Welcome!

Hey! I am Mattia, aka 0xbro.
This is my personal blog related to everything that surrounds ethical hacking, penetration testing, vulnerability research, AppSec, CTFs, and other various cybersecurity stuff.
If you want to know more about me or want to get in touch, please visit the About Me page.

Recent writeups

• Web Hacking - Defeating custom password reset tokens
• InfoSec Education - Effective Notes for OSCP, CTFs and Pentests with Obsidian (2025)
• Web Hacking - Pentesting Salesforce Communities
• InfoSec Education - Let's talk about community with Meethack Torino
• InfoSec Education - How NOT to react to a responsible disclosure (CVE-2023-47444)

Recent disclosures

• Vtenext 25.02 vulnerability research - A three-way path to RCE
• Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions in Prevent Direct Access Wordpress Plugin (CVE-2025-3861)
• Authenticated Static Code Injections in OpenCart (CVE-2023-47444)
• Digital Private Vault (APK) - Subverting an (in)secure Android vault