Category Archives: Pentest

Book Review: PoC||GTFO

Yes, I’m back to blogging and doing a book review. I guess better late than never 🙂 This time I’m reviewing the holy hacker book: International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO, ISBN-13: 978-1-59327-880-9). The book sums … Continue reading

Posted in Books, Pentest, Privacy, Security, Technology | Tagged , , , , , | 2 Comments

Fristileaks 1.3 CTF Writeup

This vulnerable VM is a fun and simple CTF that can be downloaded from the awesome portal VulnHub. Note: For vmware you may need to set the MAC address to 08:00:27:A5:A6:76 to get it working. I did, see Fig 1. … Continue reading

Posted in Pentest, Security, Technology | Tagged , , , , , | Leave a comment

Cyber Intelligence Universe

In recent years all “cyber” is fashionable, and intelligence applied to the cyber world could not be less! The concept of intelligence has an offensive meaning due to the use by intelligence and military agencies, but now too many security … Continue reading

Posted in Pentest, Security, Technology, Threat Modeling | Tagged , , , , | Leave a comment

Heartbleed: pain, blood and code

All alarms went off last week when a serious security flaw called Heartbleed in the OpenSSL cryptographic library was published. This library is used by a large part of the servers on the Internet as well as much security software. … Continue reading

Posted in Pentest, Security, Technology | Tagged , , , | Leave a comment

Spaniards in the Black Hat ASIA

I’m back from Black Hat ASIA 2014 in Singapore, where I had the pleasure of giving a talk on the security of cross-platform mobile technologies for developing mobile apps. The last Black Hat ASIA was in 2008 and the last … Continue reading

Posted in Conference, Pentest, Technology | Tagged , , , , , , | Leave a comment

The need to evolve defensive security to offensive security

This morning I saw a job offer from Facebook looking for offensive security engineers and I thought it would be a wonderful opportunity to explore this idea and its application in corporate security. Traditionally information security in enterprises has a … Continue reading

Posted in Pentest, Security | Tagged , , , | 2 Comments

Enterprise Computer Security must CHANGE

Last week I had the pleasure of giving a talk entitled “Cyber Security: time for change” on my vision of corporate cyber security posture during an event organized by Page Personnel Spain (thanks for having me!), and I already advance … Continue reading

Posted in Pentest, Privacy, Security, Technology | Tagged , , , , , | Leave a comment

AppSecUSA & BinSecSweeper Talk

Last week the OWASP AppSecUSA 2013 conference was held in the legendary New York City , where I had the pleasure of giving a talk on security software development title “Verify Your Software for Security Bugs” and present my new … Continue reading

Posted in Conference, Pentest, Security, Technology | Tagged , , , , , , , | Leave a comment

Book Review: iOS Hacker’s Handbook

I have been wanting to read this book for a long time, finally I managed to make time and I have to admit that it has exceeded my expectations. This magnificent work written by reputed experts in iOS, one of … Continue reading

Posted in Books, Pentest, Security, Technology | Tagged , , , , , , , , | Leave a comment

AppSec: Myths about Obfuscation and Reversing Python

Python is an easy and powerful programming language that allows us to write sophisticated programs: Dropbox and BitTorrent are excellent examples. It is common that Python programs are delivered in source code, but in some cases different techniques like obfuscation … Continue reading

Posted in Pentest, Privacy, Security, Technology | Tagged , , , , , | 13 Comments