avatar  

Recently I’ve been reading about ways to help your neighbourhood with the COVID-19 crisis, here in Spain. But one of the tips they gave was quite unsecure, because it’s based in the fact that everyone is nice: “Share your WiFi!” well, it is a wonderful idea to share your Internet connection if you know how to protect it and have different channels for you and your guests. On the other hand trusting on unknown open WiFis is also a bad idea. I want to show today why, using a Wifi pineapple.

The...

avatar  

A tale of spies and (cyber)war

It was the start of 2010, Iran. The Atomic Energy Agency noticed something was wrong in the Natanz uranium enrichment plant. It seemed weird, as centrifuges that were used to enrich uranium gas were starting to fail. They decided to replace them. On summer of that year, computers in the Iranian plant started to fail and reboot on their own and no one knew what was going on. Imagine being the system administrator and feeling all that chaos and not knowing what’s going on. The...

avatar  

Part of my job involves creating phishing attacks to aware companies about dangerous emails and links. One of the easiest way to distract from the fact that it’s false is through fear: using the word “URGENT”, “NOW”, “I NEED IT REALLY FAST”, and using bold words. These things sometimes trigger workers to act as soon as they can, without carefully looking at the information in the email or checking if it’s legit. This all worldwide situation of health alarm is making these attacks easier to perform, but they are not hired, they...

avatar  

An important part of offensive security is basically knowing what to attack. Sometimes you have to face a really big project and before launching any kind of attack, you must learn the weaknesses and as much as information about your target as you could gather. Good for us, there are tons of useful tools and resources for this.

When trying to get subdomains of a target, we have for example Subl1st3r. Gathering subdomains is important because you might find a forgotten subdomain with unpatched bugs that can lead us to bigger issues,...

avatar  

Lamentamos tener que comunicar que hemos decidido aplazar de forma indefinida las JASYP ‘20 que estaban planificadas para los días 17 y 18 de abril, dado que por la situación actual, lo más correcto es no continuar con la organización de las mismas mientras que no se puede asegurar que no existe ningún riesgo para la salud pública por el COVID-19.

La intención es que las Jornadas se realicen en algún momento de los próximos meses, pero es algo que todavía no podemos concretar. Os informaremos cuando tengamos más noticias.

Sentimos mucho los inconvenientes generados.