An exploit kit or exploit pack is a type of toolkit cybercriminals use to attack vulnerabilities in systems so they can distribute malware or perform other malicious activities. Some known exploit kits are mpack, neutrino, angler, magnitude, RIG, nuclear, phoenix or crimepack. Usually are sold in the dark market using a subscription model (i.e. 500… Read more
A Capture the Flag (CTF) is a computer security competition. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Usually are structured in different levels, and each level has… Read more
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. The most important ones are: https://www.bugcrowd.com https://www.hackerone.com https://bountyfactory.io For each vulnerability sent that is eligible for bounty (i.e. it is inside the scope… Read more
Blue team is an specialized group of cybersecurity professionals, experts in threats identification, cybersecurity incidents analysis, remediation and forensics. As opossed to the red team, blue team has to identify, detect and prevent cyberattacks. Usually they work inside a SOC (Security Operations Center) in 24×7 shifts. They constantly monitor SIEM and other sources of information… Read more
A red team is an offensive group of cybersecurity experts that inside an organization tries in a covert manner to gain information through several techniques as social engineering, phishing, etc and compromise several parts or completely the organization. Its counterpart is the blue team.
OT stands for Operational Technology, contrary to the IT that is Information Technology. Inside IT we put things such as servers, computers, laptops, smartphones, etc. OT is more focused on more low-level devices that keep factory lines busy, as for instance, a PLC (Programmable Logic Controller) that can control an hydraulic valve or a nuclear… Read more
Terraform is one of the most used tools to deploy Infrastructure as a Service or IaaS for short, but we have to manage it in a secure way. Some developers add the terraform state file terraform.tfstate into the repository to share it among developers easily, which turns out to be a very bad idea as… Read more
My name is Jacobo Avariento. I got a Master’s Degree in Computer Science and specialized in cybersecurity in 2001. With more than 15 years in the cybersecurity industry as a consultant and penetration tester working for top tier banks, the European Central Bank, pharmaceutical, automotive and gaming companies.
I hold Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) and Certified Blockchain Security Professional (CBSP) certifications.