Our latest articles
Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit
Today we are proud to release the exploit for PulseSecure client (CVE-2020-13162). More details here. This was supposed to be published sooner. We apologize for the delay, but the Blackhat event has kept us quite busy. You can find both the exploit source code (tu-TOCTOU-kaiù-TOCMEU) and compiled binary file in our github. Let us spend few words about it. Compile ...
Read More
Read More
A Tale of Escaping a Hardened Docker container
Legend has it that before his death, Harry Houdini once said: “if it is truly possible for someone to return from the afterlife, I will”. Despite of the fact he was a great illusionist and escape artist, it seems this last proof has revealed to be very hard, even for him. Much simpler trying to escape out of a container ...
Read More
Read More
Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162)
In the midst of the coronavirus pandemic we have observed an incredible boost in the diffusion of configurations allowing people to work from home. Being able to quickly identify vulnerabilities in the components of these infrastructures has become, more than before, a priority for many businesses. So the lenient Red Timmy has thought: "it would be good to kill some ...
Read More
Read More
News
[UPDATE] Practical Web Application Hacking course on BlackHat USA 2020
Just like in 2019, Red Timmy Security was present at the biggest information security conference in the world: BlackHat USA 2020. This year we presented our latest course “Practical web application hacking – Advanced”.
If you missed the opportunity, we will soon publish a new online course about advanced web application hacking techniques, so stay tuned!
Our training classes
Practical Web Application Hacking – Basic
Learn the fundamentals of web application hacking
Hacking Java Web and Client Apps
Our deep dive course on Java security and deserialization attacks
Practical Web Application Hacking – Advanced
Become an expert on web application hacking
Learning Crypto by defeating Crypto
Learn how to create and develop your own TLS crypto exploits
Red Timmy Blog
We share our latest research in articles and whitepapers on the blog section of this website. Tools will be released regularly and can be found on our GitHub page.