Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Can machines learn to hack?

Machine-learning to hack

Machine learning for vulnerability discovery

To date the most important security vulnerabilities have been found via laborius code auditing. Also, this is the only way vulnerabilities can be found and fixed during development. However, as software production rates increase, so does the need for a reliable, automated method for checking or classifiying this code in …



Bounty writeup

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First of all we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then scan the ports with nmap, in this case we’re going to use basic nmap. host$ nmap 10 …



Vulnerability disclosure

Vulnerability disclosure ecosystem

Responsible vulnerability disclosure

An information security vulnerability is a flaw or a weakness in a system or application that a malicious attacker could exploit and result in a compromise of the confidentiality, integrity or availability of both software and hardware systems. We as Security Testers (or pentesters, white hat hackers) find every day …



Blank CSV document icon

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permissions, this affects servers using versions 0.6 and above being used in server mode. The bug was discovered by Peter Winter-Smith of …



Blank CSV document icon

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First of all we check the IP of DevOops machine and try a ping to see if we have access Then scan the ports with nmap, in this case we’re going to use basic nmap nmap 10.10.10.91 And we see that the port 5000 …



A man with a functional JavaScript t-shirt

Functional Fashion in JavaScript

Functional programming in JavaScript

It’s funny how fashion works, most people (if not all) want to be fashionable but just a bit understand where the fashion comes from. Fashion pieces are not understood but still people like to use them. For example, if you have ever seen a fashion show or any event …



Snake checking a code

Are you checking types?

Static type checking with mypy

The dominoes game is simple, there are 28 tiles (in the standard version of this game), each one with a unique combination of two numbers of pips between 0 and 6. There are usually 4 players, so each one randomly takes 7 tiles. The objective of the game is to …



Swiss army knives with Python logo

Road to Functional Python

Functional coding in Python

Probably there is nothing better for the spirit than having a hobby that we are passionate about, that makes us feel in love all the time and makes us want to return to it. Better, the results obtained while practicing your hobby, without any intention, becomes a global phenomenon, used …



Rubber ducks depicting Karl Marx

Why we go functional?

Functional vs Imperative

In 1848, Karl Marx released into public opinion a controversial document called The Communist Manifesto. From then until today, for better or for worse, this document has influenced societies. If you have ever thought that the government is not doing its job well, that they are draining your life on …



The Treacherous POODLE

The Treacherous POODLE

How does the SSL fallback's works

A gas vendor, each week receives gas, which he stores in pipes and discretely refills them with water. Each day sells this gas to his clients, unbeknown to an "auditor" in black robes - aka Poodle - paying attention to this situation. One day the "auditor" undercover, tells the vendor he will …



Release the beast

Release the BEAST!

Understanding the BEAST

The Browser Exploit Attack on SSL/TLS (B.E.A.S.T), - bet you thougth it was a rampage hack that launched nukes - it is a practical attack demonstrated by Thai Duong and Julian Rizzo at ekoparty in 2011. That was the lamest introduction ever, it’s not because the …



heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …




Service status - Terms of Use