Contenido principal

DNS Flag Day Colombia

Febrero 1, 2019

Los dominios colombianos (mil.co, gov.co, edu.co, org.co, com.co, net.co [+] nuevo) están preparados para el día del cambio mundial en los sistemas DNS que entrará a regir a partir del primero de febrero de 2019 y el cual es soportado por grandes servicios de DNS gratuitos como los ofrecidos por Google, Cisco OpenDNS, y CloudFlare.
Existe [...]

Archivado en: Seguridad | Comentarios (0)

KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass

Febrero 3, 2016

Two-Channel Auto-Type obfuscation is a security mechanism from KeePass to protect auto-typed passwords from being captured by "standard" keyloggers. It uses clipboard and keyboard emulation as primary channels to transfer passwords to their final input:

This scheme is secure while none or just one channel is compromised. We are going to focus on clipboard protection, the [...]

Archivado en: Seguridad | Comentarios (0)

B-Sides Vancouver CTF 2015 - garbage file

Marzo 18, 2015

Description
Your buddy Joey left a USB key with some data he needs your help with. He pulled it from the firewall logs at a 'secure file format'-as-a-Service provider, so he's pretty sure it might be protected or obfuscated somehow.
garbagefile.pcapng.gz
Solution
A PCAPNG file is provided, there we can see some UDP packets where the data is located:

We [...]

Archivado en: Miscelaneo, Retos informáticos, Seguridad | Comentarios (0)

FREAK on Colombian domain names and Heartbleed one year later

Marzo 4, 2015

I am here writing again about some statistics, this time is for the new vulnerability found on SSL/TLS (FREAK Attack) against critical Colombian domain names. Same methogolody of Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names is used in this post.

FREAK Attack on restricted colombian domain names
Identifying vulnerable domains
A python script was [...]

Archivado en: Seguridad | Comentarios (0)

Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names

Abril 10, 2014

* Update on methodology and results: Statistical sample
* Update on methodology and results: Retest

The TLS heartbeat read overrun (CVE-2014-0160) (also known as The Heartbleed Bug) is the hot topic right now on the information security field. While this publication is not about the technical detail of the bug but some statistics of critical affected Colombian [...]

Archivado en: Seguridad | Comentarios (1)