A Professional Cybersecurity Team
Providing Comprehensive Offensive Cybersecurity Service

Assisting Enterprises in Resisting Ever-evolving Cyberattacks

One Step Ahead of Hackers

Cybersecurity Experts With Both Hacker Skills and Mindset

DEVCORE is a Taiwan-based cybersecurity company offering "Red Team Assessment" with experts researching the latest cyber threats. We aim to create a safer cyber environment with our professionalism and passion.

Company Overview

Advanced Cybersecurity Research

DEVCORE keeps developing innovative attack methods, reporting vulnerabilities of international products and services, identifying potential cyber threats, and proposing solutions before hackers cause impacts through 0-day exploits.

Cybersecurity Research

Resist Ever-changing Cyber attacks

Cyberattacks become more complex and sophisticated. Through our up-to-date attacks, enterprises can identify potential entry points and evaluate cyber risks to review defense strategies and measures to defend against cyberattacks with effective and precise methods.

Cybersecurity Service

Allocate Cybersecurity Resources Effectively and Build Solid Cyber Defense Strategies

Protect Your Enterprise
and Gain Customer Trust with
Offensive Security Services.

Protect Against Cyberattacks Before Incidents Occur.

Most enterprises surprisingly found their defense ineffectual
under our Red Team Assessment.

  • 160+ Vulnerability Disclosures
  • 60+ Bug Bounty Program Reports
  • 87% Intranet Infiltrated during Assessments
  • 88% Passwords Cracked
  • 70% AD Pwned during Assessments
  • CVE-2021-34473
  • CVE-2022-34719
  • CVE-2022-2624
  • CVE-2018-1271
  • CVE-2021-31439
  • CVE-2018-13379
  • CVE-2019-11510
  • CVE-2021-44142
  • CVE-2018-6789

A New Attack Surface on MS Exchange Part 1 - ProxyLogon!

Microsoft Exchange, one of the most common email solutions in the world, has become part of the daily operation and security connection for governments and enterprises. This January, we reported a series of vulnerabilities in Exchange Server to Microsoft and named it as ProxyLogon. ProxyLogon might be the most severe and impactful vulnerability in the Exchange history ever. If you were paying attention to the industry news, you must have heard it.

Your NAS is not your NAS !

Two years ago, we found a critical vulnerability, CVE-2021-31439, on Synology NAS. This vulnerability can let an unauthorized attacker gain code execution on a remote Synology DiskStation NAS server. We used this vulnerability to exploit Synology DS418play NAS in Pwn2Own Tokyo 2020. After that, we found the vulnerability exists not only on Synology but also on most NAS vendors. The following section will describe the details and how we exploit it.

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

Hi, it's a long time since my last article. This new post is about my research this March, which talks about how I found vulnerabilities in a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and got fixed in June. After that, we kept monitoring large corporations to track the overall fixing progress and then found that Facebook didn't keep up with the patch for more than two weeks, so we dropped a shell on Facebook and reported to their Bug Bounty program!

Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!

After we published our research at Black Hat, it got lots of attention and discussions due to its great severity and huge impact. Many people desire first-hand news and wonder when the exploit(especially the Pulse Secure pre-auth one) will be released.

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February 2018, identified as CVE-2018-6789. This bug has existed since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution, and at least 400k servers are at risk. Patched version 4.90.1 has already been released, and we suggest upgrading the exim immediately.

Learn more

Cybersecurity Services

Red Team Assessment
Protect Your Assets.

Learn more
  • Analysis of potential scenarios
  • Patch and mitigation of discovered vulnerabilities
  • Customized defense strategy and risk mitigation
  • Attack timeline to re-evaluate defense capability
  • Simulation of real-world cyber attacks

Penetration Testing
Verify Systems with Realistic Attacks.

Learn more
  • Comprehensive testings based on system complexity
  • Discover complex attack techniques
  • Provide methods mitigating vulnerabilities
  • Verifying the patch effectiveness
  • Provide universal secure programming advice

Security Consulting
Tailor Your Defense Strategies.

Learn more
  • Advice on defense strategies based on Red Team Assessment
  • Enhance defense strategies
  • Advice on practical defense implementation from hacker’s perspective
  • Advice based on international standards and frameworks

Security Training
Defense with the Hacker Mindset.

Learn more
  • Understand the attacker's infiltration routes and context
  • Hands-on practice to enhance attack capability
  • Learning attack techniques
  • Analysis of the latest trends and techniques