top of page

RESEARCH & DEVELOPMENT
LAB

Our R&D team consists only of enthusiasts - experienced pentesters, IT security researchers, and programmers. Most of our team belongs to members of the best Polish CTF groups - P4 and Dragon Sector. Together with them, we are successful in global competitions, repeatedly showing that we are among the top experts in the field of IT security.

CTF SUCCESS

  • HITCON CTF Finals

  • Insomni'Hack CTF Finals

  • Google CTF finals

  • hxp CTF finals

  • Midnight Sun CTF Finals

  • WhiteHat CTF Finals

  • CTF "Hack-a-sat" finals.

  • @Hack final in Saudi Arabia

  • 1st place in the qualification for the "Hack-a-sat" competition.

  • Finals in TrendMicro CTF

Cybersecurity R&D plays a central role in being able to conduct quality penetration tests and lies at the core of our identity as a company. The tools developed based on in-house research enable us to run penetration tests, including APT Red Team tests, more efficiently.

 

True to the slogan "hack the unhackable", our extensive R&D efforts enable us to succeed where others fail.

OUR EXPERTISE
R&D LAB

Reverse Engineering

We specialize in the deconstruction of complex software and the analysis of non-standard binary systems.

  • Advanced Analysis: Leveraging Ghidra, BinDiff, and QEMU for precise patch verification and cross-platform analysis.

  • Automation & Emulation: Utilizing symbolic execution (angr, Unicorn) and state-of-the-art fuzzing (AFL++, LibAFL, Hongfuzz).

  • Exploitation Mastery: We bridge the gap between discovery and proof, quickly filtering false positives through expert exploit development.

Architecture, Code & Design Analysis

We secure software at the foundational level, identifying flaws before they can be exploited in the wild.

  • Static & Manual Review: Combining automated scanning with expert-led Manual Code Review.

  • Threat Modeling: Identifying structural risks, boundary vulnerabilities, and third-party dependency issues.

  • Industry Standards: Ensuring full compliance with OWASP best practices and the Principle of Least Privilege.

Hardware Security Testing

We assess the physical resilience of devices against modern hardware-level threats.

  • Firmware Recovery: Forensic extraction of firmware from BGA, ASIC, and monolith components.

  • Physical Attacks: Expertise in Voltage Glitching, Side-Channel Analysis (Power/EMI), and EMI injection.

  • Interface Enumeration: Probing and securing debug connectors, including JTAG, UART, and SWD.

Advanced Security Domains

Proven track record in securing the most critical layers of modern technology:

  • Secure Boot verification and low-level ARM boot chain analysis (Qualcomm, Unisoc, Allwinner).

  • Debugging and hardening TrustZone (Secure World) applications.

  • Defeating advanced Code Obfuscation (control-flow flattening) and JavaCard security analysis.

5G Security Laboratory

Comprehensive penetration testing for telecommunications infrastructure and end-user equipment.

  • Network & Core Analysis: Simulating VNF environments (Open5GS, Free5GC) and auditing OSS/BSS systems.

  • Radio Attacks: Testing resilience against Rogue Base Stations (IMSI Catchers/Stingrays) in 5G SA contexts.

  • Slicing & Edge Security: Verifying slice isolation and container security in MEC (Edge Computing)environments.

bottom of page