Andrea Cardaci

Bio

MSc student at the University of Pisa, Italy.

Advisories

15 Apr 2019 [CVE-2019-9841] Vesta Control Panel 0.9.8-23 — Reflected XSS in file manager API
19 Mar 2019 SquirrelMail 1.4.22 — Stored XSS in received emails

Blog

22 Dec 2018 Authenticate against a MySQL server without knowing the cleartext password
01 Mar 2018 Overriding shared libraries in immediately-bound executables on Linux
12 Feb 2018 A macOS anti-debug technique using ptrace

Contacts

Drop me an email.

Profiles

GitHub
Code goes here
Hack The Box
Pwning boxes for fun
Twitter
Social stuff
LinkedIn
Professional profile
Bēhance
My attempt at photography

Meta

This website is built with Jekyll, source files can be found here.

Subscribe to the news feed.

Projects

GTFOBins
Curated list of Unix binaries that can be exploited to bypass system security restrictions
gdb-dashboard
Modular visual interface for GDB in Python
chrome-remote-interface
Chrome Debugging Protocol interface for Node.js
chrome-har-capturer
Capture HAR files from a remote Chrome instance
prof
Self-contained C/C++ profiler library for Linux
fracker
PHP function tracker
mysql-unsha1
Authenticate against a MySQL server without knowing the cleartext password
comb
Interactive grep annotation tool for manual static analysis in Emacs Lisp
zoom
Fixed and automatic balanced window layout for Emacs
gproxy
googleusercontent.com as HTTP(S) proxy
trace
Start or attach to a process and monitor a customizable set of metrics
zizzania
Automated DeAuth attack
gdb
Go GDB/MI interface
httpfs
Remote FUSE filesystem via server-side script