February has been both very interesting and busy! On February 17th I had the pleasure of collecting the first award of VULNEX by Spanish security magazine Red Seguridad for IT Innovation for our collaboration with DARPA (Defense Advanced Research Projects Agency of the Department of Defense, USA) which produced BinSecSweeper, a technology that allows us to verify the security posture of any binary.
You can find a great chronicle of the event here and below . . . → Read More: VULNEX Award and RSA USA speaker experience!
Last week I had the pleasure of giving a talk entitled “Cyber Security: time for change” on my vision of corporate cyber security posture during an event organized by Page Personnel Spain (thanks for having me!), and I already advance that a change is much needed to combat the constant threats on the Internet.
The talk began with a description of the different attacker profiles from casual attackers, employees, hacktivists and cybercrime to Nation-State attackers . . . → Read More: Enterprise Computer Security must CHANGE
Last week the OWASP AppSecUSA 2013 conference was held in the legendary New York City , where I had the pleasure of giving a talk on security software development title “Verify Your Software for Security Bugs” and present my new project BinSecSweeper, a technology that allows you to verify the security posture of any binary on different platforms.
The development of BinSecSweeper was possible thanks to an R&D grant from the DARPA Cyber Fast Track . . . → Read More: AppSecUSA & BinSecSweeper Talk
I have been wanting to read this book for a long time, finally I managed to make time and I have to admit that it has exceeded my expectations. This magnificent work written by reputed experts in iOS, one of the top mobile platforms, on mobile security such as Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philip Weinmann reveals the secrets of Apple mobile operating system.
iOS Hacker’s Handbook (ISBN: 978-1-118-20412-2) is . . . → Read More: Book Review: iOS Hacker’s Handbook
Python is an easy and powerful programming language that allows us to write sophisticated programs: Dropbox and BitTorrent are excellent examples. It is common that Python programs are delivered in source code, but in some cases different techniques like obfuscation and compilation are applied to protect the code from curious eyes. But do these techniques really work?
In this article we will see some tools that supposedly help us to protect our code and how . . . → Read More: AppSec: Myths about Obfuscation and Reversing Python
While reading the book synopsis, we realize that this is not the typical book of how to succeed in business. Written by Louis Ferrante, former mobster of the Gambino family and converted writer, compare us the structure of the mafia and its peculiar style of doing business for success in the business world.
Mob Rules: What the Mafia Can Teach the Legitimate Businessman (ISBN: 978-1591843986) is a different and easy to read book that describes . . . → Read More: Book Review: Mob Rules. What the Mafia Can Teach the Legitimate Businessman
Yesterday, July 17th, I taught a free workshop about the OWASP Top Ten 2013 which was published recently that describes the 10 most common vulnerabilities in Web applications. This free workshop is a collaboration between the Catedral de Innovación of the City Council of Madrid, Spain and VULNEX to raise awareness about cyber security.
You can download the presentation from VULNEX website.
If you develop web applications, this document is for you!
Here I leave . . . → Read More: OWASP Top Ten 2013 free workshop
The security landscape changed in August 2011 at the Black Hat Conference when the legendary hacker of the L0pht Peiter “Mudge” Zatko presented the new program Cyber Fast Track (CFT) (DARPA-PA-11-52) from DARPA (Defense Advanced Research Projects Agency of the United States Department of Defense) to finance R&D projects by hackers and SMEs. Detailed information about the program is available on DARPA CFT website (currently offline). DARPA CFT
The idea is simple, times have changed . . . → Read More: A Spanish startup selected by the DARPA Cyber Fast Track (CFT)
In the last weeks the news related to PRISM has not stopped since leaked by Edward Snowden, who worked for Booz Allen Hamilton, a defense contractor for the NSA.
One interesting outcome of these leaks is the NSA access to 0Day vulnerabilities on Microsoft products and who knows if other big companies as well (Google, Apple, Adobe, etc.) under the cooperation programs Microsoft Active Protections program (MAPPS) and the Security Cooperation Program (SCP). The first . . . → Read More: What’s the point of reporting 0day?