In UMassCTF-2021 I was presented to an interesting project on a language called Janet. In this CTF we had two challenges to solve and the…
During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…
Software Engineering
Before discussing Code Comprehension, it is important to talk a bit about Software Engineering. There are some…
This article: “Why are nonces important on CTR mode ciphers” was written 3 years ago, and is available again on our blog. Good…
We have a new application or module written in the Go language that we want to analyze. So how do we approach that?
You can also listen…
You can also listen to this article in the audio version:
Malware (Bank malware mitigations) is the name for a program designed to…
Every day at Conviso both dev and sre teams are working together facing challenges to make Conviso Platform a more complete…
Let’s talk about October CMS Token Reactivation. Don’t get me wrong, but I believe that ‘luck’ many times is really a thing in…
JWT (JSON WEB Tokens) is an open standard, documented by RFC-7519, that defines how to transmit and store JSON objects in a simple, compact…