Content-Security Policy (CSP) y cómo (no) confiar ciegamente en ella
Offensive SecurityRed teamPentesting
September 11, 2025
El Content-Security Policy (CSP) es una de las defensas más efectivas contra vulnerabilidades del tipo Cross-Site Scripting (XSS) y ataques relacionados con la carga de recursos maliciosos. Se implementa a través de la cabecera HTTP \\\'Content-Security-Policy\\\', y permite al navegador aplicar restricciones sobre qué scripts, estilos, imágenes u otros recursos pueden cargarse y ejecutarse en una aplicación web.
COD4MW Cheat: A Reverse Engineering Adventure
Offensive SecurityPentestingResearch
August 28, 2025
If you enjoy playing online games, you’ve probably heard about cheaters. People tend to have a negative perception of them, and they’re somewhat right. Cheats can ruin the online gaming experience, but they can also be an interesting way to learn about reverse engineering.
Automation and Pentesting: Use AI and Open-Source Tools
May 27, 2025
This article aims to combine automation and pentesting methodologies in a practical way, using artificial intelligence and multiple open-source tools. More than just a list of commands, it’s about sharing a replicable, flexible, and accessible methodology.
The approach we want to showcase is how, with the publicly available tools today and the help of AI models, it’s possible to improve automated processes—reducing the need for manual effort and allowing more time to focus on exploitation and, why not, the more fun parts.
Car Hacking: How to unlock doors with Doggie
March 25, 2025
This post will explore a practical use case to demonstrate Doggie’s power in automotive security research. Imagine you need to unlock a vehicle by sending the correct sequence of CAN messages. With Doggie and tools like Python-can, can-utils, or custom scripts, you can sniff unlocking messages, replay them, and even experiment with manipulating the system for security analysis.
CVSS v4: What’s New and Why It Matters for Your Vulnerability Management
PentestingVulnerability Management
January 7, 2025
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats requires robust tools and accurate frameworks for assessing risk. The Common Vulnerability Scoring System (CVSS) has long been a cornerstone for evaluating vulnerabilities, providing a standardized method to gauge their severity. With the release of version 4.0, CVSS introduces significant updates aimed at improving accuracy and decision-making for security teams.
Faraday at Ekoparty 2024: recap
November 22, 2024
Ekoparty 2024 was more than just a cybersecurity conference—it became a hub for knowledge sharing, community building, and celebrating the latest discoveries and innovations. Our team played a prominent role across various sessions, showcasing not only their technical expertise but also their commitment to the community.