Critical information disclosure on Wappalyzer.com

While performing some online assesment, a critical information disclosure has been found on Wappalyzer.com. The vulnerability has been fixed, this is the full disclosure about the issue.

Build an Advanced Persistent Threat module

13th Mar 2017

Let's put the black hat on

Every day the news reports about some organization being hacked and their data stolen. I always asked myself: How is that possible? Is that hard to do? If it were me, how would I do that?
In this post I'll report my experience in building my own Advanced Persistent Threat (APT).

Having fun with Magento SUPEE-8788

Everyday with a RCE, is a good day

In his SUPEE-8788 security advisory, Magento warns the users of possible Remote Code Execution attacks in unpatched versions.
Let's find out exactly what does it mean and how we can leverage it.

Rainbow tables are dead

30th Jan 2017

Say "Rainbow tables" one more time

This is a public service announcement. It's 2017 and people are still referencing to rainbow tables, usually when talking about password salts.
That's not the real reason of salt usage; rainbow tables are long dead, let's find out why.

Phrases Generator

13th Jan 2017

A.k.a. The Supercalifragilisti script

Cracking 50% of a password list is easy.
Reaching the 60% is nice.
Achieving the 70% requires some work (or patience).
Getting beyond that needs some creative thinking.