Services

  • Penetration Test

  • This service is delivered in the form of Black Box, Gray Box and/or White Box.

    Includes:
    • Social Engineering Attacks like Spear-Phishing
    • Web Attacks

      Some recent research has led to: CVE-2018-14067, Hall of Fame, CVE-2017-17550
    • Network Attacks: external or internal
    • Physical Attacks, from Wifi compromising to Internal Network attack.
    • Mobile App Test
    • IoT, Embedded linux devices Test
    • Source Code Audit
  • Application Security Assessment

  • Each company has a software development team. This service aims to assist developers during the development life-cycle.
    So fuzzing is used in order to discover Memory corruptions vulnerabilities, which could lead to remote code execution.
    Reverse Engineering, Debugging, Exploit Development are used to show, to the customer, the criticality of these vulnerabilities.

    Some recent research has led to: FG-IR-18-018
  • Security Products Development

  • Information Gathering, Analysis and Intelligence solutions are some examples.

    You should take a look on some publicly accessible projects:
    Cerberus - AV Evasion

Advisories


Vendors: GreenPacket
Type: Web app

CVE-ID: CVE-2018-14067
Date: 15-07-2018
Status: RESERVED

Vendors: Telecom Italia
Type: Web app

Hall of Fame
Date: 11-05-2018
Status: RESERVED

Vendors: Fortinet
Type: Remote

FG-IR-18-018
Date: 01-02-2018
Status: DISCLOSED

Vendors: ZyXEL
Type: Web app

CVE-ID: CVE-2017-17550
Date: 11-12-2017
Status: DISCLOSED

Last Blog Posts


CVE-2017-17550: ZyWALL USG - XSS & CSRF

More than one year ago I reported to ZyXEL a...


Article posted 2018-11-10

GreenPacket WiMax Walktrought

Today I'd like to talk about a recently deep experience...


Article posted 2018-07-27

Phishing via SMS

Hi to everyone!

Yesterday 23-05-2018 at 3:54 PM I received an...


Article posted 2018-05-24

Contacts

Simone Cardona
Security Researcher & Penetration Tester



Certifications