New OWASP Top 10 2021
After a four-year wait, OWASP has released a draft of its new list of the most prevalent web application vulnerabilities.
How to pass CCSP (Certified Cloud Security Professional)
There have been no new posts in the last few weeks as I have been preparing for the CCSP. This is another one of the many articles about how to pass this exam and get one of the most prestigious (ICS)2 certifications. Based on my experience reading this kind of articles is quite useful, especially … Read more
Infrastructure Hacking: IRC Protocol
Today we are going to talk about one of the great protocols of the past: Internet Relay Chat, the prototype for instant messaging. Although those of you of a certain age will be familiar with this protocol, I didn’t use it until I had to make my own IRC server for an exercise at university, … Read more
Homomorphic Cryptography
Today we are going to talk about a very special encryption system. Although this type of encryption has been proposed for a long time (it was first proposed during the creation of the RSA algorithm), it has been unsuccessfully tried to be implemented for the last 40 years. It has a feature that no other … Read more
Infrastructure Hacking: BGP Protocol II
BGP Hijacking This article is a continuation of the last post on the BGP protocol. If you haven’t read it yet, do so before you start. Let’s remember where we left off in the previous post. What we think is happening is that a user who will be on AS-200 is connecting to FTP, and we … Read more
Infrastructure Hacking: SNMP Protocol
Today we are going to talk about everything related to SNMP (Simple Network Management Protocol) security. This is a network management service that runs on port 161 (UDP). The default version of SNMP is v2c. It has some complexity, so before moving on to vulnerabilities, let’s make a brief summary of how this protocol works. … Read more
Infrastructure Hacking: RPC Protocol
On this post we are going to talk about how to get the most out of Remote Procedure Call, a protocol that is integrated in many applications. The “Remote Procedure Call” occurs when a computer requests a service that is on another computer and that goes over a network, without needing to know the details … Read more
Infrastructure Hacking: DNS Protocol II
This is the second part of the post about the DNS protocol and its vulnerabilities. If you have not yet read the first part, I recommend you to do so through this link. In this post I will focus on two advanced hacking techniques related to the DNS protocol: firstly, the well-known DNS Spoofing, with … Read more
Infraestructure Hacking: DNS Protocol I
Do you know what happens from the moment you enter a URL in your browser until you get the results? Learn about the weaknesses of the DNS protocol and find out how to exploit them.