Our latest articles

Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts

If you want to see a full demo of this exploit, click here. Introduction Soon after the Blackhat USA training we gave last summer during the first week of August, our attention was caught by the release of a Fortinet’s security bulletin originally issued on June 21st 2020. It stated that all the versions of their platform FortiSIEM equal to ...
Read More

Critical Information Disclosure on WP Courses plugin exposes private course videos and materials

Today we've got an interesting story to share. A vulnerability in WP Courses caused our Java course to be publicly disclosed via the WordPress REST API. Let's dive into the details and see what happened. WordPress REST API Since version 4.7 of WordPress, the REST API is a default feature. It can be found at URL endpoint /wp-json/wp/v2. It will ...
Read More

Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit

Today we are proud to release the exploit for PulseSecure client (CVE-2020-13162). More details here. This was supposed to be published sooner. We apologize for the delay, but the Blackhat event has kept us quite busy. You can find both the exploit source code (tu-TOCTOU-kaiù-TOCMEU) and compiled binary file in our github. Let us spend few words about it. Compile ...
Read More


[UPDATE] Practical Web Application Hacking course on BlackHat USA 2020

Just like in 2019, Red Timmy Security was present at the biggest information security conference in the world: BlackHat USA 2020. This year we presented our latest course “Practical web application hacking – Advanced”.

If you missed the opportunity, we will soon publish a new online course about advanced web application hacking techniques, so stay tuned!

Our training classes

Practical Web Application Hacking – Basic

Learn the fundamentals of web application hacking

Hacking Java Web and Client Apps

Our deep dive course on Java security and deserialization attacks

Practical Web Application Hacking – Advanced

Become an expert on web application hacking

Learning Crypto by defeating Crypto

Learn how to create and develop your own TLS crypto exploits

Red Timmy Blog

We share our latest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.