All Stories

STM32 debugging with ST-Link

In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...

In hw-hacking, iot-security, Jan 30, 2019


Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

CVE-2007-0176: GForge Cross Site Scripting vulnerability

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.

In advisories, Jan 10, 2007

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

Biblia del TSM

El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...

In old-school, Jun 01, 2004