PyJFuzz to the next level

October 20, 2016 Daniele

What is PyJFuzz

In the previous post i wrote about PyJFuzz a project of mine focused on JSON fuzzing, it was developed entirely in Python based on radamsa general-purpose fuzzer. As I promised in this post I will talk about real-life fuzzing using PyJFuzz and Burp Suite. PyJFuzz is modular, easy-to-use, easy-to-extend and easy-to-integrate JSON fuzzer, using it you will be able to fuzz almost everything JSON based with a small effort.

Windows privilege escalation made easy

September 26, 2016 Daniele

Privileges

User's privileges are a daily challange in today's hack, sometime when a malicious user break into your system he tries also to escalate their permission till Administrator account. There are many ways to do it, some are really hard to perform such as 0day, others are pretty trivial such as misconfigurations, weak permissions, elevated process, pipelines and more. Perform all those task on a system with many packeges installed would be a really pain in the ass, here's where my script come in help!.