Explore the world
of Cybersecurity

Penetration Test
When Java Web Start won’t listen: bending a JNLP app to your proxy

Davide Ornaghi 12 June 2025
Pentesting isn’t always about sleek tools and shiny APIs. I recently faced a legacy Java Web Start app hidden behind a VPN-accessed PAM portal—and it flat-out ignored all my proxy settings. Neither JVM flags nor OS-level variables worked, and to make matters worse, it was running on Windows. By forcing proxy usage at the socket level and decoding both Fast Infoset and Java-serialized SOAP, I managed to break through the layers and uncover serious client-side trust flaws.
Application security
NIS2 Directive: The Second Phase of the Implementation Process Begins

Valentina Sona 20 May 2025
On April 10, 2025, the National Cybersecurity Agency (NCA) launched the second phase of the NIS2 Directive implementation process, notifying organizations that registered in the first phase of the classification assigned to them.Based on over 30,000 registrations, NCA identified more than 20,000 organizations in Italy as NIS entities. Among them, over 5,000 have been classified as essential entities.In this article, I’ll clarify the notifications, what they contain, and the timelines for the organizations involved.
Penetration Test
Attacking the Industry 4.0 via the BACnet protocol

Lorenzo Bruno 10 January 2025
In the era of digital transformation and Industry 4.0, cybersecurity has become a crucial priority for those that manage industrial operations, which are widely used in the Operational Technology (OT) world. The growth in collective interest is due, in large part, to the rapid adoption of new cutting-edge technologies that are blurring the line between IT and OT. However, this new structural and design configuration is the main cause of the emerging vulnerabilities.
Vulnerability research
Integrating Nftables rules into Syzkaller

Davide Ornaghi 18 October 2024
Because of the customizable and relatively new nature of the system, nftables is frequently targeted by attackers looking for new 0-days to gain root privileges on the machine (LPE). For a better understanding of nftables internals, I recommend reading the first part of my previous blog post where I go through how to talk to […]
Vulnerability research
Technical Analysis of an io_uring exploit: CVE-2022-2602

Samuel Venturini 27 September 2024
This article aims to address part of my internship at Betrusted, part of the Intré Group, where I approached the vulnerability industry through the Pwn2Own case study, focusing on three key aspects: An overview of the contest, starting from its inception, the evolution over the years, and its impact on vendors, A second part showing […]
Application security
Guide to Application Security Testing

Luca Parsani 30 August 2024
A short guide to understanding what Application Security Testing is and the tools used to identify and prevent threats at all stages of software application development, from design to execution.