Take a look at our latest blog post where David E. Baker will take you through the reverse engineering process from understanding calling conventions to working around a lack of symbols. We also wrap up with some fun cheating at Minesweeper.

After taking @steventseeley 's Full Stack Web Attack - Java course, I understood deserialization and gadget chains in Java. Highly recommend his training!.

Java deserialization can lead to security risks. Read about gadget chains and remote code execution: #Java #Security.

Sometimes, exploits don't work out of the box and must be updated. In this latest blog post, David Baker, a Senior Security Consultant with Scorpion Labs discusses how he approached fixing an exploit to make it work with a different hardware.

Credential reuse is still a popular "exploit" to leverage during penetration tests. In our latest blog post, David Lane outlines three case studies where password reuse led to devastating results in recent penetration tests.

Sometimes the little things can have a big impact. In our latest blog post @JakeWnuk retells a story from a recent security assessment where vulnerabilities were chained together to escalate privileges from an anonymous user to a cloud administrator.

Our inaugural blog post is here! Come along with one of our Senior Consultants, David Baker, and learn about finding 0-days in routers and the journey that is vulnerability research.