My blog with blackjack and luxury 0-day, I’m joking only blackjack
Contacts & Social
CVEs
Arbitrary files write via Directory Traversal via a crafted XML document CVE-2019-18212 with @TheZ3ro
XXE via a crafted XML document, with resultant SSRF CVE-2019-18213 with @TheZ3ro
JWT NULL signature attack CVE-2020-28042
QNAP Q’center Virtual Appliance < 1.12.1014 Stored XSS CVE-2021-28807
QNAP Q’center Post-Auth Remote Code Execution via QPKG CVE-2021-28807
TIM CPE Stack-Buffer-Overflow CVE-2021-TBA - TIM - Hall of Fame - Yes, with an RCE, you can achieve HTML injection
Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow CVE-2021-37859
nfs_lookup_reply in Das U-Boot vulnerable to buffer overflow CVE-2022-30767 - (tnx @XenoKovah)
Google Chrome - Insufficient policy enforcement in Developer Tools CVE-2022-3308
Cisco BroadWorks CommPilot Application Software - Remote Code Execution CVE-2022-20958 with @TheZ3ro & @smaury
Cisco BroadWorks CommPilot Application Software - Pre-auth Server-Side Request Forgery CVE-2022-20951
Remarkable events
- Meta - BountyConEDU - 2022
- Intel - Circuit Breaker - Trusted Crossing
- TumpiCon23 - committee
Work & Education
Information Security Engineer @ Aptos Labs - End 2023 - Current
Penetration Tester \ Security Research Engineer @ Shielder Srl - 2019 - End 2023
Computer Systems and Networks Security Bachelor @ University of Milan - 2019 - Current
Industrial Technical Institute Diploma - Computer Specialist
JBZ Crew ;)
Internship @ Shielder Srl - 2018
External IT Consultant - 2018
IT Consultant/Software Developer - 2017