Welcome!

Hey! I am Mattia, aka 0xbro.
This is my personal blog related to everything that surrounds ethical hacking, penetration testing, AppSec, CTFs, and other various cybersecurity stuff.
If you want to know more about me or want to get in touch, please visit the About Me page.

Recent writeups

• InfoSec Education - Getting Started with GeoGuessr and OSINT (UMDCTF 2023)
• Android Hacking - How to set up an Android Penetration Testing Lab from scratch
• Web Hacking - WAF bypass and vulnerability chain exploiting parser differentials
• Web Hacking - Finding SSTI in an EJS app using existing exploits and undocumented features
• Web Hacking - Exploit Arbitrary Deserialization through Blind SQL Injection

Recent disclosures

• Authenticated Static Code Injections in OpenCart (CVE-2023-47444)
• Digital Private Vault (APK) - Subverting an (in)secure Android vault