My papers, set of documentation written by me, alone or with collaborations. It may be helpful, interesting, old or just so, so... enjoy!

0CTF-2017 step-by-step WriteUp - Simple SQL and Py


0CTF is a Chinese Capture The Flag, organized by Team 0ops, this edition was performed in the middle of March-2017. I have posted two really detailed write-ups. Explaining step-by-step two challenges: Simple SQLi a tricky SQL injection with WAF protection, and Py, a challenge that consists in a python's precompiled file generated with permuted byte-codes.

simplq-sqli py-precompiled

Network insights into Vawtrak v2 [PDF]


Cyber Thread Intelligence Report published on Sep-2016 at Blueliv about the results from a technical investigation into the distribution and impact of banking Trojan Vawtrak v2 and the behavior of the cybercriminal groups behind it. Our Threat Intelligence Research Labs team used advanced search and pattern correlation algorithms to perform big data analysis in-house at Blueliv.

blueliv local

Inside Tinba-DGA Infection step-by-step: stages I & II


Articles published on Blueliv blog. There are a number of papers on how Tinba-DGA (Tiny Banker with Domain Generation Algorithm) works once it infects a system: web injects, hooks... But what about examining it infects the Explorer process without being detected? See the first two stages of the infection process step-by-step, published in 07-Jun-2016 and 22-Jul-2016 in the Blueliv blog.

stage I stage II

Network insights of Dyre and Dridex Trojan bankers [PDF]


Cyber Thread Intelligence Report published on May-2015 at Blueliv about the findings of the research of the malware Dyre and Drixed, between July-2014 and April-2015, which are ones of the most relevant emerging trojants, focusing mainly on our discoveries of the netwrok protocol and the study of its behavior.

blueliv local

Publication in Blueliv Blog about Pony Trojan


Article published on Blueliv in 29-May-2014 related with the Pony Trojan. It presented different kinds of panels found in the wild using the same Gate resource and infection payload, but with some differences in the panel, like pay per use service or different reports' storage approach.


Vulnerability Analysis of ZeuS Botnet Panel


As part of the hiring process for Blueliv, they requested me to analyze the ZeuS Botnet panel in order to find vulnerabilities and exploit them. Of course they didn't tell me that it was a ZeuS panel. This post presents the results I sent in 10-Feb-2014, including a vulnerability and a detailed description about how to exploit it, because of some agreements no exploit source code is provided


Collaboration in SecurityByDefault talking about WhatsApp


Article published on SBD in 22-Nov-2013 related with the previously published advisory - see below in the list -. This article, written in conjunction with Luis Delgado, describes why this behavior exists and also different tests performed to identify the limitation in the exploitation of the security issue.

original mirror

Yet another security issue with WhatsApp


WhatsApp advisory published in 14-Nov-2013 about an internal side effect - as they said - that may provoke, among others, a DoS against the application and information disclosure as well, everything without any kind of human interaction with the device. Already solved in version 2.11.134.


PreQuals NoConName WriteUp - Level1


First PreQuals organized by NcN starting in 27-Sep-2013 with three levels. Classified teams are invited to participate the CTF organized in conjunction with Facebook. This paper describes one of the processes to follow in order to pass the level1, the most interesting IMHO. There is also a mirror of the whole PreQuals environment and levels.

paper mirror

Interview about DeepWeb


This interview was used in the catalan newspaper Ara, in the sunday's suplement on 23-Jun-2013. in an article about the DeepWeb. The author used it more as information resource, not actually as interview.

interview publication [PDF]

Multiple Vulnerabilities in Zyncro Social Network


Published advisory. Vulnerabilities discovered in a product while working in Internet Security Auditors. Reported: SQL Injection, XSS and Design Failure. Published on 2011.


Degree Project: Malware Automated Detection Platform [PDF]


This paper describes the design and implementation of the new automatic platform service offered by Internet Security Auditors It is designed to analyze Internet domains in order to detect possible infections that could affect the user’s system while browsing the web. The current system has some shortcomings and this paper presents a new version which provides significant improvements such as optimal management, with a renewed design in the management of the information and processes. It also gives the system a centralised error handling, with a real-time alarm delivery, and results in grouping and pooling. 2009.

paper presentation

Basic Linux Hardening Guide [PDF]


This article written in spanish for the company Internet Security Auditors describes some security functionalities available on Linux distribution. It was written on 2007 but published on 2011.


Megamultimedia @rroba magazine


Published articles in a spanish magazine from Megamultimedia company focused on the IT world and IT security related issues.


view Cross-Site Scripting


view Controla tus juegos
view Infectando sistemas con Applets
view Bypass de Captcha
view Port Knocking
view VNC Auth. Bypass
view Bug en Internet Explorer


view 3com 812 Office
view PHPbb & CHOWN eXploits
view Rootkits
view Hacking práctico
view Buffer Overflow Básico (parte I)
view Buffer Overflow Básico (parte II)
view Consiguiendo acceso al usuario root
view Envío de datos por cabeceras IP


view John the ripper
view Backdoors en Linux

Disidents eZine


Published articles during 2004 in the spanish Disidents Hack Team eZines.

eZine #7 4.1mb

view IRC, su famoso bug del DCC
view Smashing the stack, by Aleph One
    spanish translation and commented

eZine #6 30mb

view 3com812, explotando sus bugs