Prepare your containers for the worst: a DFIR caseRecently, while talking to a colleague, he explained that he was facing a forensic case involving a service hosted in a container. The…Jun 14, 2024Jun 14, 2024
Published inTowards DevAWRBACS: AWACS for RBACTool: https://github.com/lobuhi/awrbacsMay 21, 2024May 21, 2024
DaemonSets: The Philosopher’s Stone of Lazy SysadminsIn the complex and ever-evolving landscape of system administration, Kubernetes DaemonSets have emerged as a seemingly magical solution…Feb 14, 2024Feb 14, 2024
The Orange’s RIPE Account Incident: Why Security Matters at Every Layer and ProcessThe cybersecurity world witnessed a concerning incident these days: the compromise of Orange’s RIPE account, obtained through the Racoon…Jan 5, 2024Jan 5, 2024
Understanding Post-Exploitation: A Crucial Element in Cybersecurity Defense StrategiesIn the digital landscape, cybersecurity is often conceptualized as a fortress that must be defended at all costs. However, this analogy…Nov 8, 2023Nov 8, 2023
Learning Golang: From 0 to multithreading in 3 days thanks to ChatGPTSome of you may already know about my tool byp4xx, a simple script to bypass 40X/HTTP responses that uses different methodologies. It…Jan 27, 2023Jan 27, 2023
Abusing ETCD to Inject Resources and Bypass RBAC and Admission Controller RestrictionsUPDATE 20/10/23: The detailed history below was the initial steps in the research on how to inject resources into etcd. The research…Jan 16, 2023Jan 16, 2023
Las implicaciones de ChatGPT para el sector IT y la ciberseguridadEl lanzamiento de ChatGPT ha sido uno de los eventos más importantes en el sector de tecnología e informática en los últimos años. ChatGPT…Dec 3, 2022Dec 3, 2022
How I made a reliable hacking tools and resources search engine in two days (~6500 entries!)https://lobuhi.github.io/Nov 3, 2022Nov 3, 2022
We all should stop reporting missing headers just because Burp Suite burps itSure, I’ve reported HSTS and cookie secure flags more times that I’d admit just because Burp says so.Sep 9, 20221Sep 9, 20221
My OSCP story: tips, tricks and hintsFirst, let me explain you about my background. I mess with security stuff since I was a teenager, not always with the same intensity but…Jun 5, 20211Jun 5, 20211
Cómo montar un laboratorio de pentesting para Android en Windows……sin sufrir demasiado.Mar 7, 2021Mar 7, 2021
[Writeup] TryHackMe — Skynet — Another privesc wayLet me show you another way than the official writeup you can find here https://blog.tryhackme.com/skynet-writeup/.Aug 6, 2020Aug 6, 2020
How I gained Domain Admin rights without fancy tools……like responder, mitm6 or others kerberos related methods.Jun 4, 2020Jun 4, 2020
How to connect to Internet an isolated server using Squid….…and then you can run apt, git, curl, pip or wget-May 28, 2020May 28, 2020