Pentester’s tricks: Local privilege escalation in OpenVASIt’s not a common scenario but if during a pentesting you get access to some machine with a user that has sudo rights to execute openvas…Mar 25, 2021Mar 25, 2021
Published inThe StartupBest Practices to Mitigate JSON Interoperability Vulnerabilities“An Exploration of JSON Interoperability Vulnerabilities” by Jake Miller was published last week. It’s an interesting research about…Mar 1, 20211Mar 1, 20211
Published inITNEXTAnother variant to compromise frontend developers by malicious packagesSome days ago I was watching 10 Things I Regret About Node.js and the introduction to Deno started with this slide about security.Feb 14, 2021Feb 14, 2021
Published inThe StartupDon’t Scan My Website I: Exploiting an Old Version of WappalyzerDisclaimer: I discovered this vulnerability in February and it was fixed in May 2020 (version 5.10.2 and new branch 6.x) due to the change…Dec 1, 2020Dec 1, 2020
Published inalertot“Web scraping considered dangerous”: Leaking files from the spider’s hostThis is the next post of this serie called “Web scraping considered dangerous”. You can read the previous post here and as an update, my…Jul 15, 2019Jul 15, 2019
Published inalertot“Web scraping considered dangerous”: Exploiting the telnet service in scrapy < 1.5.2Disclaimer: scrapy 1.5.2 has been released on January 22th, to avoid being exploited you must disable telnet console (enabled by default)…May 14, 20191May 14, 20191
Published inspectExploiting the scraperOriginally it was published here: https://spect.cl/blog/2014/08/exploiting-the-scraper/Apr 26, 2019Apr 26, 2019
Published inalertotUn buffer overflow para gobernar ChileEl año pasado hubo en Chile una charla titulada “Chile Exposed: un puerto para gobernarlos a todos” haciendo referencia al anillo del…Apr 15, 20192Apr 15, 20192
Published inalertotUn sigiloso ataque en SII.cl[This post is only available in Spanish because the target audience is in Chile]Feb 6, 2019Feb 6, 2019
Published inalertotMetasploit Community CTF 2018 writeupThis weekend we participated in Metasploit Community CTF and got the 12th place out of 1000 registered teams (but according to organizers…Dec 4, 2018Dec 4, 2018