Archives
November 10, 2015 | by GiRa | Blog posts

Should I Stay or Should I Go
Hi everyone,
On October 20th, we at eLearnSecurity presented a webinar titled: Sneaky Man in the Middle Attack Exposed.
We had a lot of people attending with many enthusiastic comments and interesting questions. Thanks to everyone who made it!
Read more
October 12, 2015 | by GiRa | Blog posts

Should I Stay or Should I Go
Hi folks!
What happens if during an engagement you find yourself working on a well configured network with no remotely exploitable vulnerabilities? You could say “rely on traffic sniffing and mount a Man-in-the-Middle attack”.
Read more
October 23, 2014 | by GiRa | Blog posts

Master of Puppets
Hello fellow pentesters,
thanks to everyone who joined the live webinar. As tour manager would say: “the house was packed”!
If you did not make it, you can download the recording of the entire session here.
The Scenario
The web application tested is a social network where users can upload their “selfies”.
Tags: scripting, sqli, sqlmap, web application security, webinar
Read more
October 9, 2014 | by GiRa | Blog posts

Master of Puppets
What happens when you have a web application using EXT4 to store files, correctly escapes queries and does not accept direct user controlled parameters?
You need to take your SQLi to the next level!
Tags: scripting, sqli, sqlmap, web application security, webinar
Read more
August 28, 2014 | by GiRa | Blog posts

It’s a long way to the root if you wanna Rock and Roll!
Hi folks!
First of all, thank you for the massive attendance at the webinar. That was awesome!
For those who missed it, here you can find a recording of the session.
Tags: metasploit, penetration testing, pentest, pivoting, web application security, webinar, xss
Read more
August 11, 2014 | by GiRa | Blog posts

It’s a long way to the root if you wanna Rock and Roll!
On August 26th, our Security Researcher Davide Girardi, a.k.a. GiRa, will present an exploitation scenario on a typical company network. The exploitation will start from a Cross-Site-Scripting flaw in the company blog and will get us to a full Active Directory Administrator account.
Tags: metasploit, penetration testing, pentest, pivoting, web application security, webinar, xss
Read more