Turning off server room coolers

There it comes that precious moment of the year where the temperature usually has a single number (in Celsius obviously). People tend to think that this is a negative thing, but here we have always been very positive people.

Everything started with the USB of that hacker

When someone finds out that your computer is infected, a question automatically pops up in your mind, how has this happened? First you think about the recent files downloaded / installed, then in the visited pages, and if no answer

Fatal optimizations

Compilers transform the code we write to make it more efficient, however, there are times when these optimizations made by the compiler can cause security problems. A clear example of this is the dead code elimination, an optimization that aims

The idea behind the symbolic execution

Following in the line of program analysis techniques, this time we are going to talk about a technique that is somewhere in between static techniques and dynamics, symbolic execution. It is a type of analysis that covers different limitations of

Variadic Vulnerabilities Vanquished via #UseSec17

Researchers at Purdue, Politecnico di Milano and California – Irvine universities presented this summer in Usenix Security a work focused on trying to prevent and eradicate vulnerabilities caused by the abuse of variadic functions. A variadic function is one that

Spear Phishing, adapting hooks to targets

Although many of you may have heard of phising, even been victims of some in the worst case, you are not so familiar with the next evolutionary step: spear phishing. Starting from the ground up, phishing is based on fooling

How does a linker work? (III) – Types of symbols

After learning what information contains the symbol table in the previous post, we can now talk more about the attributes that a symbol can have and what role do they have in the resolution of symbols from the linker point

Analyzing a fuzzing framework

In the previous post on fuzzing, we explained in broad terms the main foundations and the different types that exist. This time we are going to focus on fuzzing frameworks, so let’s start by looking at how the general logical

Bugs in Linux kernel drivers via #UseSec17

As the vast majority of security workers will know, a vulnerability known as “Dirty Cow” (CVE-2016-5195) that has been present in the Linux kernel since 2.6.22 in 2007 has been publicly disclosed, therefore, present in Linux-based operating systems, including Android.

Capture The Flag, making hacking a game

It is possible to spend a fun weekend with friends hacking like there is no tomorrow, and of course I mean doing it completely legally. All this is thanks to the different CTFs that are organized throughout the year. These


Our sandbox for packers