Leverage real-world hacking expertise to strengthen your organization's defenses. Our team consists of seasoned hacking competition champions and certified security researchers. We deliver thorough assessments of your systems using both manual and semi-automated methods.
Your applications are often the most exposed part of your business and attackers know it. We uncover vulnerabilities in web, mobile, and API-based applications by combining automated tools with in-depth manual testing. Our focus is on real-world impact, from authentication flaws to logic bypasses, so you can deploy with confidence.
Beyond your applications, the underlying infrastructure of your organization can provide attackers with unexpected opportunities. We assess everything from clients to Active Directory and cloud environments, identifying weaknesses that traditional scans often miss. Our goal: ensuring your internal systems are resilient.
Sometimes the question isn't just 'Are we vulnerable?' but 'How well can we detect and respond?'. Through red teaming, social engineering, and purple team exercises, we simulate real-world attackers to measure your defenses under pressure. These engagements provide a holistic view of your security posture and help sharpen your detection and response capabilities.
Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!
This blogpost starts a series about various exploits at Pwn2Own 2024 Ireland (Cork). This and the upcoming posts will detail our research methodology and journey in exploiting different devices. We start with some EXIF basics and end up with shellcode execution after reconfiguring the MMU of the RTOS.
In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the converter was using a .NET renderer framework based on Chromium 62. With this, we were able to gain remote code execution by porting a Chromium 62 exploit to the particular version of the renderer.
In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you’ve never heard of this, no worries. We introduce all relevant background information, describe our approach to reverse engineering the products’ internals, and explain how we finally exploited the vulnerabilities. We hope to shed some light on this undervalued attack surface.
Explore the hidden risks within security software as we dive into vulnerabilities of Wazuh, a popular EDR solution. This post reveals how even trusted tools can become targets, highlighting the importance of robust defenses for security systems themselves.
You want to improve your product's or organization's security? Request a free pentest needs assessment!
