Categories

old-school

Biblia del TSM

El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...

In old-school, Jun 01, 2004

Hacking WAP

```Resulta que para empezar a trabajar de forma cómoda en entornos móvilesen una red inalámbrica es necesario tener identificados a los clientes. Es más,cuando hay que facturarles ser...

In old-school, Apr 02, 2003

El TM+MM

Antes de empezar el artículo en sí creo que debo advertir que la información aquí contenida es solamente para fines meramente informativos, y que lo que cualquier usuario haga mas all...

In old-school, Apr 02, 2003

Telefonia

```

In old-school, Jun 01, 2002

advisories

CVE-2007-0176: GForge Cross Site Scripting vulnerability

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.

In advisories, Jan 10, 2007

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

reversing

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

Projects

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

entrepreneurship

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

hw-hacking

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

UART access. Hardware Hacking with Bus Pirate

Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:

In hw-hacking, iot-security, Feb 17, 2019

STM32 debugging with ST-Link

In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...

In hw-hacking, iot-security, Jan 30, 2019

iot-security

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

UART access. Hardware Hacking with Bus Pirate

Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:

In hw-hacking, iot-security, Feb 17, 2019

STM32 debugging with ST-Link

In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...

In hw-hacking, iot-security, Jan 30, 2019

research

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

Real-time processing with Python

Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...

In research, devop, Feb 08, 2019

devop

Real-time processing with Python

Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...

In research, devop, Feb 08, 2019

intelligence

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

talks

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

hacking

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020