Today I have decided to destroy Louis Armstrong’s famous “what a wonderful” world with a version that describes more accurately the world in which we live: I see misquotes, fake news too, I see them harm, and go against you, And I think to myself what a pitiful world. I see vague words, lies of […]
Continue readingWeaponizing squirrels (or why I can’t recommend SQRL)
After seeing Steve Gibson’s talk about SQRL today it just occured to me how easy it would be to weaponize SQRL to effectively attain permanency on systems. Below I’ll present a few attack scenarios that can give an idea of some of the vulnerabilities of the system that make me uncomfortable.
Continue readingSecurity Fest CTF *-bit challenges, organizer writeup
I wrote the 128-bit, 512-bit and 1024-bit challenges for the Security Fest CTF, this year’s topic was Swordfish so the challenges follow the idea of the quotes being used in the movie regarding 128-bit, 512-bit and 1024-bit ciphers. Sadly, neither of the challenges were solved despite my best attempts. In this post I’ll explain how […]
Continue readingAssured MQTT challenge write-up
In this write-up I’ll cover my solution to Assured’s MQTT challenge, I’ll also explain what their intended solution was.
Continue readingPaF||STFU
If you have been working in the IT security industry, you have probably heard CISOs (Chief Information Security Officers) complain about how companies fail at improving their security and pentesters complain about how their findings are ignored by companies. Whilst there is clearly no one-size fits-all solution to such problems, in this post I will […]
Continue readingHow Gentoo has influenced my approach to issue reporting
As some of you may know I have been a Gentoo user for many years. Although you can create and use binary caches, in Gentoo the primary way of installing software packages is by compiling them at the spot. In this post I will try to explain some of the advantages of this and how […]
Continue readingA way to improve control flow security on existing ISAs
I have though of a reasonably simple way to improve control flow security with an already existing ISA. I’m noting it down for my own future reference.
Continue reading“Lo acepto” y “Me da igual” como objetivos de integración social
Supongo que si vas por la calle no te fijarás en detalles como la separación entre los ojos o el tamaño de la nariz de la persona que te acabas de cruzar. Sin embargo, si que te fijarás en cosas como un cierto estrabismo, una mano faltante, o incluso su acento al hablar, su sexo […]
Continue readingBack to the past
You might notice I have “updated” the theme (or better said, recovered my old one). I had to go around and recover the old settings from a mix of old web server logs and old backups but I think I got it to look as it used to. I obviously don’t care if you like […]
Continue readingChallenge writer Write Up: Security Fest 2018 CTF challs
Hi! In this post I will note down my procedure for coming up with the challenges for SecurityFest CTF. The idea is explaining my side of the creative process in the hope that it can be useful to other people organizing CTFs. I will finish sharing some personal experience on the other stages of the […]
Continue reading