If you have been working in the IT security industry, you have probably heard CISOs (Chief Information Security Officers) complain about how companies fail at improving their security and pentesters complain about how their findings are ignored by companies. Whilst there is clearly no one-size fits-all solution to such problems, in this post I will […]
Continue readingHow Gentoo has influenced my approach to issue reporting
As some of you may know I have been a Gentoo user for many years. Although you can create and use binary caches, in Gentoo the primary way of installing software packages is by compiling them at the spot. In this post I will try to explain some of the advantages of this and how […]
Continue readingA way to improve control flow security on existing ISAs
I have though of a reasonably simple way to improve control flow security with an already existing ISA. I’m noting it down for my own future reference.
Continue reading“Lo acepto” y “Me da igual” como objetivos de integración social
Supongo que si vas por la calle no te fijarás en detalles como la separación entre los ojos o el tamaño de la nariz de la persona que te acabas de cruzar. Sin embargo, si que te fijarás en cosas como un cierto estrabismo, una mano faltante, o incluso su acento al hablar, su sexo […]
Continue readingBack to the past
You might notice I have “updated” the theme (or better said, recovered my old one). I had to go around and recover the old settings from a mix of old web server logs and old backups but I think I got it to look as it used to. I obviously don’t care if you like […]
Continue readingChallenge writer Write Up: Security Fest 2018 CTF challs
Hi! In this post I will note down my procedure for coming up with the challenges for SecurityFest CTF. The idea is explaining my side of the creative process in the hope that it can be useful to other people organizing CTFs. I will finish sharing some personal experience on the other stages of the […]
Continue readingDescifrando las bases de datos del referéndum catalán
A través del enlace de un amigo he acabado en una página dónde se muestra a los votantes del referéndum catalán la ubicación de la urna dónde se debe votar. Como de costumbre, me ha podido la curiosidad y me he puesto a analizar como funcionaba el sistema. La verdad es que usan un sistema […]
Continue readingUsing secure pseudonymous identifiers to protect identification numbers
By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I […]
Continue readingLexNET no es un sistema cerrado
A estas alturas, seguramente hayáis leído el tweet del Excelentísimo Señor Rafael Català Polo. En caso de no haber podido hacerlo, os lo cito aquí: #LexNET es un sistema cerrado y seguro.Si se utiliza d forma legal y ética es imposible acceder a información ajena al usuario @Congreso_Es En este post vamos a hablar de […]
Continue readingProtegido: Private notes on trying to crack notpetya’s cipher
No hay extracto porque es una entrada protegida.
Continue reading