Position-independent Code Reuse via #EuroSP18

A few years ago, one of the most common attacks was to take advantage of a memory corruption error such as a buffer overflow to inject code (usually shellcode) and divert the flow of control to that code. However, with

VPNs are not online invisibility cloaks

It is possible to access any content through a different network than the one we initially encountered. With a simple example, if we were initially in Spain, we could access a certain web page as if we were really in

Program instrumentation options

Many of the methods of software testing and dynamic analysis of programs (not necessarily related to security) require inserting some additional instructions in the text of the program to obtain added information, that is, to instrument the program. For example,

Web-To-Mobile Vulnerabilities via #SP18

Currently a large number of mobile applications are simple front ends of their corresponding web APIs. Although this is not a danger in itself, it brings with it a very important implication regarding the validation process of data entry: The

All that glitters is not cryptomining, but almost

There is a new trend in the world of malware, called cryptojacking. In many wars they used enemy prisoners to mine minerals, this would be similar to this case but transferred to the 21st century. It consists in using the

document.write(‘blog 1461 days’)

This blog began its journey on March 31, 2014. Four magnificent years that have passed faster than Sonic takes to finish a marathon. Some time ago they published an article in Science that tried to explain why time flies when we


Our sandbox for packers