Giter Site home page Giter Site logo

About Voidsec 👋

Paolo Stagno (aka VoidSec) has worked as a Penetration Tester for a wide range of clients across top tier international banks, major tech companies and various Fortune 1000 industries.

He worked as a Vulnerability Researcher and Exploit Developer for Exodus Intelligence, where he was responsible for discovering and exploiting unknown vulnerabilities (zero days) in Windows OS, enterprise applications, network infrastructure components, IoT devices, new protocols, and technologies.

He is now the Director of Research at Crowdfense, focused on Windows OS offensive application security (kernel and user-land). He enjoys understanding our digital world, disassembling, reverse engineering and exploiting complex products and code.

In his own research, he discovered various vulnerabilities in software of multiple vendors and tech giants like eBay, Facebook, Fastweb, Google, HP, McAfee, Microsoft, Oracle, Paypal, TIM and many others.

Since the beginning of his career, he has enjoyed sharing his expertise with the security community with his website and blog (voidsec.com). He is also an active speaker in various security conferences around the globe like HITB, Typhooncon, Vulncon, Hacktivity, SEC-T, Droidcon, HackInBo, M0leCon, TOHack and Meethack.

A non-exhaustive list of public vulnerabilities and CVEs that he has discovered can be found at voidsec.com/advisories/

Contact me

Statistics



visitor badge

Paolo Stagno's Projects

cve-2019-5624 icon cve-2019-5624

A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)

cve-2020-1337 icon cve-2020-1337

CVE-2020-1337 a bypass of (PrintDemon) CVE-2020-1048’s patch

cvebase.com icon cvebase.com

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

derive icon derive

Recursive Batch File Downloader for PHP Path Traversal

driverbuddyreloaded icon driverbuddyreloaded

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks

ioctlpus icon ioctlpus

IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).

mona icon mona

Corelan Repository for mona.py

mona-ropshell icon mona-ropshell

For all loaded modules (DLLs), fetch ROP gadgets querying Ropshell DB

shopping-cart icon shopping-cart

Shopping Cart is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Contains dozens of vulnerabilities; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Shopping Cart has been tested/attacked with Acunetix, Kali Linux, W3AF, SQLMAP, Samurai WTF, Backtrack, Burp-Suite, NetSparker, and other tools. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Shopping Cart is for you.

slae icon slae

SecurityTube Linux Assembly Expert x86 Exam

tivoli-madness icon tivoli-madness

Advisory for CVE-2020-28054 & stack based buffer overflow in IBM Tivoli Storage Manager

truecrypt icon truecrypt

v.7.1a Based on: https://www.grc.com/misc/truecrypt/truecrypt.htm

vcg icon vcg

VisualCodeGrepper - Code security scanning tool.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.