Categories
old-school
Biblia del TSM
El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...
In old-school, Jun 01, 2004
Hacking WAP
```Resulta que para empezar a trabajar de forma cómoda en entornos móvilesen una red inalámbrica es necesario tener identificados a los clientes. Es más,cuando hay que facturarles ser...
In old-school, Apr 02, 2003
El TM+MM
Antes de empezar el artículo en sí creo que debo advertir que la información aquí contenida es solamente para fines meramente informativos, y que lo que cualquier usuario haga mas all...
In old-school, Apr 02, 2003
advisories
CVE-2007-0176: GForge Cross Site Scripting vulnerability
GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.
In advisories, Jan 10, 2007
CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...
In advisories, Dec 21, 2006
CVE-2006-5536: D-Link DSL-G624T several vulnerabilities
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...
In advisories, Oct 26, 2006
CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...
In advisories, Jul 31, 2006
reversing
IoT Reversing 101: Discovery
Before we delve into the world of reverse engineering, we need to discuss what engineering as a whole actually is.
In hw-hacking, iot-security, reversing, Mar 15, 2021
Pentesting iOS Apps with OSX and a Jailbroken device
Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...
In hacking, reversing, Apr 05, 2020
Dynamic win32 malware analysis on Linux
Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.
In reversing, Feb 24, 2019
Linux dynamic analysis with callgrind
Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...
In reversing, Jun 28, 2015
Inside HAVEX
We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...
In reversing, Jul 24, 2014
Projects
Neverwave: IDS/IPS like functionality in your browser with TLS inspection
During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...
In Projects, Jun 14, 2020
Drainware
Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...
In Projects, Jan 22, 2020
attribution.id: Lurking threat actors and targets with VT
Lurking threat actors and targets with VT
In Projects, Mar 28, 2019
Dinoflux
Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...
In entrepreneurship, Projects, Jul 01, 2018
Protocol Detector
ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...
In Projects, Sep 09, 2017
entrepreneurship
Dinoflux
Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...
In entrepreneurship, Projects, Jul 01, 2018
hw-hacking
Magspoof – Wirelessly Spoof Magnetic Stripereaders
MagSpoof is a device that can spoof or emulate any magnetic stripe or credit card and it can work wirelessly even on standard magstripe credit card readers by generating a strong elec...
In hw-hacking, iot-security, Mar 21, 2021
IoT Reversing 101: Discovery
Before we delve into the world of reverse engineering, we need to discuss what engineering as a whole actually is.
In hw-hacking, iot-security, reversing, Mar 15, 2021
OT Security at h-c0n 2020
Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...
In talks, hw-hacking, iot-security, Jan 31, 2020
UART access. Hardware Hacking with Bus Pirate
Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:
In hw-hacking, iot-security, Feb 17, 2019
STM32 debugging with ST-Link
In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...
In hw-hacking, iot-security, Jan 30, 2019
iot-security
Magspoof – Wirelessly Spoof Magnetic Stripereaders
MagSpoof is a device that can spoof or emulate any magnetic stripe or credit card and it can work wirelessly even on standard magstripe credit card readers by generating a strong elec...
In hw-hacking, iot-security, Mar 21, 2021
IoT Reversing 101: Discovery
Before we delve into the world of reverse engineering, we need to discuss what engineering as a whole actually is.
In hw-hacking, iot-security, reversing, Mar 15, 2021
OT Security at h-c0n 2020
Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...
In talks, hw-hacking, iot-security, Jan 31, 2020
UART access. Hardware Hacking with Bus Pirate
Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:
In hw-hacking, iot-security, Feb 17, 2019
STM32 debugging with ST-Link
In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...
In hw-hacking, iot-security, Jan 30, 2019
research
The Right Way to Publish a CVE
A CVE is a dictionary of publicly known cybersecurity vulnerabilities which is intended to uniquely identify and name publicly disclosed vulnerabilities pretraining to specific versio...
In research, Mar 17, 2021
The Amazing World of File Fuzzing
The world of File Fuzzing is filled with a truly spectacular display of testing. It is the latest shift in software injection and is worth anyone’s attention. But do you really know w...
In research, Mar 14, 2021
Modern Hash Cracking
When it comes to has-cracking, a hash-cracking program which works on an enormous database of hashes can guess many millions or billions of possible passwords automatically and compar...
In research, Aug 09, 2020
Klara: Private retrohunting platform
Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...
In intelligence, research, Apr 18, 2019
Real-time processing with Python
Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...
In research, devop, Feb 08, 2019
devop
Real-time processing with Python
Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...
In research, devop, Feb 08, 2019
intelligence
Klara: Private retrohunting platform
Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...
In intelligence, research, Apr 18, 2019
talks
OT Security at h-c0n 2020
Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...
In talks, hw-hacking, iot-security, Jan 31, 2020
hacking
Pentesting iOS Apps with OSX and a Jailbroken device
Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...
In hacking, reversing, Apr 05, 2020
sniffing
deDECTed – DECT Sniffing the Right Way
Before we begin this guide there is something important that needs to be discussed.Recording phone conversations without having consent from the user is highly illegal within the Unit...
In sniffing, Aug 09, 2020
reverse engineering
Firmware Reversing: FACT Core
Firmware analysis can be a tough challenge with a lot of tasks involved in its effective execution.Many of these tasks can be done automatically through new approaches or through the ...
In reverse engineering, Aug 09, 2020
electronic board
How to Design and Publish Electronic Boards – Everything You Need to Know
The Kitspace, formerly known as Kitnic, is a registry of open-source hardware electronic projects which are ready to order and build.This means that they could be described as thingiv...
In electronic board, Aug 09, 2020
RTL Bladerf
guides
The Ultimate Guide to JTAG
If you are interested in the hacking industry, chances are that you have come across JTAG.Chances are you have used it in the past to reflash some piece of hardware.But how exactly do...
In guides, Aug 09, 2020