Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Risky poker move. Credits:

Quantifying risk

From color scales to probabilites and dollars

One of the least understood parts of a vulnerability is the risk it poses to the target. On the tester side, we tend to confuse them with the threat, the attack vector and the actor. On the client side, it tends to get confused with impact and ocurrence likelihood, due …

Binary machine learning. Credits:

Binary learning

Learning to exploit binaries

While our main focus, as stated previously, is to apply machine learning (ML) techniques to the discovery of vulnerabilities in source code, that is, a white-box approach to ML-guided hacking, we’ve come across an interesting approach called VDiscover, which is radically different in the following sense: Works on …

Depiction of a deep neural network. Credits:

Deep Hacking

Deep learning for vulnerability discovery

If we have learned anything so far in our quest to understand how machine learning (ML) can be used to detect vulnerabilities in source code, it’s that what matters the most in this process are the different representations of source code which are later fed to the actual ML …

Executive leaking business information

Attacking Without Announce

Nobody knows, but everything is allowed

We talk a lot about the advantages of extreme connectivity and availability of information, but so little about how our company’s, client’s, or even our own personal data is secure. Here we want to guide you about some management policies we suggest that you could take in advance …

Cats in a forest

Don’t let the cat out!

Trapdoor functions and their importance in security

Functions! I’m sure you have heard this concept in many ways: math, programming, economics, etc. And they all can be reduced to the same basic thing: something that takes some inputs and produces some outputs. Math is the case here, however, there is a lot to add to that …

Fluid Attacks, Among the Top Global Leaders 2018

Among the Top Global Leaders 2018

Fluid Attacks, a top cybersecurity company

In an era where IT companies and business services are diverse, realizing which companies have the best performance on service delivery is crucial when buying services from companies that guarantee their expertise. Having this in mind, Clutch (a renowned platform that connects buyers with IT companies) has...

Chucky the actual serial killer doll

The anomaly serial killer doll

Hunting missing checks with anomaly detection

In our previous article we focused on taint-style vulnerabilites, i.e., those that are essentially due to the lack of input sanitization which allows tainted, user-controlled data to reach sensitive functions. Some of these arise due to missing checks in code, such as: failure to check authentication, authorization...

Screen showing source code

Exploiting code graphs

Mining graph representations for vulnerabilities

As we have seen in our previous revision article, probably the most interesting and successful approach to automated vulnerability detection is the pattern-based approach. Since we expect to extract meaningful patterns from the code, we also need a "comprehensive and feature-rich representation"[1] of it. Other...

Robot playing the piano

Crash course in machine learning

A survey of machine learning algorithms

In this article we clarify some of the undefined terms in our previous article and thereby explore a selection of machine learning algorithms and their applications to information security. This is not meant to be an exhaustive list of all machine learning (ML) algorithms and techniques. We would like, however …

greek statue with small angels.

Asymmetric DoS, slow HTTP attack

The story of David and Goliath

Have you ever heard the story of David and Goliath? David, a young boy, goes out to confront a giant, named Goliath. David is the underdog in this fight and is expected to lose. But, everyone underestimates David and his prowess with a slingshot. When David ultimately kills Goliath, he …

Can machines learn to hack?

Machine-learning to hack

Machine learning for vulnerability discovery

To date the most important security vulnerabilities have been found via laborius code auditing. Also, this is the only way vulnerabilities can be found and fixed during development. However, as software production rates increase, so does the need for a reliable, automated method for checking or classifiying this code in …

Hand holding a pirate toy

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First, we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. host$ nmap 10.10 …

Service status - Terms of Use