León Castillejos’ blog

“Automation is cost cutting by tightening the corners and not cutting them.” - Haresh Sippy

Posts - Page 2 of 3

Post-Exploitation: spawning a shell

  • 3 min read

Once you have gained shell access on a machine, you will often find the prompt extremely limited, especially if you have used manual exploitation. In these cases, the shell often cannot perform basic tasks that you would expect from a fully interactive shell prompt like Bash, or zsh. You will also be unable to run intensive interactive commands such as the Vim text editor, or ncurses-based programs.

Read More

What Apple’s T2 chip means for the security of Macs

  • 4 min read

An article by Mac Rumors was recently published, revealing Apple had designed a component, which, according to an Apple document, would “result in an inoperative system” in the event a hardware replacement or repair was performed without running a proprietary diagnostics solution after.

Read More

The DEFINITIVE guide to defeating spammers

  • 6 min read

Nowadays, spamming is a very common technique, and nobody can deny that. Spamming is so cheap that even a 10% opening rate is a tremendous success, because sending e-mails doesn’t require paying fees to ISPs (like you would with mass SMSs and robocalls), and it also doesn’t require hiring anyone to take the time to manually write and send e-mails (as opposed to postal spam, which have to be physically delivered into mailboxes by people), when you can just buy e-mail addresses in bulks by thousands of providers that sell active e-mail addresses by prices so ridiculously affordable, it lowers the barrier to entry dramatically.

Read More

The fun begins: HackTheBox.eu

  • 1 min read

It’s been a while since I joined https://www.hackthebox.eu/. Probably more than a year. And I haven’t really had the time to spend trying to break into the machines, because of my university studies, but now summer is coming, so I will be able to dedicate more resources to it.

Read More

Static analysis tools for Windows

  • 2 min read

I’m currently studying malware analysis, so I wanted to write a post on the tools I’ve been using recently, to serve as a reference for me and hopefully for anyone interested in binary reversing.

Read More

The power of silence

  • 1 min read

I find silence to be grossly underestimated. We live in an era of permanent distraction. Companies use loud, aggressive marketing in the form of advertisements to grab your attention and get you to buy whatever it is they’re selling. Our smartphones have become distraction devices that instead of boosting our productivity, and increase our focus, are loaded of applications that send notifications indiscriminately, connecting us to real-time events instantly.

Read More