javier santiago

When we talk? n0ipr0cs at riseup dot net - PGP Key ID: 0x8994C2306C8B882A

My passion is hacking, that is why, for me, my job is more than my profession, it is my hobby and my philosophy of life. In my career, I have worked with international clients from different sectors such as banking and finance, telecommunications, government agencies, training, superstores and presence in countries such as Spain, Brazil, Colombia, Peru, United States, Chile, Argentina, Uruguay, Mexico, United Kingdom, France, Canada… I currently work as Senior Security Consultant at Telefonica. I like to enjoy nature on the beach and in the mountains, I practice surf, body surf, gym, meditation, trekking and mountain bike. Whenever my investigations and offensive security training allows me to.

Advisories


CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal

- ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. Base Score: 7.5 HIGH.
- https://www.exploit-db.com/exploits/49343
- https://seclists.org/fulldisclosure/2020/Dec/13
- https://nvd.nist.gov/vuln/detail/CVE-2020-35598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35598

Ganador CTF Hacking Tribe Las Vegas

Organizado por bbva

Hack the Box type competition, solving challenges, machines, training, etc ... Among all BBVA participants, the winner could attend BlackHat and DefCON 2019.

CVE-2018-10294

Flexense

DiskBoss is an automated disk space analysis and file management solution allowing one to perform various types of disk space analysis, file classification, duplicate files search, file synchronization, disk change monitoring, file management, file delete and data wiping operations on local disks, network shares, NAS devices and enterprise storage systems.
XSS-Flexense-DiskBoss-Enterprise-all-versions.
-https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10563

Flexense

SyncBreeze is a fast, powerful and reliable file synchronization solution for local disks, network shares, NAS storage devices and enterprise storage systems. Users are provided with multiple one-way and two-way file synchronization modes, periodic file synchronization, real-time file synchronization, bit-level file synchronization, multi-stream file synchronization, background file synchronization and much more.
XSS in Flexense SyncBreeze, affects all versions
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10564

Flexense

DiskPulse is a real-time disk change monitoring solution allowing one to monitor one or more disks or directories, save reports and disk change monitoring statistics, export detected changes to a centralized SQL database, execute custom commands and send E-Mail notifications when unauthorized changes are detected in critical system files.
XSS in Flexense DiskPulse, affects all versions.
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10565

Flexense

DiskSavvy is a disk space usage analyzer capable of analyzing disks, network shares, NAS devices and enterprise storage systems. Users are provided with multiple disk usage analysis and file classification capabilities allowing one to gain an in-depth visibility into how the disk space is used, save reports and perform file management operations.
XSS in Flexense DiskSavvy, affects all versions.
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10566

Flexense

DupScout is a duplicate files finder allowing one to search and cleanup duplicate files in local disks, network shares, NAS storage devices and enterprise storage systems. Users are provided with the ability to search duplicate files, save reports, replace duplicates with links, delete duplicate files or move duplicate files to another location.
XSS in Flexense DupScout, affects all versions.
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10567

Flexense

VX Search is an automated, rule-based file search solution allowing one to search files by the file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification and last access dates, EXIF tags, etc. Users are provided with the ability to categorize and filter results, copy, move or delete files, save reports and export results to an SQL database.
XSS in Flexense VX Search, affects all versions.
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

CVE-2018-10568

Flexense

DiskSorter is a file classification solution allowing one to classify files in local disks, network shares, NAS devices and enterprise storage systems. Users are provided with the ability to gain an in-depth visibility into which types of files are using most of the disk space, save reports and perform file management operations on categories of files.
XSS in Flexense DiskSorter, affects all versions.
- https://web.archive.org/web/20190118205706/http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

Vulnerability Open Redirect LogicBoard CMS

LogicBoard CMS

LogicBoard is a forum engine oriented CMS, ideal for corporate sites, online stores, communities, etc.
- http://www.estacioninformatica.blogspot.com/2017/01/vulnerability-open-redirect-logicboard.html
- http://seclists.org/fulldisclosure/2017/Feb/0

Multiple XSS en Babylon

Babylon

Babylon was founded in 1997 and is based in Tel Aviv (Israel). Babylon offers several different services to end users and companies. Translator, monetization and web search engine services. It also has millions of users around the world.
- http://www.estacioninformatica.blogspot.com/2016/06/xss-en-babylon.html
- http://seclists.org/fulldisclosure/2016/Jun/10

Tradukka affected by Cross-Site Scripting

Tradukka

Vulnerability Cross-Site Scripting (XSS) in Tradukka. It is a tool that currently helps millions of users. It started as a simple translator and is now a diversified set of 5 applications:
- Real-time translator
- Multiple translations
- Definitions
- Units
- Currency exchange
- http://www.estacioninformatica.blogspot.com/2016/04/xss-en-tradukka.html
- http://seclists.org/fulldisclosure/2016/Apr/17

Certifications

  • CEH - Certified Ethical Hacker

    • EC-Council

    Expedition: Aug 2015
    Credential ID ECC37935236457

  • OSCP

    • Offensive security

    Expedition: Jun 2021
    Credential ID OS-101-48987


  • Legal Expert Computer

    • Certified Forensic Analyst ANTPJI Certification.

    Expedition: Jun 2013

Publications


Las 500 contraseñas más peligrosas 9 Razones para no pasarte al lado oscuro ¿Te sientes vigilado?
One Hackers
  • Las 500 contraseñas más peligrosas
  • 9 Razones para no pasarte al lado oscuro
  • ¿Te sientes vigilado?

Congress
  • Co-Organizer Sec/Admin - Security Congress in Seville.
  • Speaker Mundo Hacker Day - Hacking Spain: el rol de las comunidades en la ciberseguridad.
  • Speaker x1red+segura - ¿Qué es ser un hacker?

Pappers

La era del espionaje masivo

La era del espionaje masivo

Coming Soon.

Blog