Contenido principal

KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass

Febrero 3, 2016

Two-Channel Auto-Type obfuscation is a security mechanism from KeePass to protect auto-typed passwords from being captured by "standard" keyloggers. It uses clipboard and keyboard emulation as primary channels to transfer passwords to their final input:

This scheme is secure while none or just one channel is compromised. We are going to focus on clipboard protection, the [...]

Archivado en: Seguridad | Comentarios (0)

B-Sides Vancouver CTF 2015 - garbage file

Marzo 18, 2015

Description
Your buddy Joey left a USB key with some data he needs your help with. He pulled it from the firewall logs at a 'secure file format'-as-a-Service provider, so he's pretty sure it might be protected or obfuscated somehow.
garbagefile.pcapng.gz
Solution
A PCAPNG file is provided, there we can see some UDP packets where the data is located:

We [...]

Archivado en: Miscelaneo, Retos informáticos, Seguridad | Comentarios (0)

FREAK on Colombian domain names and Heartbleed one year later

Marzo 4, 2015

I am here writing again about some statistics, this time is for the new vulnerability found on SSL/TLS (FREAK Attack) against critical Colombian domain names. Same methogolody of Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names is used in this post.

FREAK Attack on restricted colombian domain names
Identifying vulnerable domains
A python script was [...]

Archivado en: Seguridad | Comentarios (0)

Overview of OpenSSL security bug (CVE-2014-0160) on critical Colombian domain names

Abril 10, 2014

* Update on methodology and results: Statistical sample
* Update on methodology and results: Retest

The TLS heartbeat read overrun (CVE-2014-0160) (also known as The Heartbleed Bug) is the hot topic right now on the information security field. While this publication is not about the technical detail of the bug but some statistics of critical affected Colombian [...]

Archivado en: Seguridad | Comentarios (1)

Campus Party Colombia 2013

Octubre 13, 2013

Esta semana, del 7 al 13 de Octubre, se llevó a cabo la sexta edición de Campus Party Colombia en la ciudad de Medellín. En el área de seguridad se encontraba la propuesta de la competencia para este año, en total fueron 30 retos, de los cuales se solucionaron 23.
En el siguiente enlace puede encontrar [...]

Archivado en: Criptografía, Ingeniería Inversa, Retos informáticos, Seguridad | Comentarios (0)