThis friday is Friday the 13th. The proper way to avoid the bad luck that day can cause is to push your code to production before you leave for the day.
Video on the latest research of @themiddle.
#cybersecurity #security #infosec #hacking #appsec #applicationsecurity #waf #webapplicationfirewall #multipart #fileupload #bypass
File upload e cosa puรฒ andare storto sulla tua applicazione #cybersecurity #development #web
Your CI/CD pipeline is vulnerable, but it's not your fault - Elad Pticha, Oreen Livni
#defcon32 #security #cybersecurity #infosec #hacking #appsec #applicationsecurity #cicd #gha #github #githubactions #sca #softwarecompositionanalysis
DEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen Livni
Breaking Down Multipart Parsers: File upload validation bypass - @themiddle
https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
#cybersecurity #security #infosec #hacking #appsec #applicationsecurity #waf #webapplicationfirewall #multipart #fileupload #bypass
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against PHP, Node.js, and Python parsers, as well as popular
No Hat 2024 - AWS CloudQuarry: Searching for secrets in public AMIs - Eduard Agavriloae, Matei Josephs
#nohat2024 #cybersecurity #security #infosec #hacking #aws #ami #cloudsecurity #secrets #credentials #cloud #secretsleakage #leakage
No Hat 2024 - E. Agavriloae & M. Josephs - AWS CloudQuarry: Searching for secrets in public AMIs
No Hat 2024 - Exploring and Exploiting an Android "Smart POS" Payment Terminal - Jacopo Jannone
#nohat2024 #cybersecurity #security #infosec #hacking #android #pos #payment #creditcard
No Hat 2024 - Jacopo Jannone - Exploring and Exploiting an Android โSmart POSโ Payment Terminal
EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINALToday, credit card terminals are undergoing a drastic evolution, moving from specialized hard...