-
Techblog
2024.10.27Engineering WCF Hacks
-
RECon 2024
2024.06.29Control Flow Integrity on IBM i
-
TROOPERS 2024
2024.06.26IBM i for Wintel Hackers
-
Webinar
2023.10.26Hackers' Perspective: Demystifying IBM i System Security
-
Techblog
2023.08.22Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation
-
Techblog
2023.07.03Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
-
Techblog
2023.03.30Booby Trapping IBM i
-
Techblog
2023.01.20Abusing Adopted Authority on IBM i
-
ISACA Industry news
2022.10.24Taking a Risk-Based Approach to Pen Testing
-
Techblog
2022.10.18Our new scanner for Text4Shell
-
Techblog
2022.09.28Another Tale of IBM i (AS/400) Hacking
-
Techblog
2022.09.05Simple IBM i (AS/400) hacking
-
Camp++ 0x7e6
2022.07.02That JWT talk - JSON Web Tokens considered harmful
-
OffensiveCon 2022
2022.02.05Case Studies of Fuzzing with Xen
-
Techblog
2021.12.12Our new tool for enumerating hidden Log4Shell-affected hosts
-
Techblog
2021.10.14Fuzzy Snapshots of Firefox IPC
-
Camp++ 0x7e5
2021.08.26Building a DIY zero-trust SSH CA - Managing SSH access in a secure and transparent manner without bloat
-
Techblog
2021.04.06Adding XCOFF Support to Ghidra with Kaitai Struct
-
Techblog
2021.02.08Abusing JWT public keys without the public key
-
Camp++ 0x7e4
2020.08.22Climbing the SPHINX - the journey of porting it to Android and the detours of fixing design vulnerabilities
-
Techblog
2020.08.17Unexpected Deserialization pt.1 - JMS
-
Techblog
2020.05.20Tips and scripts for reconnaissance and scanning
-
Techblog
2020.05.04Decrypting and analyzing HTTPS traffic without MITM
-
Gold Paper
2020.04.20Uninitialized Memory Disclosures in Web Applications
-
Gold Paper
2020.02.25Unix-style approach to web application testing
-
Techblog
2020.01.27Wide open banking: PSD2 and us
-
Techblog
2019.10.21Patching Android apps: what could possibly go wrong
-
Camp++ 0x7e3
2019.07.26Unix vs web pentesting - combining small building blocks with pipes can be beneficial for web pentesters
-
Techblog
2019.07.02Evading Cisco AnyConnect blocking LAN connections
-
Techblog
2019.06.24Self-defenseless - Exploring Kaspersky’s local attack surface
-
Techblog
2019.05.10Decrypting Eazfuscator.NET encrypted symbol names
-
Research & development
2019.04.25We developed a test environment for libvips entropy calculation (CVE-2019-6976)
-
Techblog
2019.04.18Drop-by-Drop: Bleeding through libvips
-
Techblog
2019.04.04Our take on social engineering
-
Camp++ 0x7e2
2018.08.07High-performance web application fingerprinting based on SCM repositories
-
Techblog
2018.05.22The curious case of encrypted URL parameters
-
Techblog
2018.02.02Snow cannon vs. unique snowflakes — testing registration forms
-
SecOps Europe
2018.01.24High-performance web application fingerprinting based on SCM repositories
-
Research
2018.01.08Bare Knuckled Antivirus Breaking
-
Techblog
2017.12.21Emulating custom crytography with ripr
-
Techblog
2017.12.05Conditional DDE
-
BSidesVienna
2017.11.18High-performance web application fingerprinting based on SCM repositories
-
Hacktivity
2017.10.20Corrupting Ancient Spirits - Penetration Testing Oracle Forms
-
Techblog
2017.08.14Notes on McAfee Security Scan Plus RCE (CVE-2017-3897)
-
Camp++ 0x7e1
2017.07.07Keys to the kingdom
-
Techblog
2017.05.08Fools of Golden Gate
-
HEK.SI (Slovenia)
2017.04.06Make It Count – Progressing through Pentesting
-
Techblog
2017.02.17Not so unique snowflakes
-
Techblog
2017.01.03Beyond detection: exploiting blind SQL injections with Burp Collaborator
-
Techblog
2016.11.28An update on MD5 poisoning
-
Techblog
2016.08.25Bake your own EXTRABACON
-
We were the first to publicly port EXTRABACON to Cisco ASA version 9.2(4)
2016.08.23After sharing a screenshot on Twitter we got coverage from Ars Technica, SecurityWeek, Threatpost and several others.
-
Camp++ 0x7e0
2016.08.18Testing stateful web application workflows
-
Techblog
2016.06.16Accessing local variables in ProGuarded Android apps
-
Techblog
2016.05.13Detecting ImageTragick with Burp Suite Pro
-
Techblog
2016.05.06iOS HTTP cache analysis for abusing APIs and forensics
-
Research & development
2016.03.11We developed a Burp Suite Pro plugin to detect JSON array issues
-
Techblog
2016.02.10You’re not looking at the big picture
-
Gold Paper
2016.01.14Testing stateful web application workflows
-
Gold Paper
2015.12.28Burp Suite(up) with fancy scanning mechanisms
-
Techblog
2015.10.02Proxying nonstandard HTTPS traffic
-
Techblog
2015.09.17Finding the salt with SQL inception
-
BlackHat USA
2015.08.05We organized the wargame eCSI hacker playground with BalaBit.
-
Techblog
2015.06.19Virtual Bank Robbery - In Real Life
-
Techblog
2015.06.10Poisonous MD5 - Wolves Among the Sheep
-
Gold Paper
2015.05.27Automated Security Testing of Oracle Forms Applications
-
Ethical Hacking conference
2015.05.08There’s worse than SSL — it’s hard to get a homebrew protocol right
-
CVE-2014-3440
2015.05.07Symantec Critical System Protection RCE (vendor advisory and our blogpost)
-
Techblog
2015.04.03The story of a pentester recruitment
-
Gold Paper
2015.01.12AIX for Penetration Testers
-
Techblog
2015.01.06Code Review on the Cheap
-
Techblog
2014.10.03WebLogic undocumented hacking
-
Techblog
2014.07.28How to get root access on FireEye OS
-
FireEye Operating System (FEOS) Command Injection Vulnerability
2014.07.08We discovered a vulnerability that was fixed in FireEye OS 7.1.
-
Techblog
2014.06.25HP-UX 0day local privilege escalation
-
Techblog
2014.06.06Trend Micro OfficeScan - A chain of bugs
-
Techblog
2014.04.17ISAKMP hacking - How much should we trust our tools?
-
Techblog
2014.04.04Quick and dirty Android binary XML edits
-
Techblog
2014.03.31OWASP Top 10 is overrated
-
Techblog
2014.03.14SNMP trap?
-
Techblog
2014.03.07Sanitizing input with regex considered harmful
-
Techblog
2014.02.27From Read to Domain Admin - Abusing Symantec Backup Exec with Frida
-
Techblog
2014.02.20Testing websites using ASP.NET Forms Authentication with Burp Suite
-
Techblog
2014.02.09JDB tricks to hack Java Debug Wire
-
Techblog
2014.01.31Compressed file upload and command execution
-
Techblog
2014.01.23Banging 3G rocks
-
Techblog
2014.01.13How did I find the Apple Remote Desktop bug? - CVE-2013-5135
-
Techblog
2014.01.10Duncan - Expensive injections
-
Techblog
2014.01.06WAF bypass made easy
-
Techblog
2013.12.17Plesk panel decryption
-
Silent Signal techblog
2013.12.05Silent Signal has launched its techblog
-
Apple Remote Desktop Format String Vulnerability
2013.10.24We discovered CVE-2013-5135 that was fixed in Apple Remote Desktop 3.7.
-
Hacktivity 2013
2013.10.11Heureka - The suspicious thing is that it's not suspicious
-
CampZer0
2013.09.28Abusing the IPC of Android apps for fun and profit
-
Oracle Web Determinations XML injection
2013.07.22Details of a vulnerability fixed by Oracle in the July 2013. Critical Patch Update.
-
Ghost in the Shell Control Box
2013.05.29Walkthrough of the wargame we created together with BalaBit IT-Security
-
Ethical Hacking conference
2013.05.09Antivirus out of the blue - Shady sides of CloudAV
-
Paper
2013.02.20From write to root on AIX
-
Hacktivity 2012
2012.10.13USB = Universal Security Bug?
-
Budapest Conference on Cyberspace
2012.10.04Child soldiers of the modern age (előadás), Children on the internet (workshop)
-
SYM12-006
2012.05.17We reported security issues in Symantec Web Gateway via Beyond Security SSD
-
Professional qualifications
2012.02.06Since February 6, 2012, all our penetration testers have GIAC Web Application Penetration Tester qualification, in addition to Offensive Security Certified Professional certification they already had.
-
Hacktivity 2011
2011.09.17Hardware hacking for fun and profit
-
Budapest New Tech Meetup
2011.09.07XSS 2.0
-
AID-070611
2011.07.07Aruba Networks fixed a Cross Site Scripting vulnerability we discovered in ArubaOS and AirWave Administration Web Interfaces
-
Paper
2011.07.02Story of a Client-Side Attack
-
CVE-2010-4323
2011.02.11ZCM TFTPD Remote Code Execution Security Vulnerability
-
Professional qualifications
2011.01.19Since January 19, 2001, all our penetration testers are Offensive Security Certified Professionals
-
CVE-2011-0264
2011.01.10Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager
-
CVE-2011-0263
2011.01.10HP OpenView Network Node Manager ovas.exe Remote Code Execution Vulnerability
-
CVE-2010-4113
2010.12.15Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability
-
Hacktivity 2010 Capture-the-Flag
2010.12.03Solution of the Capture-the-Flag game we made
-
Hacktivity 2010
2010.09.18“I run a Linux server, so we're secure” (talk), Metasploit Workshop, Buffer Overflow Workshop
-
Offensive-Security “How Strong is Your Fu? for Charity”
2010.06.19Our team finished 5th on the competition of 102 contestants organized by Offensive Security
-
Offensive-Security “How Strong is Your Fu?”
2010.05.08Our team finished 3rd on the competition of more than 1000 contestants organized by Offensive Security
-
Ethical Hacking conference
2009.10.11Surviving the theatre of war on the web