Fabio Carretto
@bytevsbyt3
Followers
205
Following
1K
Media
15
Statuses
284
Offensive Security | CTF player @beerpwn | OSWE | OSCP | Boxing, Enduro *** stack smashing detected ***
Italy
Joined March 2018
This morning a #security advisory was published by Zyxel, with CVE-2023-5593, of a memory corruption vulnerability found during a research conducted by me and @bytevsbyt3 on their VPN client for Windows. https://t.co/iQG7RrbnUO
1
3
5
Avoiding the top 10 #Nginx config mistakes - really useful resource https://t.co/J64TwaYvlX
f5.com
0
0
1
0
2
10
Have read about caller ID spoofing several times, but I always doubted it would work in 2023 until I set it up on my own. It is not a piece of cake, but it can be done with a suitable VoIP provider (with SIP trunk), a customized PBX (e.g. Asterisk) and a softphone (e.g. ZoiPer).
71
268
2K
Tornato a casa dal viaggio a new york e miami. Tutto bello però come il ragù di mamma non ce n'è
1
0
3
Mad respect for CTFs that drop all their challenge source and solutions 🔥 Google's 2023 files have been added to the repo 👇 https://t.co/j5Fal8Y43s
github.com
Google CTF. Contribute to google/google-ctf development by creating an account on GitHub.
2
113
441
today I have revived my hackthebox profile and it's always fun. Agile machine pwned, nice and balanced medium box by @0xdf_ with not obvious steps.
0
0
3
🔥 Brace yourself #LocalPotato is out 🥔 Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege. Patched by Microsoft, but other protocols may still be vulnerable. cc @decoder_it Enjoy! 👇 https://t.co/3Lge45hb7L
localpotato.com
Here we are again with our new *potato flavor, the LocalPotato! This was a cool finding so we decided to create this dedicated website ;)
4
172
401
0
3
33
Great! I passed the #OSWE exam. There were nice challenges in the lab. Thanks @offsectraining #infosec #offensivesecurity
9
11
186
Excellent insights for research and self-improvement by @LiveOverflow
Covering the top 6 bugs in Google Cloud from 2021 https://t.co/cu777sPOpf
0
0
2
During a research, our team member @p4w16 has found a vulnerability in a @zyxel product, now identified with CVE-2022-0734! Check it out the official advisory #cybersecurity
https://t.co/qdSKt8rLA0
0
4
7
https://t.co/WCRYaKo56R I wrote it...hopefully not too confusing but full of security code audit methods. Enjoy.
frycos.github.io
Recently, I asked the Twitter community if anyone would be interested in a blog post about “failed” security code audit attempts. A lot of you seemed to like this idea, so here it is. I was somehow...
Is anyone also interested in me blogging about "failed" code audit attempts, e.g. only getting high-privileged auth'd RCE in a product? I could instead explain the methodological paths up to hitting the dead ends in more detail.
18
73
190
Nice focus on mental health and burnout! Thank you for your work @ITJunkie
Tea w/a Hacker - Cyber Burnout, Recovery, and AMA
0
0
4
I want to keep track of the latest cybersecurity news. I also don't want to spend all my time on Twitter. Here are 5 great cybersecurity news outlets that I rely on! 🧵👇
53
463
2K