I always liked city maps and a few weeks ago I decided to build my own artistic versions of it. After googling a little bit I discovered this incredible tutorial written by Frank Ceballos. It is a fascinating and handy tutorial, but I prefer a more detailed/realistic blueprint maps. Because of that, I decided to build my own version. So let’s see how we can create beautiful maps with a little python code and OpenStreetMap data.

Installing OSMnx

First of all, we need to have a Python installation. I recommend using Conda and virtual environments (venv) for achieving a tidy workspace. Moreover…

After learning how to perform CRUD operations into elasticsearch, we should learn how to administrate our cluster. Backups and shard allocations are fundamental tasks that we should be able to perform.

Shard allocation filtering

As mentioned in previous posts elastic allocate indices into one or more shards, and we can save those shards in specific cluster nodes. For example, imagine that you have several data cluster nodes, two of them with SSD storage. If we are looking for a fast response over one of our indexes, we can configure that their shards go only to the SSD data nodes. This concept is called…

Road to Elastic Certified Engineer III — Elasticsearch 7.2

After learning how to deploy our own elasticsearch cluster, create indexes and load data into elasticsearch we should learn how to perform queries.

CREATE — Insert

The first operation we should know is how to insert data, I already mentioned this in a previous post, but we can insert data using the PUT method against the _doc endpoint.

Also, every time we insert a document we can specify a routing parameter. Using routing we can specify which shards will be searched, whenever we are looking for a document.

For example, it can be…

Road to Elastic Certified Engineer II

One of the first things that we need to learn, after learning how to deploy our own elasticsearch cluster, is to insert and interact with data inside a cluster. In this post, we will cover the Indexing Data section of the Elastic Certified Engineer Exam.

Elastisearch indexes

First, we need to understand how elasticsearch save information. Elastisearch saves the information into indexes and each index has one or more shards. Each shard is an instance of a Lucene Index and on top of that, some of the shards can be replicas. Due to the nature of…

Incredible open-source software trading

Last few years I have been trading cryptocurrencies and as a computer scientist, I always been interested in automated trading bots. I have read some stories and saw some videos about this topic. So I decided to try this technology. But first of all, a little advise, I am not an investment expert so be aware of the risk of trading. Do not gamble with money you are not willing to lose. After this little introduction, let's see how we can start with automated trading.

Do not reinvent the wheel

Every time I am thinking about a new software project, I…

Setting up your own mobile penetration lab

Recently I was hired to give a course about mobile security. Apart from the
OWASP Mobile Top 10, one of the basics for performing mobile or app penetration testing is to have Lab.

In this guide, I will explain the basics to set up an Android mobile pentesting lab. iOS apps are also susceptible to analysis but it is more accessible to set up an Android lab. Probably in the future, I will write a guide about how to set up and iOS mobile pentesting lab. Anyway, let’s start!!

In order to set…

Setting up a quick WiFi MITM scenario using berate_ap + mitmproxy

Since I started to work, around the end of 2013, I always find interesting WiFi security. Along all these years I tested several tools for performing WiFi security attacks, and each tool has its strength and weaknesses. One attack I always like to perform, teaching some classes or performing certain audit exercises, is a MITM WiFi attack. So here is a little tutorial about how to set up a MITM scenario using berate_ap and mitmproxy.

A little introduction to WiFi security

But before entering with the setup I think is better to explain some basic…

Last week a CTF event organized by the Spanish Guardia Civil was organized, the II NATIONAL CYBERLEAGUE GC. This challenge is oriented to students, due to that reason I could not participate. But I have I friend who participate, He knows I love forensic challenges so He sent me one of the challenges that were part of the competition. Their team did not manage to solve this challenge so let’s see what was about and how to solve it.

Evidence

There are two files:

• container
• snap.vmem

If you have played other CTF challenges this seems a little obvious but let it…