Luca Carettoni

icon indicating a website link https://www.doyensec.com icon indicating an email [email protected]

icon company @doyensec icon location San Francisco / Warsaw icon location I like to experiment with computers, trying to understand how they work and eventually breaking them. At times, I fix things.

Results 13 issues of Luca Carettoni

Detect unsafe symlinks to prevent arbitrary file read/write during archive extraction

7 comment

When decompression uses an attacker-controlled zip, it is possible to create a malicious archive containing symlinks which leads to the file decompression outside the original filesystem location. This can be...

enhancement

List Bucket's Objects

As a possible enhancement, it would be nice to list objects' permissions within each bucket.

enhancement

Help Us Shape The Future of burp-rest-api

11 comment

Since the first commit of this project (back in 2016), **burp-rest-api** has been the default tool for _Burp-powered_ web scanning automation. Many security pros and organizations have relied on this...

help wanted
question