News
We share our leatest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.
Our latest articles
IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)
In one of my many previous lives, I worked as principal penetration tester/team leader in the OT area, verifying the full security of more than a dozen of IoT and ICS devices. Switching from IT to OT seemed to be an exciting step, but honestly I got bored pretty soon, and after one year and a half I retired. This ...
Read More
Read More
Challenges in the always moving cloud
One thing that is radically different between testing on-premise and cloud environments, is that the attack surface is much more dynamic. Because of the scaling features of clouds, assets may be spun up and removed dynamically, as well as services. This makes it harder for defenders to define the attack surface, and also requires pen testers to do mapping differently ...
Read More
Read More
The thin line between the cloud provider and the customer applications
As penetration testers we are often very aware of the boundaries of the exercise. Scoping is the part of the preperation where we decide what can be tested and what not. This used to be a matter of finding agreement between service owners and testers, and having them all on the same page meant the exercise could start. But nowadays ...
Read More
Read More
Our training classes
Practical Web Application Hacking – Basic
Learn the fundamentals of web application hacking
Hacking Java Web and Client Apps
Our deep dive course on Java security and deserialization attacks
Practical Web Application Hacking – Advanced
Become an expert on web application hacking
Learning Crypto by defeating Crypto
Learn how to create and develop your own TLS crypto exploits
Red Timmy Blog
We share our latest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.