Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Vulnerability disclosure

Vulnerability disclosure ecosystem

Responsible vulnerability disclosure

An information security vulnerability is a flaw or a weakness in a system or application that a malicious attacker could exploit, and could result in a compromise of the confidentiality, integrity or availability of both software and hardware systems. We, as Security Testers (or pentesters, white hat hackers), every day …



man standing in front of blue and red lights

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permission. This affects servers using versions 0.6 and above being used in server mode. The bug was discovered by Peter Winter-Smith of …



Developers programming in an office

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First, we check the IP of the DevOops machine and try a ping to see if we have access. Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. port scannning 1nmap 10.10.10.91 And, we see that …



A man with a functional JavaScript t-shirt

Functional Fashion in JavaScript

Functional programming in JavaScript

It’s funny how fashion works, most people (if not all) want to be fashionable but just a bit understand where the fashion comes from. Fashion pieces are not understood but still people like to use them. For example, if you have ever seen a fashion show or any event …



Snake checking a code

Are you checking types?

Static type checking with mypy

The dominoes game is simple, there are 28 tiles (in the standard version of this game), each one with a unique combination of two numbers of pips between 0 and 6. There are usually 4 players, so each one randomly takes 7 tiles. The objective of the game is to …



Swiss army knives with Python logo

Road to Functional Python

Functional coding in Python

Probably there is nothing better for the spirit than having a hobby that we are passionate about, that makes us feel in love all the time and makes us want to return to it. Better, the results obtained while practicing your hobby, without any intention, becomes a global phenomenon, used …



Rubber ducks depicting Karl Marx

Why we go functional?

Functional vs Imperative

In 1848, Karl Marx released into public opinion a controversial document called The Communist Manifesto. From then until today, for better or for worse, this document has influenced societies. If you have ever thought that the government is not doing its job well, that they are draining your life on …



The Treacherous POODLE

The Treacherous POODLE

How does the SSL fallback's works

A gas vendor, each week receives gas, which he stores in pipes and discretely refills them with water. Each day sells this gas to his clients, unbeknown to an "auditor" in black robes - aka Poodle - paying attention to this situation. One day the "auditor" undercover, tells the vendor he will …



Release the beast

Release the BEAST!

Understanding the BEAST

The Browser Exploit Attack on SSL/TLS (B.E.A.S.T), - bet you thougth it was a rampage hack that launched nukes - it is a practical attack demonstrated by Thai Duong and Julian Rizzo at ekoparty in 2011. That was the lamest introduction ever, it’s not because the …



heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …



Python proofreading a document

Pars orationis non est secura

Using parser combinators to detect flaws

We like bWAPP around here, because it’s very buggy!. We have shown here how to find and exploit vulnerabilities like SQL injection, directory traversal, XPath injection, and UNIX command injection. All of these have one thing in common, namely: they could have been prevented with a little Input Validation …



Pickled cucumbers

Gherkin on steroids

How to document detailed attack vectors

In the field of information security and ethical hacking, finding all vulnerabilities is as important as reporting them as soon as possible. For that, we need an effective means to communicate with all stakeholders. We have proposed before using the bussiness-readable, domain-specific language Gherkin. In that...




Service status - Terms of Use