BERTOLDISecurity Boutique

Being safe is not feeling safe.

Knowing us is already seeing the difference.

Let's talk, 30 minutes
You'll find human expertise, not an AI

The essential, made excellent.

01 — Intact Ecosystem

IntactMail

Your mail, unbreachable.

IntactBackup

Your last line of defense.

IntactSecurity

Your endpoints, under control.

IntactWeb

Your digital presence, watched over.

SOC Tailored

Your dedicated Security Operations Center.

The full list of services, with all prices. Download the price list (PDF)

Defense by those who know how to attack.

02 — Research & Innovation

Our offensive research lives on international stages and in the public vulnerability registries. The same knowledge we use to find the flaws is the one we use to protect our clients.

DeepSec Vienna 2025

∞ Day at Scale: Hijacking Registrars, Defeating 2FA and Spoofing 17,000+ Domains Even with DMARC

Alessandro Bertoldi — co-author Enrico Bertoldi · Bertoldi Cybersecurity

When the weakest point in the chain is the registrar, downstream defenses are not enough. The research, carried out between 2018 and 2025, shows how systemic failures in credential recovery, 2FA bypass and email spoofing allow persistent exploitation even on domains with SPF, DKIM and DMARC properly configured. These are forever-day vulnerabilities affecting over 17,000 domains, including cross-tenant spoofing in N-Able Mail Assure and the identity-recovery procedures of Register.it: full control of client panels with zero credentials, using only PDF forms and social engineering. The proposal is defensive: a Reliability Scoring system for registrars and a trust mark for end users, based on RDAP and aligned with the NIS2 directive.

Technical paper + PoC ↗ CVE-2025-68624 ↗ CVE Advisory ↗ IETF Internet-Draft ↗
Our offensive work at bcsec.io ↗

Let's talk.

03 — Contact
+39 0185 799079 Write to us

BERTOLDI Cybersecurity — Security Boutique
Passo dei Maggioli 11
16036 Avegno (GE) — Italia
P. IVA IT01070790991

Discovery analysis by appointment

By downloading and starting the remote-control software you accept the following. The software is provided by TeamViewer and is used under its own terms. The connection takes place only at your request and in your presence: during the session our technician can view and operate on your device, so please close any files or data unrelated to the support beforehand. You declare that you are entitled to authorise access to the device. By proceeding you declare that you have read and accepted these conditions.

TeamViewer QuickSupport ↗ TeamViewer Host ↗