Articles and Reflections

Articles and Reflections

US [NSA] Utiliza puertas traseras en procesadores Intel

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' decoding='async'/>

Tony Merisan October 17, 2024 No Comments

China acusa a la US NSA de utilizar puertas traseras en procesadores Intel y exige una investigación. La Asociación de Seguridad Cibernética de China (CSAC) ha acusado a Intel de…

Articles and Reflections

EDRSilencer para eludir la detección -disrupting endpoints-

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' decoding='async'/>

Tony Merisan October 16, 2024 No Comments

Los atacantes están utilizando EDRSilencer para eludir la detección. Escrito originalmente por un entusiasta como alternativa a FireBlock de MdSec NightHawk, EDRSilencer utiliza la plataforma de filtrado de Windows para…

Articles and Reflections

Explotación remota del Kernel a través de IPv6 en Windows- Ataque de día cero

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' decoding='async'/>

Tony Merisan October 12, 2024 No Comments

CVE-2024-38063 9.8 (Critical) CVE-2024-38063 es una vulnerabilidad de seguridad crítica aplicable a todos los ordenadores Windows con una puntuación de 9,8, publicada el 13 de agosto de 2024, y sigue…

Articles and Reflections

“El malware sigiloso” PERFCTL Guia paso a paso Eliminacion y Hardening

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' loading='lazy' decoding='async'/>

Tony Merisan October 9, 2024 No Comments

«perfctl» lleva al menos tres años atacando millones de servidores y estaciones de trabajo Linux, sin ser detectado en gran medida gracias a sus altos niveles de evasión y al…

Articles and Reflections

Detectando Actividad Maliciosa en un Servidor: Caso de Estudio

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' loading='lazy' decoding='async'/>

Tony Merisan October 9, 2024 No Comments

Hace unos meses, noté un comportamiento inusual en uno de mis servidores. A pesar de que había eliminado una vulnerabilidad anterior, mi proveedor de alojamiento me informó que la carga…

Articles and Reflections

Anatomía de un ataque de ransomware a Linux

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' loading='lazy' decoding='async'/>

Tony Merisan October 9, 2024 No Comments

El flujo de ataque a linux son una serie de pasos, todos ellos destinados a maximizar la interrupción causada y aumentar la probabilidad de que se pague el rescate. Vamos…

Articles and Reflections

SOC Maletin

<img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' data-src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' data-srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo lazyload' height='150' width='150' loading='lazy' decoding='async' src='data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==' style='--smush-placeholder-width: 150px; --smush-placeholder-aspect-ratio: 150/150;' /><noscript><img alt='' src='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=150&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/c0c8111a6bceb4cf5a48de1572c9c819?s=300&d=mm&r=g 2x' class='avatar avatar-150 photo' height='150' width='150' loading='lazy' decoding='async'/>

Tony Merisan August 14, 2024 No Comments

Saludo geeks, nerds, idiotas, hackers, haters. Stega aquí 🫶🏻 Hoy te traigo un SOC Maletín: Empecemos: 💡 Década de 1970: la época de la aparición de los primeros antepasados de…

ProActive OSINT (En la mente del atacante)

Articles and Reflections

Predicciones para 2025 sobre los cisnes negros

Held Ransomware

Luck (MedusaLocker)