Retos de programación sobre criptografía
- November 16, 2015
- tuxotron
En esta entrada no vamos a hablar de los retos de matasano, aunque lo acabo de hacer :), sino de otra web: id0-rsa.pub.
Ésta, está en la misma onda que matasano, alberga una serie de retos orientados a la criptografía que tenemos que resolver con programación. Son retos enfocados al aprendizaje de la criptografía aplicada, por lo que no se necesitan conocimientos previos sobre dicho tema, pero sí se necesitan conocimientos de programación.
Los retos están etiquetados por temas: RSA, Bitcoin, OpenSSL, etc. También mantienen un página con algunos recursos básicos para los no iniciados y material de apoyo.
Este es otro gran recurso para expandir nuestros conocimientos y para aquellos programadores que obviamente estén interesados en este campo tan complicado como es la criptografía.
Presentaciones de Black Hat Europe 2015
- November 13, 2015
- tuxotron
- What Got Us Here Wont Get Us There eu-15-Meer-What-Got-Us-Here-Wont-Get-Us-There.pdf
- (In-)Security of Backend-As-A-Service eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service-wp.pdf
- A Peek Under the Blue Coat eu-15-Rigo-A-Peek-Under-The-Blue-Coat.pdf
- All Your Root Checks Belong to Us: The Sad State of Root Detection
- AndroBugs Framework: An Android Application Security Vulnerability Scanner eu-15-Lin-Androbugs-Framework-An-Android-Application-Security-Vulnerability-Scanner.pdf
- Attacking the XNU Kernel in El Capitain eu-15-Todesco-Attacking-The-XNU-Kernal-In-El-Capitain.pdf
- Authenticator Leakage through Backup Channels on Android eu-15-Bai-Authenticator-Leakage-Through-Backup-Channels-On-Android.pdf
- Automating Linux Malware Analysis Using Limon Sandbox eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox.pdf eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf
- Breaking Access Controls with BLEKey
- Bypassing Local Windows Authentication to Defeat Full Disk Encryption eu-15-Haken-Bypassing-Local-Windows-Authentication-To-Defeat-Full-Disk-Encryption.pdf eu-15-Haken-Bypassing-Local-Windows-Authentication-To-Defeat-Full-Disk-Encryption-wp.pdf
- Bypassing Self-Encrypting Drives (SED) in Enterprise Environments eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments.pdf eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
- Commix: Detecting and Exploiting Command Injection Flaws eu-15-Stasinopoulos-Commix-Detecting-And-Exploiting-Command-Injection-Flaws.pdf eu-15-Stasinopoulos-Commix-Detecting-And-Exploiting-Command-Injection-Flaws-wp.pdf
- Continuous Intrusion: Why CI tools are an Attackers Best Friends eu-15-Mittal-Continuous-Intrusion-Why-CI-Tools-Are-An-Attackers-Best-Friend.pdf
- Cybercrime in the Deep Web eu-15-Balduzzi-Cybercrmine-In-The-Deep-Web.pdf eu-15-Balduzzi-Cybercrmine-In-The-Deep-Web-wp.pdf
- Cybersecurity for Oil and Gas Industries: How Hackers Can Manipulate Oil Stocks eu-15-Polyakov-Cybersecurity-For-Oil-And-Gas-Industries-How-Hackers-Can-Manipulate-Oil-Stocks.pdf eu-15-Polyakov-Cybersecurity-For-Oil-And-Gas-Industries-How-Hackers-Can-Manipulate-Oil-Stocks-wp.pdf
- Defending Against Malicious Application Compatibility Shims eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims.pdf eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf
- Even the LastPass Will be Stolen Deal with It! eu-15-Vigo-Even-The-Lastpass-Will-Be-Stolen-deal-with-it.pdf
- Exploiting Adobe Flash Player in the Era of Control Flow Guard eu-15-Falcon-Exploiting-Adobe-Flash-Player-In-The-Era-Of-Control-Flow-Guard.pdf
- Faux Disk Encryption: Realities of Secure Storage on Mobile Devices eu-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices.pdf eu-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices-wp.pdf
- Fuzzing Android: A Recipe for Uncovering Vulnerabilities Inside System Components in Android eu-15-Blanda-Fuzzing-Android-A-Recipe-For-Uncovering-Vulnerabilities-Inside-System-Components-In-Android.pdf eu-15-Blanda-Fuzzing-Android-A-Recipe-For-Uncovering-Vulnerabilities-Inside-System-Components-In-Android-wp.pdf
- Going AUTH the Rails on a Crazy Train eu-15-Jarmoc-Going-AUTH-The-Rails-On-A-Crazy-Train.pdf eu-15-Jarmoc-Going-AUTH-The-Rails-On-A-Crazy-Train-wp.pdf
- Hey Man Have You Forgotten to Initialize Your Memory? eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory.pdf eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory-wp.pdf
- Hiding in Plain Sight - Advances in Malware Covert Communication Channels eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels.pdf eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf
- How to Break XML Encryption - Automatically eu-15-Somorovsky-How-To-Break-XML-Encryption-Automatically-wp.pdf
- Implementing Practical Electrical Glitching Attacks
- Is Your TimeSpace Safe? - Time and Position Spoofing Opensourcely eu-15-Kang-Is-Your-Timespace-Safe-Time-And-Position-Spoofing-Opensourcely.pdf eu-15-Kang-Is-Your-Timespace-Safe-Time-And-Position-Spoofing-Opensourcely-wp.pdf
- Lessons from Defending the Indefensible eu-15-Majkowski-Lessons-From-Defending-The-Indefensible.pdf
- Locknote: Conclusions and Key Takeaways from Black Hat Europe 2015
- LTE & IMSI Catcher Myths eu-15-Borgaonkar-LTE-And-IMSI-Catcher-Myths.pdf eu-15-Borgaonkar-LTE-And-IMSI-Catcher-Myths-wp.pdf
- New (and Newly-Changed) Fully Qualified Domain Names: A View of Worldwide Changes to the Internets DNS eu-15-Vixie-New-And-Newly-Changed-Fully-Qualified-Domain-Names-A-View-Of-Worldwide-Changes-To-The-Internets-DNS.pdf
- New Tool for Discovering Flash Player 0-day Attacks in the Wild from Various Channels eu-15-Pi-New-Tool-For-Discovering-Flash-Player-0-day-Attacks-In-The-Wild-From-Various-Channels.pdf eu-15-Pi-New-Tool-For-Discovering-Flash-Player-0-day-Attacks-In-The-Wild-From-Various-Channels-wp.pdf
- Panel: What You Need to Know About the Changing Regulatory Landscape in Information Security
- Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers.pdf eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers-wp1.pdf eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers-wp2.pdf
- Silently Breaking ASLR in the Cloud eu-15-Barresi-Silently-Breaking-ASLR-In-The-Cloud.pdf eu-15-Barresi-Silently-Breaking-ASLR-In-The-Cloud-wp.pdf
- Stegosploit - Exploit Delivery with Steganography and Polyglots eu-15-Shah-Stegosploit-Exploit-Delivery-With-Steganography-And-Polyglots.pdf
- Triaging Crashes with Backward Taint Analysis for ARM Architecture eu-15-Kim-Triaging-Crashes-With-Backward-Taint-Analysis-For-ARM-Architecture.pdf
- Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers.pdf eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers-wp.pdf
- VoIP Wars: Destroying Jar Jar Lync eu-15-Ozavci-VoIP-Wars-Destroying-Jar-Jar-Lync.pdf
- Vulnerability Exploitation in Docker Container Environments eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments.pdf eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
- Watching the Watchdog: Protecting Kerberos Authentication with Network Monitoring eu-15-Beery-Watching-The-Watchdog-Protecting-Kerberos-Authentication-With-Network-Monitoring.pdf eu-15-Beery-Watching-The-Watchdog-Protecting-Kerberos-Authentication-With-Network-Monitoring-wp.pdf
- Your Scripts in My Page - What Could Possibly Go Wrong?
Ya podemos acceder al material de la edición de este año de Black Hat celebrada en Amsterdam.
Retos y ejercicios de ingeniería inversa
- November 13, 2015
- tuxotron
Dennis Yurichev, autor del libro Ingeniería inversa para principiantes ha ido creando una serie retos y ejercicios sobre dicho tema que iba publicando en su blog (algunos también están en el libro) y para poner un poco de orden ha creado un sitio web nuevo llamado challenges.re, dónde ha reagrupado y organizado dichos retos.
Aunque en su blog actual ha ido publicando las soluciones a los retos que creaba, en este nuevo sitio no las va a publicar y por consiguiente, tampoco publicará las soluciones de futuros retos ni en dicha web ni en el blog. Además pide que no se publiquen las soluciones en sitios públicos: blogs, foros, etc.
Libros
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec