NonèCostanzo — Security Research

NonèCostanzo — Security Research https://paolocostanzo.github.io Technical write-ups, CVE analysis, thoughts on Cloud, AI Security and Penetration Testing by Paolo Costanzo. en 07 Apr 2026 00:00:00 +0000 I Wanted to Write a Quick Article. I Dismantled a Criminal Org Instead. https://paolocostanzo.github.io/crypto-drainer-svuotatasche/ https://paolocostanzo.github.io/crypto-drainer-svuotatasche/ 07 Apr 2026 00:00:00 +0000 A phishing email, an entire Easter vacation burned, and a rabbit hole that led to $13,960 stolen, infiltrated Telegram channels, mapped C2 infrastructure. Crypto Drainer-as-a-Service on the TRON network. Threat Intelligence Crypto OSINT One GET, 169.254.169.254, IAM Credentials Served Fresh https://paolocostanzo.github.io/ssrf-imds-ec2-credentials/ https://paolocostanzo.github.io/ssrf-imds-ec2-credentials/ 31 Mar 2026 00:00:00 +0000 IMDSv1 requires no authentication. One SSRF in your app is enough to steal EC2 IAM credentials. Capital One, 106 million records, $80M fine. HttpTokens: required has existed since 2019. Cloud Pentest SSRF €40, 2 Minutes, and a Student Who'll Never Trust Free Wi-Fi Again https://paolocostanzo.github.io/cardputer-adv-wifi-security/ https://paolocostanzo.github.io/cardputer-adv-wifi-security/ 21 Mar 2026 00:00:00 +0000 Cardputer-Adv in your pocket, Bruce firmware, and a class of professionals convinced they knew all about Wi-Fi. Evil Portal, beacon spam, deauth attack in the classroom. Pentest WiFi Hardware Operation Epic Fury: What the Reports Missed https://paolocostanzo.github.io/operation-epic-fury-cyber-war-iran/ https://paolocostanzo.github.io/operation-epic-fury-cyber-war-iran/ 17 Mar 2026 00:00:00 +0000 Original OSINT investigation into the Iranian dual-platform campaign targeting Israeli civilians. Undisclosed Windows payload, secondary C2 with 0/94 VT, infrastructure active 8 months before anyone noticed. Threat Intelligence Malware Analysis TIM, GeForce Now and the ICMP Black Hole https://paolocostanzo.github.io/tim-packet-loss-gfn/ https://paolocostanzo.github.io/tim-packet-loss-gfn/ 10 Mar 2026 00:00:00 +0000 How I diagnosed and worked around an ICMP Black Hole on TIM's network that caused 10% packet loss on GeForce Now and capped bandwidth at 26 Mbps on a 1 Gbps line. Pentest Network ISP AWS IAM: The 5 Most Common Misconfigurations https://paolocostanzo.github.io/aws-iam-misconfiguration/ https://paolocostanzo.github.io/aws-iam-misconfiguration/ 01 Mar 2026 00:00:00 +0000 Wildcard policies, root without MFA, exposed access keys, overly permissive roles and disabled logging. Five mistakes I see on every cloud audit — and how to fix them. Cloud AWS IAM Prompt Injection on Enterprise LLMs: How It Really Works https://paolocostanzo.github.io/prompt-injection-llm/ https://paolocostanzo.github.io/prompt-injection-llm/ 01 Mar 2026 00:00:00 +0000 Enterprise language models have attack surfaces almost nobody considers. A practical walk-through of how an attacker thinks when facing a corporate LLM wired into internal data. AI Security LLM Pentest