unam.яe

When you are working on cybersecurity as evaluator (analyst, penetration tester, and so on); sometimes you will be in front of test cases that they have not been performed before. These tests are always challenges for us; and what is more gratifying for a ethical hacker that a hacking challenge.This specific case is relative to a Security Functional Requirement (SFR) of a NIAP protection profile about Bluetooth.* Same tests for LE.In a previous post, additional information and some differences about …

Recenlty I have been working with the Bluetooth protocol. I had knwoledge about bluetooth for a Master Degree I studied (Master en Telematica y redes de telecomunicaciones of University of Malaga). Obviously, It was a lot of years ago, so to remember this time, I got the Bluetooth Core Specification and; this time it will not be only teorical because I should to perform some tests like this:These kind of tests are very complex since mostly of tools implement correctly …

Llevaba tiempo que queria poner comentarios en el blog, a pesar de tenerlo implementado desde una de las primeras versiones de la página, nunca lo puse en activo. Sobretodo porque para responder las dudas que pudiesen surgir en alguno de los post, si alguien estuviese realmente interesado siempre podría (y puede) enviar un email a correo que se encuentra en la seccion "Whoami". En este post pretendo explicar como se implementa un captcha para un formulario, reCAPTCHA v2 invisble en …

Doing some tests about how works the CRL in different browsers and devices, it has been observed that some of them that are very used, like Android does not check the CRL, thus, Android (and Chrome/Chromium) does not check the certificate validity through the CRL.A CRL (Certificate Revocation List), as its name implies, it is a list of certificates that they are not valid anymore and any application/device should trust them. It is defined in the RFC 5280 "Internet X.509 …

These days I have been practicing with Burp Suite Academy and I wanted to write a post about some of the vulnerabilities they have to practice. That is a very good platform if you want to learn about web vulnerabilities and exploitation. Moreover, they offer a certification about their software "Burp Suite" which is a very good tool and well know for web hacking in the community.In this post I am going to focus in Java deserialization vulnerability and how …