top of page


Our R&D team consists only of enthusiasts - experienced pentesters, IT security researchers, and programmers. Most of our team belongs to members of the best Polish CTF groups - P4 and Dragon Sector. Together with them, we are successful in global competitions, repeatedly showing that we are among the top experts in the field of IT security.


  • HITCON CTF Finals

  • Insomni'Hack CTF Finals

  • Google CTF finals

  • hxp CTF finals

  • Midnight Sun CTF Finals

  • WhiteHat CTF Finals

  • CTF "Hack-a-sat" finals.

  • @Hack final in Saudi Arabia

  • Organization of CTFa Time2hack2 for the Intelligence Agency

  • 1st place in the qualification for the "Hack-a-sat" competition.

  • Finals in TrendMicro CTF

Cyber-security R&D plays a central role in being able to conduct quality penetration tests and lies at the core of our identity as a company. The tools developed based on in-house research enable us to run penetration tests, including

APT Red Team tests, more efficiently. True to the slogan
 "hack the unhackable", our extensive R&D efforts enable us to succeed where others fail.

A zero-day vulnerability remains unknown even to the party or parties responsible for their patching. Once a zero-day vulnerability is made public, it is referred to as an n-day or one-day vulnerability.

Zero-day vulnerabilities pose a particular threat, as there are virtually no means of defending against them - the updates that would fix them are yet to be developed. One-day vulnerabilities are especially dangerous at the beginning of their life cycle, as many users of the compromised product will not have yet updated to a patched version.

Key areas of interest:

  • creating RAT-type software for MS Windows/Android systems

  • design and implementation of secure and hidden communication channels between malware and the management centre

  • creating droppers for Windows systems, including bypassing indicated EDR/AV mechanisms

  • creating fuzzers which enable, among others, detecting zero-day vulnerabilities

  • creating PoC for one-day class vulnerabilities for specified CVE

  • comparing updates to filter out one-day vulnerabilities

  • reverse engineering in Linux and Windows systems

  • searching for vulnerabilities in selected frameworks, web applications, thick client applications, servers

  • attacks on mechanisms that enable remoting methods such as: Java RMI, Java JMX, .NET Remoting

Gain access to unknown vulnerabilities discovered by our Engineers.

SQL injection STM Cyber
bottom of page