[0x01] My Projects

RBS - The Royal Bank of Scotland Group

I'm currently employed as Penetration Tester Specialist at RBS in Warsaw, Poland. My daily activities include performing security audits and ethical hacking against several online banking systems worldwide.

OWASP Italy

I'm an active member of the OWASP Italy, a worldwide free and open community focused on improving the security of application software.

Java.String Eclipse Checker (JSEC)

During the last years, I was developing a string analysis methodology for the detection of web application flaws. The aim of the project is to create a software called Java.String Eclipse Checker, integrated into Eclipse, which is able to analyze and find vulnerabilities into J2EE applications. There's no public release available due to copyright issues.

The BlueBag Project

Bluetooth: is it a security threat? With the BlueBag, a Linux based Bluetooth system in a suitcase, we tried to investigate the effectiveness of current mobile malware. In this page you can find the results of this research project which arised the interest of the whole security community.

[0x02] A Cup Of Coffee Together

Share the knowledge is one of the key principle of the Open Source and Full Disclosure community. It's always a pleasure to speak during security conferences and hacker meetings. I'll be in the upcoming events:

• What: n/a
• When: n/a
• Where: n/a

[0x03] Slides

WebApp Security

• #You develop. I Hack. [PDF, IT]

  Infosecurity 2008, Milan (Italy). In this speech, I spoke about the different point of view of developers and penetration testers and why sometimes it is so difficult to find a good balance between usability and security. As somebody said, security is a trade-off between Plug&Play solutions and paranoia.

• #String Analysis for the Detection of Web Application Flaws [PDF, EN]

  In this turbo talk, I presented an overview of the input validation flaws, I showed the theoretical aspects of the J.S.E.C. project and the tool, evaluating the effectiveness of this solution during the development of secure web applications. ISSE/SECURE 2007, Warsaw (Poland).

• #J.S.E.C. demo (video) [SWF, EN]

  Demo video used during the ISSE/SECURE 2007 speech. Searching vulnerabilities in OWASP WebGoat using J.S.E.C.

• #Buzzwords Security [PDF, IT]

  At the Italian edition of the OWASP Day Worldwide, I presented a new talk on web application security: How to exploit a WiFi Access Point using XSS and other attack techniques. It's the same presentation of Smau 2007.

• #String Analysis for the Detection of Web Application Flaws [PDF, EN]

  Slides compiled for CONFidence 2007 in Krakow (Poland).

• #Static Analysis for the Detection of J2EE Apps Flaws [PDF, IT]

  Slides compiled for the public discussion of my master degree thesis at the Politecnico di Milano. I started to work on Java static analysis during a project at university.

• #Web Application Security (Secure Coding) [PDF, IT]

  Slides compiled for the Linux Day 2005, Somma Lombardo (VA).

Mobile Security

• #Risks and threats of Bluetooth-enabled devices [PDF, IT]

  During the Proximity Forum 2008 in Milan (Italy), I showed the risks of the Bluetooth technology to a non-technical audience. It was a turbo talk with a short live demo.

• #The BlueBag Project: from August 2006 to May 2007 [PDF, EN]

  At CONFidence 2007 in Krakow (Poland), I and Claudio Merloni presented our research about Bluetooth Security from August 2006 to May 2007.

• #A Mobile, Covert Bluetooth Attack and Infection Device [PDF, IT]

  Italian version of the Black Hat slides. We presented this speech in several Italian events (Smau 2006, OpenExp 2006, InfoSecurity 2007).

• #A Mobile, Covert Bluetooth Attack and Infection Device [PDF, EN]

  At the USA edition of Black Hat Briefings 2006, I and Claudio Merloni presented the BlueBag, an innovative, mobile and covert device to attack Bluetooth-enabled devices. The same presentation was used during IT Underground 2006 conference in Warsaw, Poland.

• #Bluetooth (In)security [PDF, IT]

  Slides of my talk during Smau 2005, Milan.

Miscellaneous

• #RFID, Security and Privacy [PDF, IT]

  A presentation of the incoming risks related to the RFID (Radio Frequency IDentification) technology . Slides used during OpenEXP 2006; part of the presentation was also used during the main Italian privacy related event in Florence, E-Privacy 2006.

• #The hackers' ethic: hands on! [PDF, IT]

  A presentation of the "hands on" hand book.

• #Ekahau Position Engine. Preliminary Analysis [PDF, EN]

  Ekahau Real-Time Location system is a wireless radio frequency solution that continually monitors and reports real-time locations of tracked resources. Back to 2004, this presentation reports an independent experiment made in order to evaluate the reliability of the system.

[0x04] Articles, Papers

WebApp Security

• #WebApp Security Tools (v0.2) [PDF, IT]

  This document lists the different categories and the several web app security tools out there. It's intended to provide pure references.

• #OWASP Testing Guide v2 [WWW, EN]

  In the last semester of 2006, I was contributor of the OWASP Testing Guide, the most well recognized web application penetration testing methodology.

• #Path Traversal [WWW, IT]

  A complete explanation of one of the most dangerous vulnerability and hacking attack technique.

• #Web Software Testing [WWW, IT]

  Black box testing and source code analysis use dual approaches in order to find security flaws. In this article I try to explain the difference between these two analysis methods using OWASP Lapse and Acunetix Web Vulnerability Scanner as examples.

• #OWASP interviews OWASP [WWW, IT]

  An interview with my friend Matteo Meucci about the OWASP Testing guide.

• #WebApp Auditing Software [WWW, IT]

  An introductory article about different software usable to conduct security audits against web applications.

• #WebApp Security from the OWASP point of view [WWW, IT]

  An extensive online article about the OWASP Top Ten vulnerabilities (2004 edition); It could be a good reference for who just start now to think on software security.

• #WebML/WebRatio Security Audit [PDF, IT]

  Final report of a quick security audit on the data description model WebML and the web applications automatically generated by the tool WebRatio.

Mobile Security

• #Studying Bluetooth Malware Propagation [PDF, EN]

  Appeared on "IEEE Security&Privacy" March/April 2007. Current Bluetooth worms pose relatively little danger compared to Internet scanning worms but things might change soon. We show targeted attacks through Bluetooth malware using proof-of-concept codes and devices that demonstrate their feasibility.

• #Bluetooth Malware [PDF, IT]

  Article appeared on Hakin9 Magazine (04/2007).

• #Going around with Bluetooth in full safety [PDF, EN]

  Final report of the first Italian Bluetooth devices survey made by me and colleagues at Secure Network, in collaboration with F-Secure. It was the first step of the BlueBag project.

• #Bluetooth Security: attack and defense techniques [WWW, IT]

  Introduction of Bluetooth security, vulnerabilities and known issues - part two.

• #Security in the Bluetooth communications [WWW, IT]

  Introduction of Bluetooth security, vulnerabilities and known issues - part one.

• #How to extend the range of your BT dongle [PDF, IT]

  How to modify a Bluetooth dongle in order to extend the range, spending 14 euros.

Miscellaneous

• #(In)Security Summer [WWW, IT]

  My reportage of the Black Hat and Defcon experience in August, 2006.

• #Authorship analysis, a fuzzy approach [PDF, IT]

  A scientific article that shows the possibility to use fuzzy logic in order to discover authorship abuses or during computer forensic cases.

• #The hackers' ethic: hands on! [PDF, IT]

  A short book that tells you the story and the glory of the hackers community, from the first American hackers generation to the Italian way to hack. If you are interested on this topic, I suggest you to download it!

• #Program Slicing [PDF, IT]

  A scientific article that shows a quite interesting methodology of the modern software engineering. A slice consists of all program statements that affect the value at a point of interest inside the source code.

• #Behind the scenes of the CTF 2005 [PNG, IT]

  Article appeared on Internet.Pro magazine (September, 2005) about the Academic Capture The Flag competition. For more information, look here:CTF 2004 and CTF 2005.

• #"Spaghetti" hacker for a night [PDF, IT]

  Story on our hackish night during the university CTF 2005 competition.

• #Distributed computing and protein folding [WWW, IT]

  Article published on the "Open.Source" magazine about grid computing and the Folding@Home project. It's just available for magazine customers on number 10 July/August, 2004.

• #Apple RendezVous (now called "Bonjour") [PDF, IT]

  Back to 2004, a technical overview of the open source ZeroConf technology widely spreads into Apple's products.

[0x05] Advisories, Exploits

Here you can find security advisories as well as exploits developed during my vulnerability research activities. Please be aware that I don't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, these information.

• #[SN-2008-01] Philips VOIP841 Multiple Vulnerabilities
• #[SN-2007-03] Simple PHP Blog Multiple Vulnerabilities
• #[SN-2007-02] Boa HTTP Basic Authentication Bypass
• #[SN-2007-01] GCALDaemon Remote DoS
• #[SN-2006-01] Multiple Vulnerabilities in Hummingbird Collaboration
• #[SN-2005-01] Siemens SANTIS 50 Authentication Vulnerability

[0x06] Code

BlueBag (v0.1) - Public Code Release
(Online after a long while!)

From May 2006 to May 2007, my friend Claudio and I developed several scripts useful to implement Bluetooth scanners, honeypots, obex pushers.

The BlueBag "Public Code Release" is not intended to be a complete software solution. It is just a colletion of Python scripts...

Download here: bluebag_v0.1.zip

MD5 sum: bluebag_v0.1.md5sum

Smart Security Grep (SSGrep)

Smart Security Grep is a simple PHP CLI script useful to grep source code during code review or security assessments.

SSGrep uses a modular knowledge base with multilanguage support. The current version includes the following KBs: "Java/JSP dangerous method calls v0.1", "sensitive information v0.1" and "lamer developers v0.1". To extend the knowledge base, you just have to drag a ".kb" file into the "data" directory.

Here you can find an example of the HTML output. More information on the README file. Email me your suggestions and comments.

Download here: ssgrep v0.11

JSP Reverse Shell

A simple JSP Reverse Shell (Linux version). It's a very comfortable script during penetration test in J2EE environment.

Download here: revshell.jsp

AppleMail2KMail converter

A PHP CLI script to convert Apple Mail mailboxes into Kmail format. It was developed during my Mac->Linux migration.

Download here: applemail2kmail.php

[0x07] Geek Buffet

Stuff for nerds and geeks

• #LovePicking? Locks on the Tiber island lovers bridge, Rome

BlueBag Stories

• #BlueBag Logo The official logo of the project (100x164 pixels)
• #Pic 1 An high resolution picture of the whole system
• #Pic 2 Night vision picture
• #Pic 3 From the artistic point of view
• #Video 1 "Building the BlueBag" (Quicktime file format)
• #Press 1 Slashdot. Article (EN).
• #Press 2 InfoWorld. Article (EN).
• #Press 6 PC World New Zealand. Front page (EN).
• #Press 7 CNET News. Article (EN).
• #Press 3 PC World Italia. Article (IT).
• #Press 4 Data Manager. Article (IT).
• #Press 5 Repubblica. Article (IT).
• #Press 8 Punto Informatico. Article (IT).
• #Press 9 Tgcom. Article (IT).
• #Press 10 Zeus News. Article (IT).
• #Press 11 Corriere della Sera. Article (IT).
• #Press 12 ICT Security. Interview (IT).