██▄   ████▄ ████▄ █▀▄▀█    ▄▄▄▄▄   ██▄   ██   ▀▄    ▄         ▄   ██     ▄   █        ▄▄▄▄▀ 
█  █  █   █ █   █ █ █ █   █     ▀▄ █  █  █ █    █  █           █  █ █     █  █     ▀▀▀ █    
█   █ █   █ █   █ █ ▄ █ ▄  ▀▀▀▀▄   █   █ █▄▄█    ▀█       █     █ █▄▄█ █   █ █         █    
█  █  ▀████ ▀████ █   █  ▀▄▄▄▄▀    █  █  █  █    █         █    █ █  █ █   █ ███▄     █     
███▀                 █             ███▀     █  ▄▀           █  █     █ █▄ ▄█     ▀   ▀      
                    ▀                      █                 █▐     █   ▀▀▀                 
                                          ▀                  ▐     ▀                        
                                                                                            
                                                                                            

Just a blog to preserve some thoughts about Red Teaming :)

Slides

        :: Red Team: convertir la improvisación en arte :: h-c0n V Edition (2023)
        :: Demystifying Disable_functions :: EuskalHack V (2022)
        :: Técnicas antidebugging en JavaScript (browsers) :: EuskalHack III (2018)

Articles published on other websites

        :: VBA: having fun with macros, overwritten pointers & R/W/X memory (2023) ::
        :: Developers are juicy targets: DCOM & Visual Studio (2023) ::
        :: VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress (2023) ::
        :: Beating an old PHP source code protector (2023) ::
        :: CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup (2023) ::
        :: Spice up your persistence: loading PHP extensions from memory (2022) ::
        :: Autodial(DLL)ing Your Way (2022) ::
        :: Thoughts on the use of noVNC for phishing campaigns (2022) ::
        :: In the land of PHP you will always be (use-after-)free (2022) ::
        :: Adding a native sniffer to your implants: decomposing and recomposing PktMon (2021) ::
        :: Knock! Knock! The postman is here! (abusing Mailslots and PortKnocking for connectionless shells) (2021) ::
        :: Don’t use commands, use code: the tale of Netsh & PortProxy (2021) ::
        :: A physical graffiti of LSASS: getting credentials from physical memory for fun and learning (2021) ::
        :: The Kerberos Credential Thievery Compendium (GNU/Linux) (2021) ::
        :: Hijacking connections without injections: a ShadowMoving approach to the art of pivoting (2021) ::
        :: The worst of the two worlds: Excel meets Outlook (2020) ::
        :: Shedding light on creating VBA macros (2020) ::
        :: Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878 & CVE-2020-26879) (2020) ::
        :: Hacking in an epistolary way: implementing kerberoast in pure VBA (2020) ::
        :: A brief encounter with Leostream Connect Broker (2020) ::
        :: A deep dive into disable_functions bypasses and PHP exploitation (2020) ::
        :: Lateral movement via MSSQL: a tale of CLR and socket reuse (2020) ::
        :: Backdoors in XAMP stack: Apache Modules (2019) ::
        :: Vulnerabilities in OCS Inventory 2.4.1 (2018) ::
        :: Interactive Shell via Bluetooth (2018) ::
        :: CVE-2017-11318: RCE in Cobian Backup 11 (2017) ::
        :: Backdoors in XAMPP stack: PHP extensions (2017) ::
        :: How to bypass disable_functions and open_basedir (2017) ::
        :: Persistence in WordPress using backdoors in SQL (2017) ::
        :: OpenText TempoBox 10.0.3 Vulnerabilities (2017) ::