,,,,,,,,                               ,,                   $$      Andrea         
  $$     $$                              $$                   $$       Purificato     
 ,$"     $$   ,$"""$,   $$    $$    $$  ,$"        ,$"""$,    $$"""$,             .0. 
 $$,,,,,$"    ,,,,,$$   "$,  $"$,  $$   $$         ,,,,,$$   $$     $$            ..0 
,$"  "$,    ,$""   ,$"   $$ $" $$ $$   ,$"       ,$""   ,$" ,$"     $$            000 
$$     "$,  $$    ,$$    "$$"  "$,$    $$        $$    ,$$  $$    ,$"                 
""       ""  """"" ""     ""    ""     """""""""  """"" ""  """""""               # cd
Excuse: bad ether in the cables

0xb33f - Search in Rawlab

Menu: about me - exploit - PoC - shellcodes - tools - confs - papers - thanks


0xbfff - About me


bunker アンドレア 「ブンケル」 プリフィカト
Welcome to Rawlab, my personal page.
I don't know why you are here, but I'm sure you have your reasons for it.

I'm a Computer Security Enthusiast, born exactly 947910283 seconds ago in a banana republic called Italy.

I don't like to write thousand lines of code: programming, networking, cryptology and ham-radio technology skills are simply corrateral effects of my computer security interest. I'm a big fan of Ockham's razor.

I'm currently collaborating with INPS as Senior Security Specialist. In the past, I was full time employed for Unidata S.p.A. and TelecomItalia S.p.A. as Ethical Hacker. My main activities include Penetration Testing, Information Security Auditing and a little bit of vulnerability researching when I have free time.

During my working experiences I have discovered and published some vulnerabilities ( Ariadne Content Manager SQL Injection and User Enumeration, CVE-2007-2791, CVE-2007-0805, CVE-2007-0876, CVE-2008-0589, Oracle Portal XSS, Communigate Pro stored XSS), and developed many exploit codes.

There are upcoming alerts scheduled for a future disclosure: OracleAS IDs 10846253 and 10903225
[brainfuck]
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

0xbffe - Exploit

SQL Injection exploit

Cross Site Scripting (XSS) Stored exploit

Cross Site Scripting (XSS) Reflected exploit

Oracle Evil Views exploit

Oracle Evil cursor injection exploit

Oracle Classic SQL injection exploit

Tru64 exploit

IBM AIX exploit


0xbffd - PoC

Exploiting Linux/x86, beating stack randomization on 2.6

Advanced Buffer Overflow (abo) solutions


0xbffc - Shellcodes

Solaris/sparc Shellcodes

Linux/x86 Shellcodes


0xbffb - Tools

Blackhat Security tools

Whitehat Security tools

Miscellaneous


0xbffb - Configuration files


0xbffb - Papers


0xbffa - Thanks

Finally, I just want to say thank's to my friend Creator for his generosity in providing this excellent web service. Many thanks also to Pete Finnigan, raptor, Michal Zalewski, Fravia+, Alexander Kornbrust, Alessio Porcacchia, str0ke and all researchers in the wild...