The first post about our security survey on Chilean domains: "Getting the domain list of Chile" using Scrapy bit.ly/2H1hEgo

Nuestro equipo logró el primer lugar en la Hackaton Telefonica 2018! x.com/movistarem/sta…

gracias Start-Up Chile by Corfo , estamos listos! x.com/startupchile/s…

Our CEO is going to talk at Ekoparty | Hacking everything security conference this year and he tell us why is this that special! (bit.ly/2QpIxAG) #eko14

We will be giving a workshop about plugin development in detectem (github.com/alertot/detect…) at #ekoparty on Wednesday. In the few next days we'll be publishing a post about last advances in detectem and information to be ready for the workshop. #eko14

On Wednesday at 16:00 (Sala Abasto) we will be giving a workshop about detectem at ekoparty, here are the instructions to setup the environment to be able to participate: github.com/alertot/detect… #eko14 #ekoparty

Here are the slides of our presentation yesterday at #ekoparty and the open-source project called poiwer. Enjoy! speakerdeck.com/alertot/php-ob… github.com/alertot/poiwer

Obtuvimos el primer lugar en el CTF de la 8.8 2025 ! Felices por el trabajo del equipo y nuestras felicitaciones a #cntr0llz por la reñida competencia que brindaron hasta último minuto.

Our new post: Serialization flaw in wp-gdpr-compliance (bit.ly/2PpqAVP)

Our new post: New variant in wp-gdpr-compliance vulnerability and fixing it with virtual patching (bit.ly/2K7ihbx)

We ranked 12th in Metasploit Community CTF 2018 and here's our writeup: bit.ly/2KUv7Ki #MetasploitCTF #metasploit

Our new post: Writeup of a vulnerability found in Chile's Tax Service website (only available in Spanish) (bit.ly/2RFqRQJ)

New post: Un buffer overflow para gobernar Chile (only Spanish) (bit.ly/2DgDPjx)

Our research interest this year is web scraping frameworks, let's start with the first part of "Web scraping considered dangerous", this time with "Exploiting the telnet service in scrapy < 1.5.2" link.medium.com/XxJ8j152FW

Researcher Claudio Salazar (Claudio Salazar) details how SSRF to RCE was achieved in Scrapy by abusing the telnet service portswigger.net/daily-swig/scr…

we're security developers and it's not just breaking code, it's the whole lifecycle: our fix was merged on Scrapy (github.com/scrapy/scrapy/…) to avoid future variants of our attack (link.medium.com/Tv7leu4b3X)

The next post in our serie "Web scraping considered dangerous" is titled "Leaking files from the spider's host" .. ready for a SSRF+LFI? (link.medium.com/y2N1oAt0kY)

Este año ofreceremos un taller de programación segura en 8.8 2025 y en este post te contamos los detalles: link.medium.com/6N0AXCEUxZ

Lamentamos comunicar que a causa de compromisos laborales hemos debido cancelar el taller de programación segura. Agradecemos el apoyo que nos dio la organización de 8dot8 en todo momento. Si estás interesado en saber sobre cuando se dictará nuevamente, contáctanos!

hemos publicado nuestra presentacion "Web scraping con Scrapy " que fue presentada en el meetup de Software Crafters Chile: bit.ly/2DpaP6Z