We're hiring!

Read this if you ever have a good idea.

While the majority of the blogs I read are written at a further stage, and a lot of times about “what I’ve learned” or “what I could do better”; in this case I chose different.

This evening I walked downstairs to get me a drink. It’s 1:00 AM and I...

Read more

400 million victims in Friend Finder data breach

Some 412 million users of the largest dating websites should be worried, because in October 2016, Friend Finder Network, Inc. was hacked and their data stolen. Friend Finder Network, Inc. is a company that operates a wide range of adult services, and...

Read more

Should we report our cybercrime leaks?

Written by Edwin van Andel - Hacker and public speaker for Zerocopter

Yesterday the Dutch parliament passed a law stating that organisations now have the obligation to report on severe cyberattacks.

Last week in a dutch newspaper, an article emerged...

Read more

Let's hack together

We are really fond of hacking stuff together. Not only websites, but also the IoT stuff. Things like your iKettle, or Wi-Fi fridge (if you have this fridge, can we borrow it?)

Olivier and I ordered a couple of Wi-Fi FPV Nano Drones (FQ777–954), and...

Read more

Zerocopter on Risk Governance

Last week, Zerocopter was invited to attend a working group meeting organized by the faculty of Technology, Policy and Management of the Delft University of technology. The goals for the organizing party were to get input from government, private parties...

Read more

Connecting hackers. Is it frequencies? Or just interest?

Yup, that's a pretty weird title. So you could have just clicked away and be on your way now to find something else of interest on the interwebs. But you didn't. You are here, reading these words. Why? The reason I ask, is that I'm wondering about...

Read more

New Feature: Integrations

You can now integrate with your favorite tools

I'm excited to announce our latest feature: Integrations. Integrations allow you to send your incoming vulnerability reports directly to your favorite third-party tools.

You can send your reports to...

Read more

5 ways to bypass CSRF protection

The easter bunny came by Zerocopter’s offices today and while he didn’t leave any eggs, he did leave 5 ways to bypass CSRF protection for you!

Brace yourself..

1. Verify that the token is really random.

The CSRF token isn’t always as random as it seems to be. For...

Read more

Bollo. The quest for a Zero-day scanner

And so, it ended. What was supposed to be a fun and relaxing team outing, turned in to a nightmare of epic proportions. Knives where thrown, harnesses and armor were conquered. Bacon was consumed and many beers where liquidated. In the end we were...

Read more

Why Mr Robot is awesome.

Mr Robot is awesome. It’s one of the best series that I have seen during the last year, (next to breaking bad, breaking bad is awesome^2.)

Two things stand out when watching Mr Robot. At first, the hacking. I don’t know if you ever accidentally watched...

Read more

Exploiting blind cross-site scriptings

A cross-site scripting vulnerability (also known as XSS) is a vulnerability that allows hackers to execute malicious scripts into a web application. Looking at the statistics of Google’s vulnerability reward program -Google rewards hackers for vulnerabilities...

Read more

Scope: The final frontier

You all know what i’m talking about. You scored an assignment, a nice big pentest, and the customer defines it: scope. Or you are the customer, give some pentest company or platform written permission to test your website, and you define it: scope

Read more

Edwin van Andel joins Zerocopter!

Edwin van Andel made the transition from Yafsec to Insite Security / Zerocopter. Starting this week, Edwin will strengthen us with his years of experience, and unorthodox view on information security.

Edwin is a hacker at heart. Pressing buttons from...

Read more

Not all hackers are stealing your credit card info...

The term Hacking is widely interpreted as “breaking into computers”. Although this sounds criminal, it sometimes is not. A lot of hacking actually happens with permission of the rightful owner of a site or device, for instance when a company hires...

Read more