Alberto

2026 has arrived. I’m exploring job opportunities and projects. Feel free to reach out.

🎤Alberto Fernández de Retana “Exploring Browser Permissions and Exploiting Permission Hijacking” How browser permissions can be abused to gain access and pivot across features. Great talk at #GreHack25 🙌 🎥 Thanks to @Ministraitor for filming ! youtube.com/watch?v=nDKkZ2…

@Satoooon1024 😨😨

CTFはpost-LLMでも成立するのか〜という文章をしたためていたけど、そもそも自分がLLMとは関係なくCTF引退したがっているので、書いてもフェイクすぎるか

As someone who learned a big part of what I know from CTFs, or at least developed my interest and the right questions because of them, the current situation with CTFs vs LLMs is quite disappointing.

@siunam321 @hasherezade 100% real!

I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲

@st98_ Yep, it's more like daily wordle. Also, challenges are usually short in terms of lines of code.

@alberto_fdr Definitely. I love the concept of Daily AlpacaHack. Even if LLMs can solve those challs without any clever prompting, it's not just about getting the flag. It feels more like a fun daily game than a competition, even though there's technically a leaderboard.

Inu Profileのfirst bloodはArkさんです(2024年11月にテストいただいたので)

@st98_ True, CTFs are getting less funny because of LLMs :( . Btw, I love the alpaca challs.

@alberto_fdr Thank you! Making LLM-proof warmups is super tough nowadays, but I'm not giving up yet.

@rebane2001 @mebeim Thaaats why I couldn't find it hahaha

@mebeim it's fun how it's sort of hidden in the source code too source.chromium.org/chromium/chrom…

TIL Chrome has literal cheat codes to bypass HTTPS certificate warnings. You can type "thisisunsafe" on the warning page to force it to load the page anyway. Just tested it and it works. LOL (source: superuser.com/a/1786445/5910…)

@mebeim What? I tested and it works. Wow.

The Annual PortSwigger Web Hacking Techniques Top 10 is now open for voting. If you believe my research “Permission Hijacking at Scale” adds value to the community, I’d be thankful for your vote. 🙂

Voting is now live for the top ten web hacking techniques of 2025! Grab a coffee, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques: portswigger.net/polls/top-10-w…

Wow! my research appeared here 😆

@rewhiles Amazing writeup! 😄

An extremely detailed writeup for web/Teemo's Secret challenge from smileyCTF 2025! rewhile.github.io/posts/smiley-2…

13 years. RIP my darling boy.

Btw, this is the last thing I did in 2025. (ascended 2025-12-31 04:21:10.291168). Pwn.college is the best resource for learning system security, no doubt.

⚡️🇻🇪 "They're going to accuse you of being a drug trafficker": Chávez predicted years ago the "Noriega formula" of the Pentagon against uncomfortable leaders Decades before the US military operation in Caracas, Commander Hugo Chávez had already been warned that Washington was preparing a special operation to personally point him out as a "drug trafficker" and thus justify any action against him. "Some years ago, someone told me: (...) They're going to try to apply the formula [of then Panamanian leader, Manuel] Noriega", revealed the former Venezuelan president with total clarity. Describing the mechanism that the US had already used in Panama and Iraq, Chávez denounced that "they are looking for a way to associate Chávez directly with drug trafficking" because "anything is valid against a drug trafficker who is president". 💬 "We must die fighting, right there on the front line (...) I will die at the forefront with the dignity of a Venezuelan who loves this country", he stated, inspired by Fidel Castro.

Death to American imperialism

Wrapped up 2025 finishing 10th on @CTFtime. It was slow but another awesome year. congratulations @r3kapig @kalmarunionenDM @smiley_ctf for top 3 finishes for the year 👏

My author’s write-up for the two challenges I designed for ASIS CTF Finals (@ASIS_CTF ). albertofdr.github.io/post/asisctf-f…