Security Dojo

So then again, rolling and checking istherdpexploitoutyet.com found an interesting thing; they link to a PoC on pastebin, and apparently it messes up your box, I wonder how many people lost boxes on that one, but they link to another cool site rdpcheck.com they scan you back to check if you are vulnerable to RDP [...]

I recently had to actually do a fast forensic job for a friend, he asked me some help as he was taking over some business which were “abandoned” by an “open source consultant” which is to say pretty much installs everything on linux and does half coding in this case. The problem raised when as [...]

I was sent this link which is hilarious: http://istherdpexploitoutyet.com/ Has some really short information on the exploit and PoC and obviously who bought it (yes kids ZDI bought this one, gave it to Microsoft and then one of them managed to leak it) but apparently the original exploit code was leaked (complete article HERE) From [...]

From Microsoft’s support website: MS12-020: Vulnerabilities in Remote Desktop could allow remote code execution: March 13, 2012 The interesting is that on this link (http://support.microsoft.com/kb/2671387) it says on the more information tab: “2667402 MS12-020: Description of the security update for Terminal Server Denial of Service Vulnerability: March 13, 2012″ But then on this link (http://blogs.technet.com/b/msrc/archive/2012/03/13/strength-flexibility-and-the-march-2012-security-bulletins.aspx) [...]

For my previous job I designed the defense infrastructure, this was an interesting challenge specially since this is a fast and complex environment (SaaS environment) and as usual ever changing and growing, one of the restrictions was that we wanted to reuse end of life CISCO 4255 IPS that we had in there and wanted [...]

Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in [...]

I’ve been in the security environment for quite around years now, I don’t consider myself an expert but I consider myself knowledgeable, one thing is all my life I’ve had awesome people around me, giving me always advise, knowledge and pushing my creativity. I recently catch upon Cenzic having a pretty interesting patent, which basically [...]

I often stay away from political and economical sources, why? well due to my job and research I believe I should not be involved in any of them, is my job not to be bias against nobody that could potentially be my client, so I just shut up, even with close relatives, friends and relationships. [...]

This is the presentation I’m going to push in Campus Party and in Sec-T in Sweden in september. This is a complete recode of trapper, even changing the language for ruby, having namespaces on it and the capabilities to attack and exploit miss-configurations. I’m going to be exporting a git repository the first week of [...]

Bien aki mi ultima creacion para matar todos esos crypters chafas okupados por gran cantidad de malware para ser indetectables a los AV’s