Slides

:: Offensive VBA :: EuskalHack VII (2024)
:: Red Team: convertir la improvisación en arte :: h-c0n V Edition (2023)
:: Demystifying Disable_functions :: EuskalHack V (2022)
:: Técnicas antidebugging en JavaScript (browsers) :: EuskalHack III (2018)

Articles published on other websites

:: VBA: overwriting R/W/X memory in a reliable way (2024) ::
:: A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108) (2024) ::
:: VBA: having fun with macros, overwritten pointers & R/W/X memory (2024) ::
:: Developers are juicy targets: DCOM & Visual Studio (2023) ::
:: VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress (2023) ::
:: Beating an old PHP source code protector (2023) ::
:: CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup (2023) ::
:: Spice up your persistence: loading PHP extensions from memory (2022) ::
:: Autodial(DLL)ing Your Way (2022) ::
:: Thoughts on the use of noVNC for phishing campaigns (2022) ::
:: In the land of PHP you will always be (use-after-)free (2022) ::
:: Adding a native sniffer to your implants: decomposing and recomposing PktMon (2021) ::
:: Knock! Knock! The postman is here! (abusing Mailslots and PortKnocking for connectionless shells) (2021) ::
:: Don’t use commands, use code: the tale of Netsh & PortProxy (2021) ::
:: A physical graffiti of LSASS: getting credentials from physical memory for fun and learning (2021) ::
:: The Kerberos Credential Thievery Compendium (GNU/Linux) (2021) ::
:: Hijacking connections without injections: a ShadowMoving approach to the art of pivoting (2021) ::
:: The worst of the two worlds: Excel meets Outlook (2020) ::
:: Shedding light on creating VBA macros (2020) ::
:: Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878 & CVE-2020-26879) (2020) ::
:: Hacking in an epistolary way: implementing kerberoast in pure VBA (2020) ::
:: A brief encounter with Leostream Connect Broker (2020) ::
:: A deep dive into disable_functions bypasses and PHP exploitation (2020) ::
:: Lateral movement via MSSQL: a tale of CLR and socket reuse (2020) ::
:: Backdoors in XAMP stack: Apache Modules (2019) ::
:: Vulnerabilities in OCS Inventory 2.4.1 (2018) ::
:: Interactive Shell via Bluetooth (2018) ::
:: CVE-2017-11318: RCE in Cobian Backup 11 (2017) ::
:: Backdoors in XAMPP stack: PHP extensions (2017) ::
:: How to bypass disable_functions and open_basedir (2017) ::
:: Persistence in WordPress using backdoors in SQL (2017) ::
:: OpenText TempoBox 10.0.3 Vulnerabilities (2017) ::