Cybersecurity as Strategy
Strategize with cybersecurity and avoid losses
A recently published article calls to elevate cybersecurity from operational to a strategic...
"No, We Won't Get Hacked!"
And, "of course, I can always protect my company."
In cybersecurity, optimism bias and overconfidence can have pervasive consequences. I discuss...
My Favorite Password: '123456'
You could be a victim of Credential Stuffing
I wrote this post to give you an overview of the Credential Stuffing attack and some short...
HEVD: kASLR + SMEP Bypass
Bypassing OS protections
In this article we will defeat some protections using several techniques for exploting HackSys...
HEVD: Denial of Service
How to crash Windows
This article will be the first approach to start exploting HackSys Extremely Vulnerable Driver...
A Recent OSCE in Our Team
A short interview with Andres Roldan
We spoke with Andres Roldan, our Offensive Team Leader, who recently obtained his OSCE...
TRUN: Exploiting with ROP
Exploiting Vulnserver with ROP
This post will show how to create a complete, functional exploit creating a complex shellcode using ROP
Bypassing DEP with ROP
Running instructions by reference
This post will show how bypass the Data Execution Prevention security mechanism using...
Let's protect the stack
This post will show how the Data Execution Prevention (DEP) security mechanism works and what...
A Journey to OSCE
A personal OSCE experience
This post will describe the journey that I took to earn the OSCE certification.