Carlo

Carlo Alberto is a cyber security expert with strong focus on web application security, complex network infrastructure penetration testing (Windows/Linux) as well as red teaming and, occasionally, threat hunting. Carlo helps customers defend and secure their environment by doing extensive and thorough security assessments and penetration tests. He likes to share the acquired knowledge with colleagues and with the Internet.

Posts by Carlo:

SIGRed (CVE-2020-1350) affects ALL Windows DNS Servers and leads to full domain compromise.

Yes that it is true. The high severity vulnerability identified by CVE-2020-1350, reported here, affects all versions of Windows DNS Server from 2003 to 2020 and since DNS servers are usually Domain Controllers, that results in obtaining Domain Admin privileges. SIGRed is a wormable vulnerability with a CVSSv3 score of 10.0, the highest, and triggered by […]

15 Jul 2020 in Cyber Security&Infrastructure

A Short Story of a Targeted Attack

The importance of a quick detection and response. Companies are constantly getting targeted by cyber-attacks, some of them may have important valuable customer information, production manufacturing secrets or, in general, sensitive data of all different kinds. Attacks are not always focused on stealing information, but can also aim at implanting ransomware, thus at stopping production […]

02 Jun 2020 in Cyber Security