Just a blog to preserve some thoughts about Red Teaming :)

Slides

        :: Técnicas antidebugging en JavaScript (browsers) :: EuskalHack III (2018)

Articles published on other websites

        :: Adding a native sniffer to your implants: decomposing and recomposing PktMon (2021) ::
        :: Knock! Knock! The postman is here! (abusing Mailslots and PortKnocking for connectionless shells) (2021) ::
        :: Don’t use commands, use code: the tale of Netsh & PortProxy (2021) ::
        :: A physical graffiti of LSASS: getting credentials from physical memory for fun and learning (2021) ::
        :: The Kerberos Credential Thievery Compendium (GNU/Linux) (2021) ::
        :: Hijacking connections without injections: a ShadowMoving approach to the art of pivoting (2021) ::
        :: The worst of the two worlds: Excel meets Outlook (2020) ::
        :: Shedding light on creating VBA macros (2020) ::
        :: Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878 & CVE-2020-26879) (2020) ::
        :: Hacking in an epistolary way: implementing kerberoast in pure VBA (2020) ::
        :: A brief encounter with Leostream Connect Broker (2020) ::
        :: A deep dive into disable_functions bypasses and PHP exploitation (2020) ::
        :: Lateral movement via MSSQL: a tale of CLR and socket reuse (2020) ::
        :: Backdoors in XAMP stack: Apache Modules (2019) ::
        :: Vulnerabilities in OCS Inventory 2.4.1 (2018) ::
        :: Interactive Shell via Bluetooth (2018) ::
        :: CVE-2017-11318: RCE in Cobian Backup 11 (2017) ::
        :: Backdoors in XAMPP stack: PHP extensions (2017) ::
        :: How to bypass disable_functions and open_basedir (2017) ::
        :: Persistence in WordPress using backdoors in SQL (2017) ::
        :: OpenText TempoBox 10.0.3 Vulnerabilities (2017) ::