August 14, 2022

I always need to set critical environment variables on my Bash (API tokens), and of course, it’s a very bad idea to store them on .bashrc. I found a simple way to store them in an encrypted file loading it only when necessary:

Post cover
August 13, 2022

A few days ago, my daughter has deleted by mistake some photos on her camera. It has been 10 years at least since I recovered deleted files last time, so I had to find out how to approach the problem in 2022 with Kali Linux.

Post cover
July 23, 2022

During security assessment on Smarthome applications, I usually need to analyze encrypted HTTPS communications. Applications usually check for valid certificates, but also check that certificates are signed by a specific issuer.

Post cover
July 22, 2022

As private individuals we are using a lot of consumer IoT devices: almost any standard home equipment can now be remotely controlled by a specific application installed on a smartphone.

Post cover
July 17, 2022

I usually don’t write about OSINT techniques, I think that before approaching OSINT we should speak about ethics and respect. By the way, some OSINT automation techniques are harmless: if you don’t know what you have to search for, you won’t be able to get anything regardless you are automating or not.

Post cover
July 15, 2022

Security assessments are part of my daily job, and automation is part of my mindset. CIS Controls provides a set of standard controls that should be checked on… anything. To be specific CIS also provides a benchmark (a sort of step-by-step guide) for many environments.

Post cover
July 13, 2022

I have a “landline” VoIP number, used by my parents to reach me when my phone is turned off. Apparently, landlines number are preferred by spammers, so I wrote a simple firewall zero-trust configuration for my FRITZ!

Post cover
July 11, 2022

I had an interesting chat with a friend: he was reporting to me that his photovoltaic management app wasn’t working anymore. The vendor upgraded the Cloud API breaking compatibility with older products.

Post cover
July 09, 2022

Following an idea of Micheal Bazzel , I decided to write a short procedure to remove unwanted software from Android smartphones. It’s not only about cleaning the phone, it’s about privacy.

Post cover
June 15, 2022

I’m discussing the IEC 62443 certification with an organization: that build and sell ICS plants which are risky from a safety perspective. They currently comply with the Machinery Directive (Directive 2006/42/EC of the European Parliament), but they are not considering the Cyber risk.

Post cover