First of all I recommend reading this blog post from Simone evilsocket Margaritelli that is – imho – one of the best comprehensive guides to Android applications reversing, of which network analysis is just a part. In my post I will present 3 different methods I used to understand the network behavior (the focus is … Continue reading (not only) Android applications network analysis→| Scubarda
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Squid can be configured to make SSL/TLS inspection (aka HTTPS interception) so the proxy can decrypt proxied traffic (Squid calls this feature ssl bump). Afaik the Squid package included in the Linux distros is not compiled with SSL/TLS inspection support but … Continue reading Configure Squid proxy for SSL/TLS inspection (HTTPS interception)→| Scubarda
Since Ubuntu 18.10 I’m experiencing a weird bug on Terminator, the terminal I use because of its broadcasting functionality. The bug is known and tracked on launchpad but not fixed ¯\_(ツ)_/¯ so I found a quick way to fix it (tested up to 20.04), enjoy!| Scubarda
Long time since last post. I was very busy organizing the second edition of RomHack, the free cyber security conference made with ❤ by Cyber Saiyan – the non-profit organization I founded 2 years ago – that took place in Rome past 28th of September. We had an incredible lineup with italian and international speakers … Continue reading #RomHack2019→| Scubarda
Phishing is a common attack characterized by simplicity and effectiveness; phishing emails are used to drop malware, cryptolocker, steal credentials… and they are successfull just because Dave. I suggest reading this page to understand “the existing forms of phishing attacks and the currently available mitigations“. Companies – hopefully – train their employees with internal phishing … Continue reading Make your own phishing campaign using office macro and Powershell as simple dr...| Scubarda
I use twitter to follow a lot of good feeds but often I need to follow twitter threads for new replies to have a fast and complete view of complex threads even if I’m not cited or the tweet owner. I did some search and found a python script from @edu on github that was … Continue reading Follow and be notified of any twitter thread reply – a python twitter scraper→| Scubarda
In our SOC we use Pi-hole to block network ad-serving domains. Benefits of Pi-hole are highlited on their web site Since ads are blocked before they are downloaded, your network will perform better Network-level blocking allows you to block ads in non-traditional places such as mobile apps and smart TVs, regardless of hardware or OS … Continue reading Raspberry Pi + Pi-hole: a perfect combo→| Scubarda
In this post I just show what domains you need to enable to authorize access to telegram and whatsapp web sites behind your corporate proxy. This is useful when you need to allow – like me – just a subset of your users to access it. Allow following Telegram domains on your proxy web.telegram.org vesta.web.telegram.org telegram.me Allow … Continue reading Enable Telegram and WhatsApp web sites behind a proxy→| Scubarda
This post is the fifth of a series on Threat Intelligence Automation topic. Post 1: Architecture and Hardening of MineMeld Post 2: Foundation: write a custom prototype and SOC integration Post 3: E…| Scubarda
Weeks ago, I read a blog post by Cofense showing how bad guys can trick users into granting permissions to a malicious application to “grab all the victims’ email and access cloud hosted docu…| Scubarda
