Our Blog

From 500 to Account Takeover

Reading time: ~10 min
Introduction What seemed like a regular Cross-site Scripting (XSS) vulnerability on an HTTP 500 “Internal Server Error”-page, I managed to...

on ios binary protections

Reading time: ~10 min
I just got off a call with a client, and realised we need to think about how we report binary...

dwn – a docker pwn tool manager experiment

Reading time: ~10 min
Years ago I learnt docker basics because I just couldn’t get that $ruby_tool to install. The bits of progress I’d...

Android Application Specific Proxies, Easy Mode

Reading time: ~7 min
In this post I want to share two things. First, a quick primer on how you would you go about...

Duo Two-factor Authentication Bypass

Reading time: ~8 min
It’s too easy when hacking, to assume something is invulnerable and not interrogate it. This was the case for me...