Just enough cryptography for better securing your apps

I’m not a cryptographer myself but I have always admired their work because literally they make the Internet a better place by creating technology that allows us our right to privacy and cybersecurity plus I enjoy playing basic crypto CTF challenges. At my current job I’m a weird mixture between Software developer and Information Security guy (finally the best of two worlds) that means I work a lot with security and crypto related matters and I’m also very fortunate for being able to work very close to a real cryptographer, so a couple months ago we were talking about security and I asked him if he could share some resources about cryptography but focusing on Software Engineers, meaning people without a heavy background in mathematics, this is what I learned.

Docker images are just TAR files!

I have been using Mac OSX for development for half a decade now, I love the macbook pro design, the operating system and that everything works out of the box, but I’ve always struggled with the fact that once you got your mac you “cannot" upgrade its components, that is a problem if you are a distributed systems engineer and the projects you are working on increase in complexity (ie: adding new services), of course you can always rent a big machine on the cloud but sometimes you just don’t have an Internet connection.

Build your own private cloud at home with a Raspberry Pi + Minio

Early this year I got one of those widescreen 5k monitors so I could work from home, the display is so cool but the sad thing is it only comes with 2 USB ports. I have a wired mouse and keyboard so when I wanted to connect an external hard drive for copying and backing up files it was always a pain in the neck. I remembered I have an old Raspberry PI2 I brought with me from México so last weekend I decided to work on a small personal project for solving this issue once and for all, I finished it and it’s working very well so I thought on writing a blogpost about it so more people can build its own private cloud at home too.

CTF OverTheWire: Natas10

Continuing with the CTF Natas series, now is the turn for natas10 Natas Level 9 → Level 10 Username: natas10 URL: http://natas10.natas.labs.overthewire.org Using the flag obtained in the previous challenge, we go to the URL showed in the description and we will see the following screen. It’s a simple web page with a basic input form, very similar to the previous one but they have added a character filter, we proceed to click the View sourcecode and we are redirected to index-source.

CTF OverTheWire: Natas9

Continuing with the CTF Natas series, now is the turn for natas9 Natas Level 8 → Level 9 Username: natas9 URL: http://natas9.natas.labs.overthewire.org Using the flag obtained in the previous challenge, we go to the URL showed in the description and we will see the following screen. It’s just a simple web page with a basic input form, if we type nonsense nothing happens, we proceed to click the View sourcecode and we are redirected to index-source.

Commands and Code Snippets I usually forget

Some commands and code snippets I use rarely during CTFs or my daily work, but still I need them from time to time and I’m very lazy to remember them. This note may grow over time. Javascript Playing with dec, hexa and bin (not really) in JS String.fromCharCode(0x41) // 'A' parseInt('0xf', 16) // 15 var n = 15 n.toString(16) // 'f' n.toString(2) // '1111' n.toString() // '15' var n = 'A' n.

CTF OverTheWire: Natas8

After a break we continue with the CTF Natas series, now is the turn for natas8 Natas Level 7 → Level 8 Username: natas8 URL: http://natas8.natas.labs.overthewire.org Using the flag obtained in the previous challenge, we go to the URL showed in the description and we will see the following screen. It’s just a simple web page with a basic input form, if we type nonsense we get an error message displaying Wrong secret, we proceed to click the the View sourcecode

FireShell CTF 2019 – Bad Injections (WEB)

Hi everybody, this is the first CTF I play this year, it was organized by the FireShell Security team (thank you so much guys!) and this the writeup for the Bad Injection challenge from the web category. This challenge was special because I played with some folks from work, special thanks to yovasx2 for playing this CTF with me 🙂 The challenge starts by giving us an IP address running a web server on the Internet:

10 things you should be doing if you care about security in your Tech Startup

I’ve been working in the startup world as a Software Engineer for a little bit more than two years now, as most of you already know, I’m very passionate about information security so I decided to create a list of things you can do to protect your technology Startup (most of them for free). SPOILER ALERT: This publication is not going to be your typical article about which crypto cipher is better to use, IDS comparisons or talking about specific DLP products , instead, I would like to cover 10 actions (more like advices) you can take if you value your product, your data, your employees and if you want to protect your Startup in general.

CTF OverTheWire: Natas7

Continuamos con la serie de tutoriales del CTF Natas, ahora toca el turno de natas7. Natas Level 6 → Level 7 Username: natas7 URL: http://natas7.natas.labs.overthewire.org Utilizamos la bandera obtenida en el reto anterior y accedemos a la URL indicada en las instrucciones del reto, veremos una pantalla como la siguiente. Inspeccionamos el código fuente de la pagina y observamos un par de cosas interesantes: Vemos dos hypervinculos (index.