Tags

telefonia

Telefonia

```

In old-school, Jun 01, 2002

redes

seguridad

wap

Hacking WAP

```Resulta que para empezar a trabajar de forma cómoda en entornos móvilesen una red inalámbrica es necesario tener identificados a los clientes. Es más,cuando hay que facturarles ser...

In old-school, Apr 02, 2003

El TM+MM

Antes de empezar el artículo en sí creo que debo advertir que la información aquí contenida es solamente para fines meramente informativos, y que lo que cualquier usuario haga mas all...

In old-school, Apr 02, 2003

moviles

Biblia del TSM

El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...

In old-school, Jun 01, 2004

Hacking WAP

```Resulta que para empezar a trabajar de forma cómoda en entornos móvilesen una red inalámbrica es necesario tener identificados a los clientes. Es más,cuando hay que facturarles ser...

In old-school, Apr 02, 2003

El TM+MM

Antes de empezar el artículo en sí creo que debo advertir que la información aquí contenida es solamente para fines meramente informativos, y que lo que cualquier usuario haga mas all...

In old-school, Apr 02, 2003

hacking

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

Biblia del TSM

El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...

In old-school, Jun 01, 2004

Hacking WAP

```Resulta que para empezar a trabajar de forma cómoda en entornos móvilesen una red inalámbrica es necesario tener identificados a los clientes. Es más,cuando hay que facturarles ser...

In old-school, Apr 02, 2003

El TM+MM

Antes de empezar el artículo en sí creo que debo advertir que la información aquí contenida es solamente para fines meramente informativos, y que lo que cualquier usuario haga mas all...

In old-school, Apr 02, 2003

tsm

Biblia del TSM

El año 2003 salió al mercado el móvil TSM30 de Vitelcom un móvil con muchas prestaciones desarrollado por una empresa española a un precio muy razonable. Antes del TSM30 habían salido...

In old-school, Jun 01, 2004

Prestige

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

xss

CVE-2007-0176: GForge Cross Site Scripting vulnerability

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.

In advisories, Jan 10, 2007

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

Zyxel

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

CVE-2007-0176: GForge Cross Site Scripting vulnerability

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.

In advisories, Jan 10, 2007

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbi...

In advisories, Jul 31, 2006

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

directory listing

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

directory transversal

CVE-2006-5536: D-Link DSL-G624T several vulnerabilities

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getp...

In advisories, Oct 26, 2006

asp.net

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

disclosure

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

mono

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

xsp

CVE-2006-6104: Mono XSP ASP.NET Server sourcecode disclosure

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending...

In advisories, Dec 21, 2006

gforge

CVE-2007-0176: GForge Cross Site Scripting vulnerability

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross site scripting.

In advisories, Jan 10, 2007

havex

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

malware

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

SCADA

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

ICS

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

OT

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

OPC

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

reversing

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

Inside HAVEX

We have analyzed a sample of Havex and from there, we have prepared a report of behavior. Throughout the report you will find all the details of operation we have located from our ana...

In reversing, Jul 24, 2014

callgrind

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

dynamic

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

elf

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

execution

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

kcachegrind

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

linux

Linux dynamic analysis with callgrind

Sometimes I am fond of trying new tools even I have already a toolkit, just for having fun. In this case, I researched about valgrind suite, in particular callgrind. Callgrind is a pr...

In reversing, Jun 28, 2015

network

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

protocol

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

tools

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

yara

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

Protocol Detector

ProtocolDetector is am open source python library I developed for Dinoflux. This library aims to provide an easy-to-use mechanism to integrate protocol detection capabilities into you...

In Projects, Sep 09, 2017

ioc

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

snort

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

stix

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

suricata

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

taxii

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

threat intelligence

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

tip

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

sticky

Dinoflux

Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product spe...

In entrepreneurship, Projects, Jul 01, 2018

STM32 debugging with ST-Link

In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...

In hw-hacking, iot-security, Jan 30, 2019

STM32

STM32 debugging with ST-Link

In this article I wil explain how can we program, debug and dump a firmware from STM32 boards. For this, we will need a st-link v2 programmer. The first step is to download the datash...

In hw-hacking, iot-security, Jan 30, 2019

cloud

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

Real-time processing with Python

Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...

In research, devop, Feb 08, 2019

python

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

Real-time processing with Python

Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...

In research, devop, Feb 08, 2019

real-time

Real-time processing with Python

Sometimes we need to process tons of data, but scaling application is not easy, above all in python. That’s why I started researching about real-time data processing and I found out A...

In research, devop, Feb 08, 2019

bus pirate

UART access. Hardware Hacking with Bus Pirate

Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:

In hw-hacking, iot-security, Feb 17, 2019

UART

UART access. Hardware Hacking with Bus Pirate

Bus Pirate is a flexible tool for hardware hacking that enables a universal bus interface that talks to most chips. It supports several protocols:

In hw-hacking, iot-security, Feb 17, 2019

gdb

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

r2pipe

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

radare2

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

windows

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

wine

Dynamic win32 malware analysis on Linux

Sometimes we don’t have a Windows machine for analyzing a malware sample. If the sample is very simple and is not interacting much with the operating system, we can use Linux.

In reversing, Feb 24, 2019

klara

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

retrohunt

Klara: Private retrohunting platform

Let’s talk about malware hunting. Sometimes you may find an interesting malware sample, and after reversing it you realize that the binary has characteristics that make it unique like...

In intelligence, research, Apr 18, 2019

data loss prevention

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

dlp

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

drivers

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

endpoint

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

open source

Drainware

Between 2011 and 2014 we developed a Cloud Platform with DLP capabilities, now in 2020 it is Open Source. It was a very cool technology at that time, we used mongo, redis, rabbitmq, ...

In Projects, Jan 22, 2020

industrial

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

PLC

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

security

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

OT Security at h-c0n 2020

Over the last few years OT devices have been increasingly exposed to the internet, IoT devices have progressively approached the industry and this has caused us to face different chal...

In talks, hw-hacking, iot-security, Jan 31, 2020

assessment

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

ios

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

mobile

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

pentest

Pentesting iOS Apps with OSX and a Jailbroken device

Today we will explain how to perform a basic security assessment on an iOS Application using Mac. For this assessment it is mandatory your IOS device is jailbroken. I assume you have ...

In hacking, reversing, Apr 05, 2020

ips

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

ids

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

browser

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

tls

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

exploitkit

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

chrome

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020

chromium

Neverwave: IDS/IPS like functionality in your browser with TLS inspection

During the last years IDS/IPS technology has helped to detect malicious activity not only in the server side but also in the clients side. Actually, we experience an increasing volume...

In Projects, Jun 14, 2020