apt-get install summer

We just found a new package in the repository that seems quite interesting. It has no dependencies and the benefits of installing it seem quite interesting. Reviewing the code, we have detected that it has a timeout that will be

Dynamic binary instrumentation

In the previous post we talked about the possibilities to implement programs and carry out all kinds of tasks such as profiling or vulnerability detection. We also introduced Intel Pin, a dynamic binary instrumentation tool (mainly for IA32 and x86_64),

Position-independent Code Reuse via #EuroSP18

A few years ago, one of the most common attacks was to take advantage of a memory corruption error such as a buffer overflow to inject code (usually shellcode) and divert the flow of control to that code. However, with

VPNs are not online invisibility cloaks

It is possible to access any content through a different network than the one we initially encountered. With a simple example, if we were initially in Spain, we could access a certain web page as if we were really in

Program instrumentation options

Many of the methods of software testing and dynamic analysis of programs (not necessarily related to security) require inserting some additional instructions in the text of the program to obtain added information, that is, to instrument the program. For example,

Web-To-Mobile Vulnerabilities via #SP18

Currently a large number of mobile applications are simple front ends of their corresponding web APIs. Although this is not a danger in itself, it brings with it a very important implication regarding the validation process of data entry: The


Our sandbox for packers