Posts in English

Sometimes during the daily engagements, we access (e.g. RCE) hosts where we are unable to get a reverse shell on the standard ports due to firewall restrictions. In these cases, we have to find alternative ways to exfiltrate data (e.g. DNS) but, first of all, check if we don’t have access to any port.

UBNT EdgeOS version and prior, consequence of the lack of validation on the input of the Feature functionality, an attacker with access to an operator (read-only) account and ssh connection to the devices, can escalate privileges to admin (root) access in the system.

The main goal of this post is to incentive the security professionals, hackers and enthusiasts to join the fantastic world of the Bug Bounty programs. You should not expect any technical stuff in this post, but it’s reserved for the future.

Hi guys. I am writing this first post to tell you I’m back to share some technical stuff and, for this reason, I am remaking both my personal site and the Hack N’ Roll one. Once the new layout is done (maybe the same of this site, because I’m not good with HTML+CSS), I will migrate the posts from the old site to the new one.