News

We share our leatest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.


Our latest articles

IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)

In one of my many previous lives, I worked as principal penetration tester/team leader in the OT area, verifying the full security of more than a dozen of IoT and ICS devices. Switching from IT to OT seemed to be an exciting step, but honestly I got bored pretty soon, and after one year and a half I retired. This ...
Read More

Challenges in the always moving cloud

One thing that is radically different between testing on-premise and cloud environments, is that the attack surface is much more dynamic. Because of the scaling features of clouds, assets may be spun up and removed dynamically, as well as services. This makes it harder for defenders to define the attack surface, and also requires pen testers to do mapping differently ...
Read More

The thin line between the cloud provider and the customer applications

As penetration testers we are often very aware of the boundaries of the exercise. Scoping is the part of the preperation where we decide what can be tested and what not. This used to be a matter of finding agreement between service owners and testers, and having them all on the same page meant the exercise could start. But nowadays ...
Read More

Our training classes

Practical Web Application Hacking – Basic

Learn the fundamentals of web application hacking

Hacking Java Web and Client Apps

Our deep dive course on Java security and deserialization attacks

Practical Web Application Hacking – Advanced

Become an expert on web application hacking

Learning Crypto by defeating Crypto

Learn how to create and develop your own TLS crypto exploits


Red Timmy Blog

We share our latest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.