Hi! In this post I will note down my procedure for coming up with the challenges for SecurityFest CTF. The idea is explaining my side of the creative process in the hope that it can be useful to other people organizing CTFs. I will finish sharing some personal experience on the other stages of the […]
Continue readingDescifrando las bases de datos del referéndum catalán
A través del enlace de un amigo he acabado en una página dónde se muestra a los votantes del referéndum catalán la ubicación de la urna dónde se debe votar. Como de costumbre, me ha podido la curiosidad y me he puesto a analizar como funcionaba el sistema. La verdad es que usan un sistema […]
Continue readingUsing secure pseudonymous identifiers to protect identification numbers
By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I […]
Continue readingLexNET no es un sistema cerrado
A estas alturas, seguramente hayáis leído el tweet del Excelentísimo Señor Rafael Català Polo. En caso de no haber podido hacerlo, os lo cito aquí: #LexNET es un sistema cerrado y seguro.Si se utiliza d forma legal y ética es imposible acceder a información ajena al usuario @Congreso_Es En este post vamos a hablar de […]
Continue readingProtegido: Private notes on trying to crack notpetya’s cipher
No hay extracto porque es una entrada protegida.
Continue readingSHA-1 is publicly collided, now what?
Unless you have been under a rock you should have heard about the first public sha-1 collisions. If not, go to the page describing the collision and enjoy. In this blogpost I’ll try to explain what this actually entails for most practical purposes.
Continue readingSecurityFest CTF writeup
This time I was participating with no time and no team so not much that can be done, but at least you get a short writeup.
Continue readingCryptanalyzing Petya
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use […]
Continue readingHacking is about knowledge (and only knowledge)
This blog post has been motivated after a series of attempts to cause harm to others under different costumes in hacking environments. It aims to explain why this is a bad thing for hacking communities as a whole and what can be expected from me and which are my expectations when acting in such environments.
Continue readingEvitando que te roben los cybers con cybers: La Nueve de Anonymous y El Corte Inglés
En este artículo voy a explicar cuales son las diferentes herramientas que podrían haber hecho más difícil o incluso evitado el ataque que las personas tras La Nueve de Anonymous hicieron contra El Corte Inglés y que tenéis explicado en su tumblr. Los de La Nueve de Anonymous me han comentado sin embargo que lo […]
Continue reading