Earlier this year I passed the CISSP on the first attempt. This is another of the many articles that exist on how to pass the exam and obtain one of the most prestigious (ICS)2 certifications. Based on my experience reading this kind of articles is quite useful, especially in the days before taking the exam. … Read more
0. Rooting Android & Jailbreaking iOS Android It is recommended to use an android device to test the application. If you cannot get one, then you can use an Android VM. Alternatively, you can configure an Android device. There are lots of guides on the Internet to root an Android device. For this guide, I … Read more
In the last few weeks there has been a revolution in the IT world. Everyone has been worried, there have been thousands of meetings to discuss it, hundreds of memes have been created about it. One of the vulnerabilities with the highest exposure factor in recent years has come to light: CVE-2021-44228, now known as … Read more
I have not been able to publish in the last few weeks because I was preparing for OSCP. If you are thinking of obtaining this certification, here is my personal experience!
One of the first posts on this website was an introduction to the platform that has been with me since the beginning of my hacking career. It is HackTheBox, a pentesting platform where thousands of intrepid hackers race trying to take control of as many machines as possible. It’s been more than two years since … Read more
Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys… Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since … Read more
Today I bring you a very interesting type of SQL Injection, and that is not very well known. It’s a variation of Blind SQL Injection.if you’re still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases. In Blind SQL … Read more
This post is the continuation of another one I published a few months ago. If you haven’t read it yet, I recommend you take a look at it. You already know that it is a Cross-Site Scripting, you know what types there are, what payloads to test, in which fields to look when you are … Read more
After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack … Read more
In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: ” ´ or 1 = 1 — a “ However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of … Read more