Inicio Ver todas las entradas de Adrián
Archivos del blog

Remote Code Execution in Web.py framework

Posted on 08/11/2014 by Adrián Deja un comentario

Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and

Read more ›

Tagged with: , , , ,
Publicado en hacking, Programming, web hacking

How Effective is ASLR on Linux Systems?

Posted on 03/02/2013 by Adrián 5 comentarios

Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the

Read more ›

Tagged with: , , ,
Publicado en exploiting, hacking, Linux

XSS killed the anti-CSRF star

Posted on 23/01/2013 by Adrián Deja un comentario

This entry hopes to be a quick consideration about how one attack vector can at times dismantle the security of a different area of the application that was otherwise deemed secure. Truth is, security threats many times work like this,

Read more ›

Tagged with: , , ,
Publicado en web hacking

Calling Conventions Hunting

Posted on 20/01/2013 by Adrián Deja un comentario

When trying to understand a binary, it’s key to be able to identify functions, and with them, their parameters and local variables. This will help the reverser figuring out APIs, data structures, etc. In short, gaining a deep understanding of

Read more ›

Tagged with: , ,
Publicado en Programming, Reverse

SANS HolidayHack Write Up

Posted on 10/01/2013 by Adrián Deja un comentario

During this Christmas break, although I went back to Spain to stay with family and friends I still was able to get some time to look at the SANS HolidayHack 2012 CTF. I must say it has been great fun,

Read more ›

Tagged with: , , ,
Publicado en CTF, hacking, wargame

A very light introduction to packers

Posted on 03/12/2012 by Adrián 4 comentarios

It’s been a long time since I’ve been thinking of writing some posts about packers/crypters/protectors. I’m not sure how many I’ll write; it will probably depend on the interest of the audience. What I do know, is that I’ll try

Read more ›

Tagged with: , , , , ,
Publicado en cracking, Reverse

FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass)

Posted on 25/11/2012 by Adrián Deja un comentario

Last week I saw this vulnerability disclosed in PacketStorm and I decided to create my own exploits; yeah, boredom is a powerful motivation. Original published exploit wouldn’t work for my system, maybe because it was designed for the German language.

Read more ›

Tagged with: , , , ,
Publicado en exploiting, seguridad, Windows
Archive
Me@twitter
  • RT @LiveOverflow: HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! A video looking at the underlaying issue of a universal XSS in Chrome on iO… 1 day ago
  • RT @PedroWeb_: España ya es el país donde más caro es alquilar una vivienda de todo el mundo desarrollado https://t.co/rfOnRIQWSl 1 month ago
  • RT @olemoudi: Got to read this recent paper on CORS misconfigurations on my way home. Interesting quirks inside you probably were not aware… 1 month ago
  • RT @alviair: @amazon os recomiendo no contratar el reparto con @SEUR.Llevo desde el 21 d agosto esperando un paquete enviado con AmazonPrim… 1 month ago