Actions to be taken in case of hijacking or loss of GMAIL account credentials
1. Introduction The purpose of this article is to provide recommended steps to recover a GMAIL account that may have been lost or hijacked. Although the instructions have been checked, it should be noted that ultimately the recovery or not of the account depends on the criteria or criteria of the people at Gmail who evaluate the request and the evidence provided. This means that despite following each step correctly, it is possible that the recovery request will be rejected. 2. Steps for Gmail account recovery 2.1. Factors that can facilitate recovery As indicated in the introduction, the decision to …
Securing our devices against potential espionage.
1. Introduction In this article, we will provide guidelines on how to proceed in the event that we believe or suspect that any of our devices (computer or smartphone) are compromised, meaning that unauthorized individuals have unrestricted access to the device. The goal of this article is not to show the reader how to detect if their devices or accounts have been compromised (compromised by trojans) by third parties. Broadly speaking, there are certain signs that may lead us to suspect that something unusual is happening. Instances where the battery life of our smartphone suddenly becomes much shorter than usual, …
What should we do if we become victims of ransomware?
1. What is ransomware and what impact does it have? In this article, we will explore how to proceed in the event that our systems have been compromised by ransomware, something that has become quite common in recent times. Ransomware is defined as a type of malicious program (malware) that encrypts the computer data of infected machines and demands a ransom payment, usually in cryptocurrencies (Bitcoin, Monero, etc.), in exchange for removing this restriction and restoring data access to the victim. A ransomware attack can result in significant financial losses for companies. If they don’t have recovery plans in place …
Capture The Flag (CTF) Deloitte – CyberAcademy
1. Introduction and Objectives In this article, we will provide a solution to the “Deloitte-CyberAcademy” CTF, which features a variety of challenges similar to our CTF-1. You can download the CTF-1 from the following link: This is a virtual machine with a Linux operating system (hereinafter referred to as the “victim machine”) that presents a series of challenges that need to be overcome in order to capture all the flags. To carry out ethical hacking tasks, we are situated with our attacking machine in the same network segment as the victim machine. To achieve this, we have deployed both machines …
Physical Security: Access Card Cloning with Proxmark in Red Team Operations
1. Introduction and Objectives In this article, we will explore how easy it can be to clone certain types of cards that are widely used, not only in access controls of private organizations (hotels, etc.) but also in public institutions. To achieve this, we will make use of Proxmark3, which can be acquired from its official website: In this article, we will not demonstrate how to set up the environment to be able to use Proxmark3, as there are several tutorials available on the Internet that provide clear instructions for that: Therefore, to carry out this practice, we should have …
Anonymous Connection, Information Exfiltration, and Covering Tracks in Red Team Operations (RTO)
1. Introduction and Objectives In this article, we will demonstrate how an attacker can exfiltrate a complete clone of a hard drive or a disk partition in a silent and professional manner, as should be done in a Red Team Operation (RTO). We will employ the same tactics, techniques, and procedures (TTPs) used by cybercriminal groups. We will not delve into the details of how an attacker can compromise a system at this level, as it is not the objective of this article (we have several articles on our blog that cover this topic). However, it’s important to note that …
Publishing a website or files on the Deep Web using a Raspberry Pi anonymously (OnionShare).
1. Introduction and Objectives In this article, we will demonstrate how one can publish a website or a file-sharing space on the Deep Web (TOR network) using a Raspberry Pi, ensuring both security and anonymity. Throughout the project, we will encounter challenges that we must mitigate to the best of our ability while upholding the principles of security and anonymity. The main objective is to show readers how straightforward it is today for someone with basic systems knowledge to set up their own anonymous infrastructure for sharing information. Additionally, we will outline the measures to be taken in order to …
Analysis and Reverse Engineering of a Banking Trojan Malware from the Zeus Family
1. Introduction and Objectives In this article, we will demonstrate how to conduct a reverse engineering analysis of a banking trojan from the Zeus family. For our study, we have been provided with a single binary file named “fichero.bin.” You can download it from the JMSec GitHub repository: To undertake a study of this nature, you’ll need some basic knowledge of reverse engineering. 2. Setting Up the Laboratory and Description of Materials To begin the exercise, it should be noted that the analysis of the binary is conducted under the Windows 10 operating system. The following list enumerates the tools …
Attack Using BadUSB Devices or Rubber Ducky
1. Introduction and Objectives In this article, we will conduct a practical study on how an organization can be compromised using a BadUSB device, whether it’s inserted into a computer by an attacker with physical access to the victim’s system or by an unsuspecting user who falls victim to deception. We will get straight to the point without spending time on explanations about the technical features of these types of hardware or preparing Arduino IDE, as this information is readily available in numerous articles from other cybersecurity companies. In this article, our focus will be on programming a BadUSB using …
Capture The Flag CTF 2 Jaymon Security – Pentesting
1. Introduction and Objectives In this article, we will provide a solution to the second CTF (2.0) proposed by JAYMON SECURITY, which you can download from their website through the following link: This article simulates the execution of an ethical hacking audit, also known as a Pentest, on a Windows operating system machine belonging to the education department of a university (hereinafter referred to as the “business organization”), where an exam platform is located. To carry out the tasks of ethical hacking, we are situated with our attacking machine in the internal network segment of the business organization. Within this …