You might notice I have “updated” the theme (or better said, recovered my old one). I had to go around and recover the old settings from a mix of old web server logs and old backups but I think I got it to look as it used to. I obviously don’t care if you like […]
Continue readingChallenge writer Write Up: Security Fest 2018 CTF challs
Hi! In this post I will note down my procedure for coming up with the challenges for SecurityFest CTF. The idea is explaining my side of the creative process in the hope that it can be useful to other people organizing CTFs. I will finish sharing some personal experience on the other stages of the […]
Continue readingDescifrando las bases de datos del referéndum catalán
A través del enlace de un amigo he acabado en una página dónde se muestra a los votantes del referéndum catalán la ubicación de la urna dónde se debe votar. Como de costumbre, me ha podido la curiosidad y me he puesto a analizar como funcionaba el sistema. La verdad es que usan un sistema […]
Continue readingUsing secure pseudonymous identifiers to protect identification numbers
By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I […]
Continue readingLexNET no es un sistema cerrado
A estas alturas, seguramente hayáis leído el tweet del Excelentísimo Señor Rafael Català Polo. En caso de no haber podido hacerlo, os lo cito aquí: #LexNET es un sistema cerrado y seguro.Si se utiliza d forma legal y ética es imposible acceder a información ajena al usuario @Congreso_Es En este post vamos a hablar de […]
Continue readingProtegido: Private notes on trying to crack notpetya’s cipher
No hay extracto porque es una entrada protegida.
Continue readingSHA-1 is publicly collided, now what?
Unless you have been under a rock you should have heard about the first public sha-1 collisions. If not, go to the page describing the collision and enjoy. In this blogpost I’ll try to explain what this actually entails for most practical purposes.
Continue readingSecurityFest CTF writeup
This time I was participating with no time and no team so not much that can be done, but at least you get a short writeup.
Continue readingCryptanalyzing Petya
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use […]
Continue readingHacking is about knowledge (and only knowledge)
This blog post has been motivated after a series of attempts to cause harm to others under different costumes in hacking environments. It aims to explain why this is a bad thing for hacking communities as a whole and what can be expected from me and which are my expectations when acting in such environments.
Continue reading