Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Trapdoor the cat

Don’t let the cat out!

Trapdoor functions and their importance in security

Functions! I’m sure you have heard this concept in many ways: math, programming, economics, etc. And they all can be reduced to the same basic thing: something that takes some inputs and produces some outputs. Math is the case here, however, there is a lot to add to that …



calling a super-hero

Save the world!

How to solve Save the World from We Chall!

First of all let’s review the problem statement at WeChall It is year 2018, the world war III is upcoming between USA and China. You are a secret agent working for the USA. The USA Information Gathering Agency gathered three RSA enciphered messages. All messages were originated from the …



Mark Stamp's book cover. Blue team machine vs read team

Crash course in machine learning

A survey of machine learning algorithms

In this article we mean to clarify some of the undefined terms in our previous article and, by way of it, explore a selection of machine learning algorithms and their applications to information security. We do not pretend to make an exhaustive list of all machine learning (ML) algorithms and …



image of a DoS in action

Asymmetric DoS, slow HTTP attack

The story of David and Goliath

Have you ever heard about that beautiful story of David and Goliath where an underdog, expected to lose and highly underestimate guy, shut down the biggest and strongest of the enemies? Fine! because today we are going to talk about those unequal scenarios. Furthermore, we are going to battle one …



Bounty writeup

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First of all we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then scan the ports with nmap, in this case we’re going to use basic nmap. host$ nmap 10 …



Vulnerability disclosure

Vulnerability disclosure ecosystem

Responsible vulnerability disclosure

An information security vulnerability is a flaw or a weakness in a system or application that a malicious attacker could exploit and result in a compromise of the confidentiality, integrity or availability of both software and hardware systems. We as Security Testers (or pentesters, white hat hackers) find every day …



Blank CSV document icon

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permissions, this affects servers using versions 0.6 and above being used in server mode. The bug was discovered by Peter Winter-Smith of …



Blank CSV document icon

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First of all we check the IP of DevOops machine and try a ping to see if we have access Then scan the ports with nmap, in this case we’re going to use basic nmap nmap 10.10.10.91 And we see that the port 5000 …



Weak bicycle lock with words

Requiem for a p455w0rD

Why passphrases are better than passwords

What would you rather have at your home door: a simple, weak key that needs to be changed every other week, or a one-time-setup, state-of-the-art, virtually unpickable cruciform key? Figure 1. Lock key comparison via Locksmith Ledger. That’s just the difference between rotating short passwords vs having one good …



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more fields separated by commas. CSV is a common data exchange format that is …



Hands typing in a text editor

The importance of pentesting

Protect your company against Hackers, not Lamers

Without a doubt, the recent events in relation to the infringement of privacy, such as the theft of personal information from celebrities, the Sony, Target and Equifax hacks, and the big ransomware that affected Telefonica, make us reflect about how organizations protect their information. All of this in addition to …



Text editor with code highlighting

Another proud son of JSON

Using JSON Web Token to send data

Today everything is connected, and thus, everything is communicated. Security has become a major issue in the complex world of web applications and their communications. Figure 1. JSON Web Token JWT JSON Web Token A JSON Web Token (JWT) is a URL safe way to represent a set of information …




Service status - Terms of Use