Inicio Ver todas las entradas de Adrián
Archivos del blog

Remote Code Execution in Web.py framework

Posted on 08/11/2014 by Adrián Deja un comentario

Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and

Read more ›

Tagged with: , , , ,
Publicado en hacking, Programming, web hacking

How Effective is ASLR on Linux Systems?

Posted on 03/02/2013 by Adrián 7 comentarios

Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the

Read more ›

Tagged with: , , ,
Publicado en exploiting, hacking, Linux

XSS killed the anti-CSRF star

Posted on 23/01/2013 by Adrián Deja un comentario

This entry hopes to be a quick consideration about how one attack vector can at times dismantle the security of a different area of the application that was otherwise deemed secure. Truth is, security threats many times work like this,

Read more ›

Tagged with: , , ,
Publicado en web hacking

Calling Conventions Hunting

Posted on 20/01/2013 by Adrián Deja un comentario

When trying to understand a binary, it’s key to be able to identify functions, and with them, their parameters and local variables. This will help the reverser figuring out APIs, data structures, etc. In short, gaining a deep understanding of

Read more ›

Tagged with: , ,
Publicado en Programming, Reverse

SANS HolidayHack Write Up

Posted on 10/01/2013 by Adrián Deja un comentario

During this Christmas break, although I went back to Spain to stay with family and friends I still was able to get some time to look at the SANS HolidayHack 2012 CTF. I must say it has been great fun,

Read more ›

Tagged with: , , ,
Publicado en CTF, hacking, wargame

A very light introduction to packers

Posted on 03/12/2012 by Adrián 4 comentarios

It’s been a long time since I’ve been thinking of writing some posts about packers/crypters/protectors. I’m not sure how many I’ll write; it will probably depend on the interest of the audience. What I do know, is that I’ll try

Read more ›

Tagged with: , , , , ,
Publicado en cracking, Reverse

FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass)

Posted on 25/11/2012 by Adrián Deja un comentario

Last week I saw this vulnerability disclosed in PacketStorm and I decided to create my own exploits; yeah, boredom is a powerful motivation. Original published exploit wouldn’t work for my system, maybe because it was designed for the German language.

Read more ›

Tagged with: , , , ,
Publicado en exploiting, seguridad, Windows

Achievement Unlocked: SANS GIAC GXPN

Posted on 12/11/2012 by Adrián Deja un comentario

El viernes pasado me acerqué a Dublín para realizar el examen de la certificación GIAC GXPN: Exploit Researcher and Advanced Penetration Tester. El examen fue más que bien (90,67%), así que estoy muy contento. A diferencia del centro anterior, ésta

Read more ›

Tagged with: , , ,
Publicado en General, seguridad

Solución Nebula Nivel 18

Posted on 13/08/2012 by Adrián Deja un comentario

Como nos indican en las instrucciones de este nivel, existen tres formas de solucionarlo: fácil, media y difícil. Voy a contar cuales son y cómo resolverlo a través de una de ellas. Difícil: Si os fijáis con detenimiento, veréis que

Read more ›

Tagged with: , , , ,
Publicado en exploiting, hacking

Soluciones Nebula Niveles 17,19

Posted on 10/08/2012 by Adrián Deja un comentario

Nivel 17: Tenemos un pequeño programa en python que acepta una entrada y la procesa. He de admitir que a priori no tenía ni idea de por dónde coger este programa, así que me fui a mirar la documentación de

Read more ›

Tagged with: , , , ,
Publicado en exploiting, hacking
Archive
Me@twitter