Follow @omarbv in Mastodon


Cyber Security and Data Privacy

NullCON GOA 2022 - Tech Bug Bounty Panel

Nov 06 2022 - English

I had the great opportunity to participate as speaker at NullCON GOA 2022 last September, in the Tech Bug Bounty Panel with other Bugbounty and Responsible Disclosure managers. The discussion revolved around the experience & challenges for an Organizations running their own active Bug Bounty Programs… (continue)

Building a BugBounty Program from Scratch

May 12 2021 - English

What happens when a security researcher finds a bug in your code or the way to access your customer data? Do you have a clear policy and flow to get the findings in a safe way? During this session I will show you how to create a Bug Bounty or Responsible Disclosure… (continue)

Building a VDP for Success

Apr 22 2021 - English

Vulnerability Disclosure Programs (VDPs) are a clear way to tell the security researcher community how an organization wants them to report a vulnerability and what an organizations’ commitment will be to fixing it… (continue)

Secrets on Github, a plage

Jun 22 2020 - English

Software Engineers are humans. Humans make mistakes, and anything that can go wrong, will eventually go wrong. There is a known and big issue in Git and SVN platforms where developers push their code, sharing sometimes more than they should… (continue)

Jan 15 2020 - English

Due to the huge geopolitical movement of the last few months with important actors on the scene, the year 2020 can be expected to manifestly reach a direct cyber confrontation to measure forces in the face of a hypothetical cyberwar… (continue)

Github Email Search Tool

Oct 31 2019 - English

At some point, maybe you had the need to contact the owner of a Github repository. That is a feasible thing but very manual, loosing a lot of time copy&pasting and searching. Now this will be easier with… (continue)

Yubikey Neo + Ubuntu 18.04.3 LTS

Oct 28 2019 - English

Post explaining how to install a new security requirement and use a Yubikey as 2FA to log in your session in Ubuntu 18.04.3 LTS… (continue)

Ciberataques. La delincuencia digital

Oct 21 2019 - Español

En este capítulo descubrimos como en el ciberespacio también existen el bien y el mal: los hackers éticos y los ciber-delincuentes se enfrentan en una lucha por atacar y defender los secretos, sin olvidarse que la ciber-policía patrulla las calles de las redes más oscuras… (continúa)

Bug Bounty Program, does it help?

Mar 06 2019 - Español

What happens when a security researcher finds a hole in your code? Do have a clear policy to submit this kind of findings? Most not. Responsible Disclosure is something every company should manage… (continue)

Jan 11 2019 - English

During the next year we will see a natural increase in the automation of attacks against companies and homes using artificial intelligence to facilitate the work of cybercriminals, and also multiply the targets to attack… (continue)

Apple Siri Bug – Deactivating Wi-Fi

May 30 2017 - English

After reading the post published by Anton31Kah at Reddit, where he explains a bug in Siri that allows you to deactivate movile data although the iPhone is locked with a passcode. So I started to do some test regarding the WiFi… (continue)

NOSEC SmartSociety

Nov 15 2016 - Español

¿Qué ocurre si prescindimos de la ciberseguridad? ¿Se invierte lo suficiente hoy en día? Parece que no… (continúa)

Norwegian Air, playing with VOD system

Sep 20 2016 - English

This post is excerpted from the talk presented at the CyberSecurity Meetup Helsinki, about vulnerabilities and bad implementations in several products… (continue)

CyberSecurity Meetup in Helsinki

Aug 16 2016 - English

After careful consideration and much thought, finally I decided to create an interesting “meetup” event in Helsinki focused in CyberSecurity(continue)

KeyLemon, bypassing face-authentication

Jun 13 2016 - English

KeyLemon, is a well known application from Switzerland, that allows to enter in your session without login or password, with more than 3 million of downloads and also is involved in an European Commission project funded by more than 4 million Euros… (continue)

Intelligence Sharing, Blueliv Community

May 30 2016 - English

According to the last Internet Crime Complaint Center (IC3) report, cybercrime had a considerable, negative impact on U.S. businesses during 2015… (continue)

Qatar National Bank Breached

Apr 26 2016 - English

Today some information appeared in Twitter and media about a possible data breach in the QNB. Here you will find some thoughts about the breach and the 2GB of information leaked… (continue)

Is Protonmail “proxied” by an Israel company?

Nov 16 2015 - English

Last November 11, Cryptome, a very well-known leak information website, published an article talking that behind ProtonMail services, there was an Israeli company offering proxy services… (continue)

Estadísticas de las Elecciones Europeas?

May 25 2014 - Español

Como ya sabéis, hoy es día electoral, y hace un rato, estaba indagando en los escrutinios ofrecidos por la web oficial del Ministerio de Interior… (continúa)

Twitter, Log File Access Vulnerability

Feb 24 2013 - English

Log File Access Vulnerabillity in Twitter Vine service. An attacker can gain unauthorized access to user information stored in log files… (continue)

Bypass iPhone passcode

Feb 24 2013 - English

After reading in the blog EstudioIphone about the possibility of skipping the security code in the iPhone to see contacts, make calls, etc. by using “#number” on the emergency call screen… (continue)