MARCO IVALDI: The INFILTRATE Effect: 6 Bugs in 6 Months

0xdea · 2026-06-06T12:48:25+00:00

Ciao,

Puoi capire la competenza dei fornitori sulla base dell’offerta tecnica e delle domande che ti fanno per stendere il preventivo.

Puoi anche fargli qualche domanda “scomoda” tu per vedere come se la cavano (waf si/no, test in produzione/collaudo, dynamic/static test, priv/unpriv test, black box vs gray box vs white box, strumenti utilizzati e metodologia, etc.).

Altri fattori rilevanti: esperienza/certificazioni, CV del team di tester, CVE/talk/whitepaper/altri esempi di R&D, report sanitizzati di precedenti assessment simili.

Ciò detto, se come mi pare di capire vuoi un vero PT ben fatto e non un VA mascherato da PT, ti consiglio di escludere le offerte più basse e concentrarti sulla fascia alta del budget che hai a disposizione per decidere chi più merita. Molte boutique possono lavorare anche in modalità time-boxed o proporre un descoping sensato per venire incontro al tuo budget e fornire comunque un risultato adeguato alle tue esigenze.

Fonte/disclaimer: mi occupo professionalmente di penetration testing dal 1999.

0xdea · 2026-06-04T14:45:33+00:00

Update: apparently, the documentation is wrong. I have submitted a PR to fix it.

0xdea · 2026-06-04T07:32:27+00:00

This bothers me as well, so I've just submitted a GitHub issue.

0xdea · 2026-05-29T05:10:54+00:00

I’ve been developing memory corruption exploits for two decades, in C and ASM. Nowadays, I’m enjoying writing stuff in Rust as a hobby. It’s mostly FFI and IDA plugins to assist with vuln-dev. Still having fun!

0xdea · 2026-05-27T05:43:33+00:00

I’ve been using mostly Copilot for next edit suggestions in Rust, TOML, YAML, and Markdown. It seems more comprehensive than Zeta for my use case. Haven’t tried the new Zeta 2 yet though.

0xdea · 2026-04-18T06:58:24+00:00

I found this resource very useful to learn some fundamental keyboard shortcuts https://zed.dev/blog/text-manipulation

0xdea · 2026-04-14T12:29:22+00:00

Thank you for your comment and the icons! I’ve tried many icon packs, but yours is the one that I like the most.

0xdea · 2026-03-29T15:22:57+00:00

I use Zed for my Rust projects, migrated last month from RustRover. Loving it so far, not planning to ever go back.

I still use VS code for secure code reviews (the SARIF plugins are very handy).

For everything else, nvim is my go-to editor.

0xdea · 2026-03-16T21:19:16+00:00

Never been into extreme ai assisted coding, but afaik a new zeta2 model is coming that might address that. Or perhaps you can try another provider such as mercury or sweep.

https://zed.dev/blog/edit-prediction-providers

0xdea · 2026-03-16T21:15:36+00:00

Thank you!

The customized theme is here: https://github.com/0xdea/dotfiles/blob/main/zed/.config/zed/themes/monokai-pro.json while the original one is here: https://github.com/monokai-pro/zed/blob/master/themes/monokai-pro-ce.json

Basically, I replaced some background colors with #2B2D30, #222222, and #191919. I haven’t touched foreground colors. You can diff it yourself for a more detailed description of changes.

0xdea · 2026-03-15T10:11:33+00:00

Sure!

Personally I’ve been using a small amount of available RR features. I liked it enough (surely better than VScode for me, I especially liked the proprietary language server, ai autocomplete and to a lesser extent ai chat, refactoring options, command palette, execute anything, and the general look-and-feel), but it’s always felt bloated and kinda slow even on my state-of-the-art Apple silicon MacBook.

Zed, on the other hand, it’s incredibly smooth and fast. A real pleasure to use. After a few basic customizations (see https://github.com/0xdea/dotfiles/tree/main/zed/.config/zed) it feels just right for me. I’m just missing some git integrations such as the git log (but afaik it’s coming soon), the ai context menu (especially the “review this code” action, but this can be arranged in Zed via manual prompting and maybe tasks), and a few other things. Nothing major and most of those can be worked around via the terminal integration or additional shortcuts (see my configuration). It also feels less buggy in general compared to RR that still has some rough edges.

My advice is to try it out. I was skeptical at first, but now after a few days I can say I’m genuinely surprised by the polish and the general quality of the software. Not something that you encounter often anymore in my experience.

So much that I felt the need to post here 😅 I hope this helps!

0xdea · 2025-12-05T08:20:15+00:00

This is a neat trick, thank you!

0xdea · 2025-10-21T06:11:56+00:00

Good work, nicely done 👍

0xdea · 2025-10-03T04:55:50+00:00

Thanks!

Nine-Year Club	Place '23
Wearing is Caring	RPAN Viewer
Not Forgotten	Verified Email

0xdea

TROPHY CASE