1. Massive Hosts Discovery with SaturnV

    SaturnV provides a fast deployable distributed port scanner and information collector infrastructure. This software was developed to provide a lightweight tool to pentesters who need to perform sporadic Network PenTest activities on big ranges of public faced IP subnets. …


  2. Introducing SOS_Proxy

    In this post I will introduce a simple but effective tool that I developed in order to automate the invisible proxy technique and manage to intercept the HTTP traffic of any non proxy-aware device. …


  3. D-Link DSL-3782 SecAdvisory: OS Command Injection and Stored XSS

    In this article I’m going to release the technical details of two vulnerabilities that I found by analyzing D-Link DIR-3782 router web interface. In particular I’ve found OS Command Injection and Stored Cross Site Scripting vulnerabilities. …


  4. Break into 2K IP-Camera

    In this post I will explain technical details of a vulnerability that I found on several IP-Camera models during a IoT-PenTest session and marked as CVE-2017–17101. This vulnerability allows an unauthenticated remote user to bypass the login panel and access to all the device features. …