Andrea Cardaci

Bio

Application security specialist at SecureFlag.

Advisories

10 Jan 2021 [CVE-2021-3116] proxy.py 2.3.0 — Broken basic authentication
21 Jul 2020 [CVE-2020-15562] Roundcube 1.3.9 — Stored XSS in received emails
11 Mar 2020 [CVE-2020-8865/6] Horde Groupware Webmail Edition 5.2.22 — Multiple vulnerabilities promote file upload in temp folder to RCE
10 Mar 2020 [CVE-2020-8518] Horde Groupware Webmail Edition 5.2.22 — RCE in CSV data import
12 Aug 2019 [CVE-2019-12792] Vesta Control Panel 0.9.8-24 — Privilege escalation in the upload handler
12 Aug 2019 [CVE-2019-12791] Vesta Control Panel 0.9.8-24 — Privilege escalation in the password reset form
15 Apr 2019 [CVE-2019-9841] Vesta Control Panel 0.9.8-23 — Reflected XSS in file manager API
19 Mar 2019 SquirrelMail 1.4.22 — Stored XSS in received emails

Blog

22 Dec 2018 Authenticate against a MySQL server without knowing the cleartext password
01 Mar 2018 Overriding shared libraries in immediately-bound executables on Linux
12 Feb 2018 A macOS anti-debug technique using ptrace

Profiles

GitHub
Code goes here
Hack The Box
Pwning boxes for fun
Twitter
Social stuff
LinkedIn
Professional profile
Bēhance
My attempt at photography

Contacts

Feel free to drop me an email.

Use this PGP key for confidential communication.

Projects

GTFOBins
Curated list of Unix binaries that can be exploited to bypass system security restrictions
gdb-dashboard
Modular visual interface for GDB in Python
chrome-remote-interface
Chrome Debugging Protocol interface for Node.js
mysql-unsha1
Authenticate against a MySQL server without knowing the cleartext password
fracker
PHP function tracker
zizzania
Automated DeAuth attack
chrome-har-capturer
Capture HAR files from a remote Chrome instance
prof
Self-contained C/C++ profiler library for Linux
comb
Interactive code auditing and grep tool in Emacs Lisp
zoom
Fixed and automatic balanced window layout for Emacs
gproxy
googleusercontent.com as HTTP(S) proxy
trace
Start or attach to a process and monitor a customizable set of metrics
gdb
Go GDB/MI interface
httpfs
Remote FUSE filesystem via server-side script

Meta

This website is built with Jekyll, source files can be found on GitHub.

Subscribe to the news feed.