Clik here to view.
OpenSSH User Enumeration Time-Based Attack with Osueta
Introduction In this post I'd like to introduce you to an awesome tool focused on taking advantage of an OpenSSH vulnerability. I'd like to thank @cor3dump3d for letting me participate in his project....
View ArticleClik here to view.
Looking for a job in the security field in a different way
You already know what the most common way of getting a job is. You usually look for vacancies in a job web portal and when you think you could be selected, you apply for it... Then, most of the...
View ArticleClik here to view.
Have I bought these clothes? Another spread malware campaign.
When I was reading one of the last FireEye's post, I was struck by the binary they said it came in the form of phished email (MD5:7c00ba0fcbfee6186994a8988a864385) purportedly from Armani regarding an...
View ArticleClik here to view.
Parsero v0.75 has been included in the Kali Linux repository
Some days ago a friend told me, "Ey! Why you didn't write a post talking about how Parsero has been included in the Kali Linux repository?""Seriously? I forgot it..." So here it is...As you already...
View ArticleClik here to view.
Drupal Denial of Service Responsible Disclosure - Attacking with long passwords
Introduction First of all, let me introduce you to my partner @cor3dump3d from www.devconsole.info We have written this post together and we hope you enjoy it. More technical information about this...
View ArticleClik here to view.
Wordpress Denial of Service Responsible Disclosure - Attacking with long...
IntroductionWordpress is the CMS most used Worldwide. According to w3techs.com WordPress is used by 61.1% of all the websites whose content management system they know. This is 23.2% of all websites.My...
View ArticleCVE-2014-9016 and CVE-2014-9034 Proof of Concept
Assuming that time enough has happened since the security update was released by Wordpress and Drupal, we want to share our researches. As you already know, we believe in Responsible Disclosure and...
View ArticleClik here to view.
When cookies lead to a DoS in phpMyAdmin CVE-2014-9218
Introduction"phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQLover the Web. phpMyAdmin supports a wide range of operations on MySQL, MariaDB and Drizzle....
View ArticleCVE-2014-9218 phpMyAdmin DoS Proof of Concept
Assuming that time enough has happened since the security update was released by phpMyAdmin, we want to share our researches. As you already know, we believe in Responsible Disclosure and that is the...
View ArticleClik here to view.
Who is trying to get the public IP address inside your network?
In this blog post I would like to share some tricks to detect suspicious activities that could end with finding compromised hosts inside a network. I´ve noticed (I guess you too) that there are some...
View ArticleClik here to view.
A Network Traffic Analysis Exercise
Network forensics is something we should practice as much as possible to become faster at detecting supicious activies in our networks. This website http://malware-traffic-analysis.net/ shares network...
View ArticleClik here to view.
CVE-2016-3978 Open Redirect & XSS in FortiOS (Fortinet)
IntroductionSome months ago, I reported to the Fortinet PSIRT team two vulnerabilities which affect different Fortigate firmware versions. You probably know that "Fortinet is a leading provider of fast...
View ArticleClik here to view.
Parsero: The tool to audit the Robots.txt automatically
When I was writing Using robots.txt to locate your targets, I felt the necessity of developing a tool to make automatic the task of auditing the Robots.txt file of the web servers.Now, I am really...
View Article