Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

A man with a functional JavaScript t-shirt

Functional Fashion in JavaScript

Functional programming in JavaScript

It’s funny how fashion works, most people (if not all) want to be fashionable but just a bit understand where the fashion comes from. Fashion pieces are not understood but still people like to use them. For example, if you have ever seen a fashion show or any event …

Snake checking a code

Are you checking types?

Static type checking with mypy

The dominoes game is simple, there are 28 tiles (in the standard version of this game), each one with a unique combination of two numbers of pips between 0 and 6. There are usually 4 players, so each one randomly takes 7 tiles. The objective of the game is to …

Swiss army knives with Python logo

Road to Functional Python

Functional coding in Python

Probably there is nothing better for the spirit than having a hobby that we are passionate about, that makes us feel in love all the time and makes us want to return to it. Better, the results obtained while practicing your hobby, without any intention, becomes a global phenomenon, used …

Rubber ducks depicting Karl Marx

Why we go functional?

Functional vs Imperative

In 1848, Karl Marx released into public opinion a controversial document called The Communist Manifesto. From then until today, for better or for worse, this document has influenced societies. If you have ever thought that the government is not doing its job well, that they are draining your life on …

The Treacherous POODLE

The Treacherous POODLE

How does the SSL fallback's works

A gas vendor, each week receives gas, which he stores in pipes and discretely refills them with water. Each day sells this gas to his clients, unbeknown to an "auditor" in black robes - aka Poodle - paying attention to this situation. One day the "auditor" undercover, tells the vendor he will …

Release the beast

Release the BEAST!

Understanding the BEAST

The Browser Exploit Attack on SSL/TLS (B.E.A.S.T), - bet you thougth it was a rampage hack that launched nukes - it is a practical attack demonstrated by Thai Duong and Julian Rizzo at ekoparty in 2011. That was the lamest introduction ever, it’s not because the …

heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …

Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …

Pickled cucumbers

Gherkin on steroids

How to document detailed attack vectors

In the field of information security and ethical hacking, finding all vulnerabilities is as important as reporting them as soon as possible. For that, we need an effective means to communicate with all stakeholders. We have proposed before using the bussiness-readable, domain-specific language Gherkin. In that...

Weak bicycle lock with words

Requiem for a p455w0rD

Why passphrases are better than passwords

What would you rather have at your home door: a simple, weak key that needs to be changed every other week, or a one-time-setup, state-of-the-art, virtually unpickable cruciform key? Figure 1. Lock key comparison via Locksmith Ledger. That’s just the difference between rotating short passwords vs having one good …

Pythia and supplicant in the Oracle of Delphi

The Oracle of Code

About code as data

“Most programs are too large to understand in complete detail”. This was written in the 80’s.[1] Imagine the situation today. Hence the need for automated tools to aid in the process of analyzing code. The solution, according to Oege de Moor from Semmle, is obvious: treat code as …

O'Reilly XML book cover

XML: eXploitable Markup Language

XPath injection on XML files

Markup languages are “systems for annotating a document in a way that is syntactically distinguishable from the text.” [1] What does that really mean? I reckon that’d be better understood with examples. But before, a warning: if you use them for sensitive information storage, you should be really careful …

Service status - Terms of Use