<title>Puffin Security</title>
<atom:link href="/feed/" rel="self" type="application/rss+xml"/>
<link>/</link>
<description>Enhance your cyber security posture, reduce risk, facilitate compliance and improve operational efficiency with a highly specialized team</description>
<lastBuildDate>Wed, 13 May 2020 20:47:40 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>Starting from zero?</title>
<link>/starting-from-zero/index.html</link>
<comments>/starting-from-zero/index.html#respond</comments>
<pubDate>2018-07-02 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ buffer overflow ]]>
</category>
<category>
<![CDATA[ buffer overrun ]]>
</category>
<category>
<![CDATA[ stack based ]]>
</category>
<category>
<![CDATA[ stack overrun ]]>
</category>
<category>
<![CDATA[ stack smashing ]]>
</category>
<description>
<![CDATA[ For some time, I’ve been reading blogs about exploiting that seems now at last my time has come to change the role. In this blog I will publish posts as a workshop “from scratch” the exploiting, and additionally I try often bring examples of vulnerabilities... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Malware Prevention System</title>
<link>/malware-prevention-system-project-financed-by-FEDER-and-JCyL-through-ICE/index.html</link>
<comments>/malware-prevention-system-project-financed-by-FEDER-and-JCyL-through-ICE/index.html#respond</comments>
<pubDate>2018-07-02 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<description>
<![CDATA[ Project financed by the European Regional Development Fund (FEDER) of the European Union and the Junta de Castilla y León, through the Institute for Business Competitiveness of Castilla y León (ICE), with the aim of promoting the development of Information and Communication Technologies for SMEs ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>My name is overflow, buffer overflow</title>
<link>/my-name-is-overflow-buffer-overflow/index.html</link>
<comments>/my-name-is-overflow-buffer-overflow/index.html#respond</comments>
<pubDate>2018-07-03 16:38:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ buffer overflow ]]>
</category>
<category>
<![CDATA[ buffer overrun ]]>
</category>
<category>
<![CDATA[ stack based ]]>
</category>
<category>
<![CDATA[ stack overrun ]]>
</category>
<category>
<![CDATA[ stack smashing ]]>
</category>
<description>
<![CDATA[ In principle it is already clear how we get control program flow leveraging a script out of bounds. Let’s see how the stack is for a function like yesterday ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>ret2libc: Firing with its own gun</title>
<link>/ret2libc-firing-with-its-own-gun/index.html</link>
<comments>/ret2libc-firing-with-its-own-gun/index.html#respond</comments>
<pubDate>2018-07-05 14:33:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ stack overflow ]]>
</category>
<description>
<![CDATA[ Since 2000, operating systems began to support the NX bit and emulators of it. The PaX patch for Linux (who also includes ASLR), ExecShield (RedHat), W^X (OpenBSD and macOS) and DEP appear (from Windows to WinXP SP2). This protection is to distinguish memory pages permissions... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>ROP: In exploiting and love anything goes</title>
<link>/rop-in-exploiting-and-love-anything-goes/index.html</link>
<comments>/rop-in-exploiting-and-love-anything-goes/index.html#respond</comments>
<pubDate>2018-07-09 11:39:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<description>
<![CDATA[ Today’s post is almost a continuation of a previous post. Because today we will bring the widespread ret2libc. Before starting, give a brief explanation of what is ASLR (Address Space Layout Randomization). It is a simple protection method that randomizes the address space of the... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Starting (from) the base: Attacks to base/frame pointer (EBP)</title>
<link>/starting-from-the-base-attacks-to-base-frame-pointer-ebp/index.html</link>
<comments>/starting-from-the-base-attacks-to-base-frame-pointer-ebp/index.html#respond</comments>
<pubDate>2018-07-21 19:59:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ buffer overflow ]]>
</category>
<category>
<![CDATA[ exploitiing ]]>
</category>
<category>
<![CDATA[ falseo frames ]]>
</category>
<category>
<![CDATA[ frame faking ]]>
</category>
<category>
<![CDATA[ frame pointer overwrite ]]>
</category>
<description>
<![CDATA[ Good afternoon, evening, or whatever it may be. Finally comes the awaited (?) Episode on attack base / frame pointer (EBP). Without further ado, let’s start function, even with two-way XDD (this is not in itself another preamble also???). So far, we have studied the... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Complementary Method : The Byte at the End of the Universe Stack</title>
<link>/complementary-method-the-byte-at-the-end-of-the-universe-stack/index.html</link>
<comments>/complementary-method-the-byte-at-the-end-of-the-universe-stack/index.html#respond</comments>
<pubDate>2018-07-24 14:47:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ buffer overflow ]]>
</category>
<category>
<![CDATA[ environment variable ]]>
</category>
<category>
<![CDATA[ integer overflow ]]>
</category>
<description>
<![CDATA[ Very good, this post is dedicated to a couple of, I think “techniques” might call, which can be interesting. The first is really important. This is the integer overflow. Methods 0x9c90928f939a929a918b9e8d96908c First let’s take a look at how the numeric values are stored in memory.... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>ASLR: Being a postman in the city where they change the street names</title>
<link>/aslr-being-a-postman-in-the-city-where-they-change-the-street-names/index.html</link>
<comments>/aslr-being-a-postman-in-the-city-where-they-change-the-street-names/index.html#respond</comments>
<pubDate>2018-08-17 10:14:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Yago Gutierrez ]]>
</dc:creator>
<category>
<![CDATA[ ASLR bypass ]]>
</category>
<category>
<![CDATA[ buffer overflow ]]>
</category>
<category>
<![CDATA[ buffer overrun ]]>
</category>
<category>
<![CDATA[ stack based ]]>
</category>
<category>
<![CDATA[ stack overflow ]]>
</category>
<description>
<![CDATA[ This beautiful morning (I do not know what time you will read this) we will see in more depth the ASLR. ASLR (not ASMR) attends the words Address Space Layout Randomization. Is a technique that was designed at the beginning of the century with DEP/NX/W^X/... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>The Boogeyman is coming: IoT cybersecurity</title>
<link>/the-boogeyman-is-coming-iot-cybersecurity/index.html</link>
<comments>/the-boogeyman-is-coming-iot-cybersecurity/index.html#respond</comments>
<pubDate>2019-02-08 09:20:30 +0000</pubDate>
<dc:creator>
<![CDATA[ Adrián Campazas ]]>
</dc:creator>
<category>
<![CDATA[ Cyber security ]]>
</category>
<category>
<![CDATA[ dispositivos IoT ]]>
</category>
<category>
<![CDATA[ Internet of Things ]]>
</category>
<category>
<![CDATA[ vulnerabilidades ]]>
</category>
<description>
<![CDATA[ I could dedicate this article to interpret a painting signed by Francisco de Goya, but I am not an art expert, or you wouldn’t have visited this blog for that. In this first article I write I speak of cybersecurity in recent times, which is none other than cybersecurityIoT (Internet of Things). ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>The key to everything: Firmware on IoT devices</title>
<link>/the-key-to-everything-firmware-on-iot-devices/index.html</link>
<comments>/the-key-to-everything-firmware-on-iot-devices/index.html#respond</comments>
<pubDate>2019-02-25 07:50:41 +0000</pubDate>
<dc:creator>
<![CDATA[ Ignacio Crespo Martínez ]]>
</dc:creator>
<category>
<![CDATA[ Cyber security ]]>
</category>
<category>
<![CDATA[ dispositivos IoT ]]>
</category>
<description>
<![CDATA[ In this article we will enter the IoT world, focusing on the firmware of IoT devices. When we look from a perspective of security, it is the most critical component of any device. Almost any device that can come across to us execute a firmware.... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Malware Deception: no one escapes from it</title>
<link>/malware-deception-no-one-escapes-from-it/index.html</link>
<comments>/malware-deception-no-one-escapes-from-it/index.html#respond</comments>
<pubDate>2020-01-08 12:56:57 +0000</pubDate>
<dc:creator>
<![CDATA[ Ignacio Crespo Martínez ]]>
</dc:creator>
<category>
<![CDATA[ Cyber security ]]>
</category>
<description>
<![CDATA[ A malware is a threat that affects us all and that is increasing exponentially. In recent years, the malware we face is becoming more sophisticated, because cybercriminals want, first, we do not know who is responsible for creating a malware sample and the second, and... ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>My wordpress was hacked, ¿What do I do?</title>
<link>/My-wordpress-site-has-been-hacked/index.html</link>
<comments>/My-wordpress-site-has-been-hacked/index.html#respond</comments>
<pubDate>2020-07-21 12:56:57 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<description>
<![CDATA[ When there are indicators that your site is hacked, the most recommended action is to be calm as there is always a solution for it ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Project Request: Penetration testing</title>
<link>/penetration-testing/index.html</link>
<comments>/penetration-testing/index.html#respond</comments>
<pubDate>2020-10-05 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Proposal Sent ]]>
</category>
<description>
<![CDATA[ Penetration Test. Using OSWAp Web App Criteria ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Project Request: Web application penetration/vulnerability testing</title>
<link>/2020-10-06-Web-application-penetration-vulnerability-testing/index.html</link>
<comments>/2020-10-06-Web-application-penetration-vulnerability-testing/index.html#respond</comments>
<pubDate>2020-10-06 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Proposal Sent ]]>
</category>
<category>
<![CDATA[ Assessments & Testing ]]>
</category>
<category>
<![CDATA[ Cybersecurity Management ]]>
</category>
<category>
<![CDATA[ Configuration Management ]]>
</category>
<category>
<![CDATA[ Information Security Consultation ]]>
</category>
<category>
<![CDATA[ Incident Response Plan ]]>
</category>
<category>
<![CDATA[ Penetration Testing ]]>
</category>
<category>
<![CDATA[ Vulnerability Assessment ]]>
</category>
<category>
<![CDATA[ Source Code Scanning ]]>
</category>
<category>
<![CDATA[ Network Security ]]>
</category>
<category>
<![CDATA[ Network Pentesting ]]>
</category>
<category>
<![CDATA[ Internet Security ]]>
</category>
<category>
<![CDATA[ Network Administration ]]>
</category>
<description>
<![CDATA[ Assess web application to identify security posture and identify weaknesses ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Project Request: Penetration test of web application</title>
<link>/Penetration-test-of-web-application/index.html</link>
<comments>/Penetration-test-of-web-application/index.html#respond</comments>
<pubDate>2020-10-07 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Proposal Sent ]]>
</category>
<category>
<![CDATA[ Assessments & Testing ]]>
</category>
<category>
<![CDATA[ Cybersecurity Management ]]>
</category>
<category>
<![CDATA[ Configuration Management ]]>
</category>
<category>
<![CDATA[ Information Security Consultation ]]>
</category>
<category>
<![CDATA[ Malware Removal ]]>
</category>
<category>
<![CDATA[ Penetration Testing ]]>
</category>
<category>
<![CDATA[ Vulnerability Assessment ]]>
</category>
<category>
<![CDATA[ Source Code Scanning ]]>
</category>
<category>
<![CDATA[ Network Security ]]>
</category>
<category>
<![CDATA[ Network Pentesting ]]>
</category>
<category>
<![CDATA[ Internet Security ]]>
</category>
<category>
<![CDATA[ Network Administration ]]>
</category>
<description>
<![CDATA[ Test for security vulnerabilities in Django web application ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Project Request: Penetration tester</title>
<link>/penetration-tester/index.html</link>
<comments>/penetration-tester/index.html#respond</comments>
<pubDate>2020-10-08 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Proposal Sent ]]>
</category>
<category>
<![CDATA[ Assessments & Testing ]]>
</category>
<category>
<![CDATA[ Cybersecurity Management ]]>
</category>
<category>
<![CDATA[ Configuration Management ]]>
</category>
<category>
<![CDATA[ Information Security Consultation ]]>
</category>
<category>
<![CDATA[ Incident Response Plan ]]>
</category>
<category>
<![CDATA[ Malware Removal ]]>
</category>
<category>
<![CDATA[ Penetration Testing ]]>
</category>
<category>
<![CDATA[ Vulnerability Assessment ]]>
</category>
<category>
<![CDATA[ Source Code Scanning ]]>
</category>
<category>
<![CDATA[ Network Security ]]>
</category>
<category>
<![CDATA[ Network Pentesting ]]>
</category>
<category>
<![CDATA[ Internet Security ]]>
</category>
<category>
<![CDATA[ Network Administration ]]>
</category>
<description>
<![CDATA[ Looking a Pen testing Expert with proven record in cybersecurity ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Project Request: Certified Penetration Tester</title>
<link>/Certified-penetration-tester/index.html</link>
<comments>/Certified-penetration-tester/index.html#respond</comments>
<pubDate>2020-10-09 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Proposal Sent ]]>
</category>
<description>
<![CDATA[ The abilities required for certified penetration tester ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Use Case: Fintech</title>
<link>/Use-case-Fintech/index.html</link>
<comments>/Use-case-Fintech/index.html#respond</comments>
<pubDate>2021-06-23 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<description>
<![CDATA[ Mobile Application Penetration Testing ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>We're on Plexicus - Cyber Security Marketplace</title>
<link>/plexicus/index.html</link>
<comments>/plexicus/index.html#respond</comments>
<pubDate>2021-11-15 14:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<description>
...</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Ensuring Cloud Security: A Look at AWS Security Auditing</title>
<link>/ensuring-cloud-security-a-look-at-aws-security-auditing/index.html</link>
<comments>/ensuring-cloud-security-a-look-at-aws-security-auditing/index.html#respond</comments>
<pubDate>2023-01-24 09:20:30 +0000</pubDate>
<dc:creator>
<![CDATA[ Maria Montoya ]]>
</dc:creator>
<category>
<![CDATA[ Cybersecurity ]]>
</category>
<description>
<![CDATA[ In this blog post, we will explore the importance of cloud security and discuss some of the key considerations for ensuring the security of your cloud environment. From planning the audit to conducting and analyzing the results, we will explore why cloud security is more important than ever before. ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>A Comprehensive Guide to Management, Detection and Response (MDR)</title>
<link>/management-detection-response-guide/index.html</link>
<comments>/management-detection-response-guide/index.html#respond</comments>
<pubDate>2023-04-20 16:00:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Jeanne Frances Santos ]]>
</dc:creator>
<category>
<![CDATA[ Cybersecurity ]]>
</category>
<category>
<![CDATA[ IT Management ]]>
</category>
<category>
<![CDATA[ Cybersecurity ]]>
</category>
<category>
<![CDATA[ Incident response ]]>
</category>
<category>
<![CDATA[ Threat management ]]>
</category>
<category>
<![CDATA[ Network security ]]>
</category>
<description>
<![CDATA[ MDR is a proactive and holistic approach to cybersecurity that combines technology, people, and processes to protect against, detect, and respond to cyber threats. ]]>
</description>
<slash:comments>0</slash:comments>
...</item>
<item>
<title>Harnessing the Power of Manage, Detect, and Response - Empowering Effective Solutions in Modern Challenges</title>
<link>/power-of-mdr/index.html</link>
<comments>/power-of-mdr/index.html#respond</comments>
<pubDate>2023-06-05 15:44:00 +0000</pubDate>
<dc:creator>
<![CDATA[ Jeanne Frances Santos ]]>
</dc:creator>
<category>
<![CDATA[ Cybersecurity ]]>
</category>
<category>
<![CDATA[ Risk Management ]]>
</category>
<category>
<![CDATA[ Incident Response ]]>
</category>
<description>
<![CDATA[ Exploring significance of MDR ]]>
</description>
<slash:comments>0</slash:comments>
...</item>