Young hacker smiling

Zero false positives

Expert intelligence + effective automation

Chucky the actual serial killer doll

The anomaly serial killer doll

Hunting missing checks with anomaly detection

In our previous article we focused on taint-style vulnerabilites, i.e., those that are essentially due to the lack of input sanitization which allows tainted, user-controlled data to reach sensitive functions. Some of these arise due to missing checks in code, such as: failure to check authentication, authorization...



Screen showing source code

Exploiting code graphs

Mining graph representations for vulnerabilities

As we have seen in our previous revision article, probably the most interesting and successful approach to automated vulnerability detection is the pattern-based approach. Since we expect to extract meaningful patterns from the code, we also need a "comprehensive and feature-rich representation"[1] of it. Other...



Robot playing the piano

Crash course in machine learning

A survey of machine learning algorithms

In this article we clarify some of the undefined terms in our previous article and thereby explore a selection of machine learning algorithms and their applications to information security. This is not meant to be an exhaustive list of all machine learning (ML) algorithms and techniques. We would like, however …



greek statue with small angels.

Asymmetric DoS, slow HTTP attack

The story of David and Goliath

Have you ever heard the story of David and Goliath? David, a young boy, goes out to confront a giant, named Goliath. David is the underdog in this fight and is expected to lose. But, everyone underestimates David and his prowess with a slingshot. When David ultimately kills Goliath, he …



Can machines learn to hack?

Machine-learning to hack

Machine learning for vulnerability discovery

To date the most important security vulnerabilities have been found via laborius code auditing. Also, this is the only way vulnerabilities can be found and fixed during development. However, as software production rates increase, so does the need for a reliable, automated method for checking or classifiying this code in …



Hand holding a pirate toy

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First, we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. host$ nmap 10.10 …



Vulnerability disclosure

Vulnerability disclosure ecosystem

Responsible vulnerability disclosure

An information security vulnerability is a flaw or a weakness in a system or application that a malicious attacker could exploit, and could result in a compromise of the confidentiality, integrity or availability of both software and hardware systems. We, as Security Testers (or pentesters, white hat hackers), every day …



man standing in front of blue and red lights

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permission. This affects servers using versions 0.6 and above being used in server mode. The bug was discovered by Peter Winter-Smith of …



Developers programming in an office

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First, we check the IP of the DevOops machine and try a ping to see if we have access. Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. port scannning 1nmap 10.10.10.91 And, we see that …



A man with a functional JavaScript t-shirt

Functional Fashion in JavaScript

Functional programming in JavaScript

It’s funny how fashion works, most people (if not all) want to be fashionable but just a bit understand where the fashion comes from. Fashion pieces are not understood but still people like to use them. For example, if you have ever seen a fashion show or any event …



Snake checking a code

Are you checking types?

Static type checking with mypy

The dominoes game is simple, there are 28 tiles (in the standard version of this game), each one with a unique combination of two numbers of pips between 0 and 6. There are usually 4 players, so each one randomly takes 7 tiles. The objective of the game is to …



Swiss army knives with Python logo

Road to Functional Python

Functional coding in Python

Probably there is nothing better for the spirit than having a hobby that we are passionate about, that makes us feel in love all the time and makes us want to return to it. Better, the results obtained while practicing your hobby, without any intention, becomes a global phenomenon, used …




Service status - Terms of Use