Make Security Your Strength

For most, security is a blind spot. It doesn't have to be that way.

That's why we offer audits, trainings, and consulting services backed by deep-dive security research.

Distinguish your business through best-in-class security and peace of mind for you and your customers.

Trusted by

Highest level of services in the industry.

Security Research: Dedicated to staying ahead of the rapidly evolving threat landscape, we conduct cutting-edge IT security research.
Trainings: Learn the skills you need to protect your business from cyber threats with our comprehensive IT security training.
Pentests: Keep your systems secure with our experienced pentesting team; we'll help you find the vulnerabilities you never knew existed.
Smart Contract Audits: Our team is known for finding many critical vulnerabilities in smart contracts. Get your contracts audited by our experts with a proven track record.

Testimonials

What our clients say

Rebecca von Fehrentheil

Information Security Manager at Uniklinik Bonn

Moritz Prinz

Partner at TNG Technology Consulting

Find more content
in our Blog

Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!

CS:GO: From Zero to 0-day

We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conducts a technical deep dive into various identified bugs. We conclude by presenting a proof of concept (POC) exploit that leverages four different logic bugs into remote code execution in the game’s client, triggered when a client connects to the server.

Why Auditing the Code is Not Enough: A Discussion on Solana Upgrade Authorities

Recently, there’s been a lot of buzz around a DAO vote of Solend – one of Solana’s largest lending projects. It seeks to enact restrictions on large positions, and to temporarily take control of an existing user’s position in order to liquidate it in a controlled fashion. This can be done by upgrading the smart contract’s code.

But wait! Aren’t smart-contracts supposed to be immutable?

Only in a perfect world. No code is perfect and smart contracts aren’t either, so it can be necessary to change or fix them. This is called a program upgrade.

In this post, we’ll give an overview of one of the most fundamental and yet somehow often-overlooked aspects of the security of a smart contract, namely: Who has the power to initiate program upgrades? How can users be sure that the developers don’t make undesired changes? Or even worse, just run off with their money?

From Guardian to Gateway: The Hidden Risks of EDR Vulnerabilities

Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the importance of robust defenses for security systems themselves.

Solana Smart Contracts: Common Pitfalls and How to Avoid Them

In this post, we want to raise awareness about the five most common vulnerabilities in Solana contracts that we keep finding during our audits. We’ll keep the vulnerability descriptions short and concise and provide a simplified example as well as a TL;DR for each vulnerability so that you can easily reference them while coding.