Claudio SalazarPentester’s tricks: Local privilege escalation in OpenVASIt’s not a common scenario but if during a pentesting you get access to some machine with a user that has sudo rights to execute openvas…6 min read·Mar 25, 2021----
Claudio SalazarinThe StartupBest Practices to Mitigate JSON Interoperability Vulnerabilities“An Exploration of JSON Interoperability Vulnerabilities” by Jake Miller was published last week. It’s an interesting research about…7 min read·Mar 1, 2021--1--1
Claudio SalazarinITNEXTAnother variant to compromise frontend developers by malicious packagesSome days ago I was watching 10 Things I Regret About Node.js and the introduction to Deno started with this slide about security.7 min read·Feb 14, 2021----
Claudio SalazarinThe StartupDon’t Scan My Website I: Exploiting an Old Version of WappalyzerDisclaimer: I discovered this vulnerability in February and it was fixed in May 2020 (version 5.10.2 and new branch 6.x) due to the change…6 min read·Dec 1, 2020----
Claudio Salazarinalertot“Web scraping considered dangerous”: Leaking files from the spider’s hostThis is the next post of this serie called “Web scraping considered dangerous”. You can read the previous post here and as an update, my…6 min read·Jul 15, 2019----
Claudio Salazarinalertot“Web scraping considered dangerous”: Exploiting the telnet service in scrapy < 1.5.2Disclaimer: scrapy 1.5.2 has been released on January 22th, to avoid being exploited you must disable telnet console (enabled by default)…8 min read·May 14, 2019--1--1
Claudio SalazarinspectExploiting the scraperOriginally it was published here: https://spect.cl/blog/2014/08/exploiting-the-scraper/4 min read·Apr 26, 2019----
Claudio SalazarinalertotUn buffer overflow para gobernar ChileEl año pasado hubo en Chile una charla titulada “Chile Exposed: un puerto para gobernarlos a todos” haciendo referencia al anillo del…16 min read·Apr 15, 2019--2--2
Claudio SalazarinalertotUn sigiloso ataque en SII.cl[This post is only available in Spanish because the target audience is in Chile]7 min read·Feb 6, 2019----
Claudio SalazarinalertotMetasploit Community CTF 2018 writeupThis weekend we participated in Metasploit Community CTF and got the 12th place out of 1000 registered teams (but according to organizers…5 min read·Dec 4, 2018----