Archivos del blog

Remote Code Execution in framework

Several months ago I happened to be looking at‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of, the database module is pretty simple and

Tagged with: , , , ,
Publicado en hacking, Programming, web hacking

How Effective is ASLR on Linux Systems?

Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the

Tagged with: , , ,
Publicado en exploiting, hacking, Linux

XSS killed the anti-CSRF star

This entry hopes to be a quick consideration about how one attack vector can at times dismantle the security of a different area of the application that was otherwise deemed secure. Truth is, security threats many times work like this,

Tagged with: , , ,
Publicado en web hacking

Calling Conventions Hunting

When trying to understand a binary, it’s key to be able to identify functions, and with them, their parameters and local variables. This will help the reverser figuring out APIs, data structures, etc. In short, gaining a deep understanding of

Tagged with: , ,
Publicado en Programming, Reverse

SANS HolidayHack Write Up

During this Christmas break, although I went back to Spain to stay with family and friends I still was able to get some time to look at the SANS HolidayHack 2012 CTF. I must say it has been great fun,

Tagged with: , , ,
Publicado en CTF, hacking, wargame

A very light introduction to packers

It’s been a long time since I’ve been thinking of writing some posts about packers/crypters/protectors. I’m not sure how many I’ll write; it will probably depend on the interest of the audience. What I do know, is that I’ll try

Tagged with: , , , , ,
Publicado en cracking, Reverse

FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass)

Last week I saw this vulnerability disclosed in PacketStorm and I decided to create my own exploits; yeah, boredom is a powerful motivation. Original published exploit wouldn’t work for my system, maybe because it was designed for the German language.

Tagged with: , , , ,
Publicado en exploiting, seguridad, Windows

Achievement Unlocked: SANS GIAC GXPN

El viernes pasado me acerqué a Dublín para realizar el examen de la certificación GIAC GXPN: Exploit Researcher and Advanced Penetration Tester. El examen fue más que bien (90,67%), así que estoy muy contento. A diferencia del centro anterior, ésta

Tagged with: , , ,
Publicado en General, seguridad

Solución Nebula Nivel 18

Como nos indican en las instrucciones de este nivel, existen tres formas de solucionarlo: fácil, media y difícil. Voy a contar cuales son y cómo resolverlo a través de una de ellas. Difícil: Si os fijáis con detenimiento, veréis que

Tagged with: , , , ,
Publicado en exploiting, hacking

Soluciones Nebula Niveles 17,19

Nivel 17: Tenemos un pequeño programa en python que acepta una entrada y la procesa. He de admitir que a priori no tenía ni idea de por dónde coger este programa, así que me fui a mirar la documentación de

Tagged with: , , , ,
Publicado en exploiting, hacking