Resources

Security advisories

• GitHub Enterprise Server - Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure - CVE-2024-6336
  • Discovered together with my colleagues: Omar, Giovanni and Andrea.
• Cacti 1.2.24 - Open redirect in change password functionality - GHSA-4pjv-rmrp-r59x / CVE-2023-39364
• Cacti 1.2.24 - Authenticated command injection when using SNMP options - GHSA-g6ff-58cj-x3cp / CVE-2023-39362

Exploits

Have a look at my Exploit-DB author page (and on GitHub).

Meethack

• N-day Analysis:
  • “Black Project” challenge
  • GitLab - CVE-2023-2825
  • Cacti - CVE-2022-46169
  • GitLab - CVE-2022-2884
  • Jenkins - CVE-2016-0792
• Secrets leakage detection & prevention
• CI/CD Security Risks & CI/CD Goat
• Insecure Deserialization (with examples in Python) (challenges)

Talks

• Linux Day Torino 2024 - Secrets leakage detection & prevention - 2024-10-26

CTF writeups

Have a look at my repository.