Open in app

Sign In

Write

Sign In

Claudio Salazar
Claudio Salazar

201 Followers

Home

About

Mar 25, 2021

Pentester’s tricks: Local privilege escalation in OpenVAS

It’s not a common scenario but if during a pentesting you get access to some machine with a user that has sudo rights to execute openvas, you could escalate privileges to get root! In this post I’m going to describe some OpenVAS workflows and then dive into this particular local…

Security

6 min read

Pentester’s tricks: Local privilege escalation in OpenVAS
Pentester’s tricks: Local privilege escalation in OpenVAS
Security

6 min read


Published in The Startup

·Mar 1, 2021

Best Practices to Mitigate JSON Interoperability Vulnerabilities

“An Exploration of JSON Interoperability Vulnerabilities” by Jake Miller was published last week. It’s an interesting research about differences among JSON libraries that could lead to logic bugs and puts this kind of vulnerability into the map when you do threat analysis. In this post I’ll analyze the examples from…

Security

7 min read

Best Practices to Mitigate JSON Interoperability Vulnerabilities
Best Practices to Mitigate JSON Interoperability Vulnerabilities
Security

7 min read


Published in ITNEXT

·Feb 14, 2021

Another variant to compromise frontend developers by malicious packages

Some days ago I was watching 10 Things I Regret About Node.js and the introduction to Deno started with this slide about security. By default a script should run without any network or file system write access It makes sense and specially for the frontend realm where most of the…

Security

7 min read

Another variant to compromise frontend developers by malicious packages
Another variant to compromise frontend developers by malicious packages
Security

7 min read


Published in The Startup

·Dec 1, 2020

Don’t Scan My Website I: Exploiting an Old Version of Wappalyzer

Disclaimer: I discovered this vulnerability in February and it was fixed in May 2020 (version 5.10.2 and new branch 6.x) due to the change of the web driver from Zombie.js to puppeteer. Initial research was done as part of my work at Dreamlab Technologies. At work I had to vet…

Security

6 min read

Don’t Scan My Website I: Exploiting an Old Version of Wappalyzer
Don’t Scan My Website I: Exploiting an Old Version of Wappalyzer
Security

6 min read


Published in alertot

·Jul 15, 2019

“Web scraping considered dangerous”: Leaking files from the spider’s host

This is the next post of this serie called “Web scraping considered dangerous”. You can read the previous post here and as an update, my pull request fixing FormRequest.from_response behaviour was merged! This post is again based on scrapy (version 1.6.0) and I’ll show two techniques to leak files from…

Scrapy

6 min read

Scrapy

6 min read


Published in alertot

·May 14, 2019

“Web scraping considered dangerous”: Exploiting the telnet service in scrapy < 1.5.2

Disclaimer: scrapy 1.5.2 has been released on January 22th, to avoid being exploited you must disable telnet console (enabled by default) or upgrade up to 1.5.2 at least. This year the focus of our research will be security in web scraping frameworks. Why? Because it’s important for us. As a…

Scrapy

8 min read

Scrapy

8 min read


Published in spect

·Apr 26, 2019

Exploiting the scraper

I’ve made some changes for clarity purposes. Originally it was published in 2014: https://spect.cl/blog/2014/08/exploiting-the-scraper/ As some of you have noticed, the post frequency has been low in last years because I’ve been happily working full-time for more than two years at Scrapinghub, the company behind the popular scrapy framework. …

Scrapy

4 min read

Scrapy

4 min read


Published in alertot

·Apr 15, 2019

Un buffer overflow para gobernar Chile

El año pasado hubo en Chile una charla titulada “Chile Exposed: un puerto para gobernarlos a todos” haciendo referencia al anillo del Señor de los anillos. La charla trataba sobre acceso a recursos compartidos de diversas organizaciones en el puerto 445, por lo que me cuestioné si ese era realmente…

Security

16 min read

Un buffer overflow para gobernar Chile
Un buffer overflow para gobernar Chile
Security

16 min read


Published in alertot

·Feb 6, 2019

Un sigiloso ataque en SII.cl

[This post is only available in Spanish because the target audience is in Chile] En el último tiempo, han circulado diversos correos falsos en nombre del SII (Servicio de Impuesto Internos) en el marco de ataques de phishing y distribución de malware. Analizando algunos de ellos, es notorio que se…

Chile

7 min read

Un sigiloso ataque en SII.cl
Un sigiloso ataque en SII.cl
Chile

7 min read


Published in alertot

·Dec 4, 2018

Metasploit Community CTF 2018 writeup

This weekend we participated in Metasploit Community CTF and got the 12th place out of 1000 registered teams (but according to organizers, 600 teams logged in). This time our team was small (chcx and me most of the time, deb_security last day) and we got the help from Miguel Mendez…

Linux

5 min read

Metasploit Community CTF 2018 writeup
Metasploit Community CTF 2018 writeup
Linux

5 min read

Claudio Salazar

Claudio Salazar

201 Followers

security & development

Following
  • Zyte

    Zyte

  • Macario

    Macario

  • Miguel Méndez Z.

    Miguel Méndez Z.

  • Leo Soto

    Leo Soto

  • d0nut

    d0nut

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech