
Our latest articles
Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward
With the difficult period of the covid-19 pandemic still ongoing, some collaborators of Red Timmy have lost their job, fired from the employers where they worked. Because bills don't pay themselves, some of us have thought to keep the wolf from the door by investing resources in bug bounty programs, waiting for better times. This post today has a characteristic ...
Read More
Read More
Snooping on proprietary protocols with Frida
Background During one of our recent assessments, we encountered a hardware appliance using a proprietary protocol to provide its services to desktop clients. As we did not have access to the appliance, apart from what was exposed on its open ports, we decided to inspect the Windows client and study its protocol. After a brief traffic inspection with Wireshark, we ...
Read More
Read More
Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts
If you want to see a full demo of this exploit, click here. Introduction Soon after the Blackhat USA training we gave last summer during the first week of August, our attention was caught by the release of a Fortinet’s security bulletin originally issued on June 21st 2020. It stated that all the versions of their platform FortiSIEM equal to ...
Read More
Read More
News
[UPDATE] Practical Web Application Hacking course on BlackHat USA 2020

Just like in 2019, Red Timmy Security was present at the biggest information security conference in the world: BlackHat USA 2020. This year we presented our latest course “Practical web application hacking – Advanced”.
If you missed the opportunity, we will soon publish a new online course about advanced web application hacking techniques, so stay tuned!
Our training classes
Red Timmy Blog
We share our latest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.