Case Studies

Theory is good, but results are better. Here are a few public examples of our work, demonstrating our approach to solving complex security challenges.

Case Study: Building Tools to Solve Hard Problems

Problem: Testing complex web authentication flows (like OAuth 2.0 or multi-step logins) is notoriously difficult to automate with traditional tools. Security researchers were spending countless hours manually re-authenticating and managing sessions.

Solution: We developed OWASP Raider, a web authentication testing framework that models authentication as a programmable state machine. Built in Python and configurable with LISP, Raider allows security researchers to script complex interactions across redirects, CSRF tokens, and multi-factor authentication steps.

Impact: Raider is now an official OWASP project, featured by industry leaders like PortSwigger. This project showcases our philosophy: when the right tool for the job doesn’t exist, we have the deep technical expertise to build it. Our clients benefit from this custom-tooling capability in our engagements.

Case Study: Chaining Bugs for Full Server Takeover

Objective: To assess the security of Tiny Tiny RSS, a popular open-source feed reader used by thousands.

Process: We conducted a deep-dive vulnerability research project. Instead of just looking for single, high-impact bugs, we focused on how multiple, lower-severity issues could be combined. A carefully crafted malicious feed exploiting URL whitelist bugs led to Server-Side Request Forgery (SSRF), which was then escalated to a Local File Inclusion (LFI), and ultimately resulted in Remote Code Execution (RCE).

Outcome: We responsibly disclosed a series of critical vulnerabilities (CVE-2020-25787, CVE-2020-25788, CVE-2020-25789) to the developers, who promptly patched them. This engagement protected thousands of servers from potential compromise and demonstrates our ability to uncover complex, chained exploits that automated scanners cannot find.