Professional Cybersecurity Team
Comprehensive Offensive Cybersecurity Service

Assist enterprises in resisting ever-changing and ever-evolving cyberattacks.

Master new attack techniques
faster than hackers.

Cybersecurity experts With both Hacker skills and mindset.

DEVCORE is a Taiwan-based cybersecurity company offering "Red Team Assessment" with experts researching the latest cyber threats. We aim to create a safer cyber environment for the world with our professionalism and passion.

Company Overview

Advanced Cybersecurity Research

DEVCORE specializes in developing innovative attack techniques, reporting on the vulnerabilities of products and services of world-renowned manufacturers, identifying potential cyber threats, and proposing solutions in advance before hackers can cause impacts through 0-day exploits.

Cybersecurity Research

Resist Ever-changing Cyber attacks

Hacking attacks are complex and sophisticated. Through DEVCORE's up-to-date, hacker-minded attack process, we help enterprises identify potential entry points and evaluate cyber risks to review defense strategies and measures. Thus, block the ever-changing hacking attacks with effective and precise defense methods.

Cybersecurity Service

“ We help businesses build secure defense strategies and improve brand reputation and customer trust. ”

Protect your
Enterprise with Offensive Security Services.

Protect against cyberattacks before real incidents occur.

Most enterprises suddenly found their defense ineffectual under our Red Team Assessment. The situation is much more complex and severe than expected.

  • 160+ Vulnerability Disclosures
  • 60+ Bug Bounty Program Reports
  • 87% Intranet Infiltrated during Assessments
  • 88% Passwords Cracked
  • 70% AD Pwned during Assessments
  • CVE-2021-34473
  • CVE-2022-34719
  • CVE-2022-2624
  • CVE-2018-1271
  • CVE-2021-31439
  • CVE-2018-13379
  • CVE-2019-11510
  • CVE-2021-44142
  • CVE-2018-6789

A New Attack Surface on MS Exchange Part 1 - ProxyLogon!

Microsoft Exchange, one of the most common email solutions in the world, has become part of the daily operation and security connection for governments and enterprises. This January, we reported a series of vulnerabilities in Exchange Server to Microsoft and named it as ProxyLogon. ProxyLogon might be the most severe and impactful vulnerability in the Exchange history ever. If you were paying attention to the industry news, you must have heard it.

Your NAS is not your NAS !

Two years ago, we found a critical vulnerability, CVE-2021-31439, on Synology NAS. This vulnerability can let an unauthorized attacker gain code execution on a remote Synology DiskStation NAS server. We used this vulnerability to exploit Synology DS418play NAS in Pwn2Own Tokyo 2020. After that, we found the vulnerability exists not only on Synology but also on most NAS vendors. Following we will describe the details and how we exploit it.

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

Hi, it's a long time since my last article. This new post is about my research this March, which talks about how I found vulnerabilities in a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and got fixed in June. After that, we kept monitoring large corporations to track the overall fixing progress and then found that Facebook didn't keep up with the patch for more than two weeks, so we dropped a shell on Facebook and reported to their Bug Bounty program!

Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!

After we published our research at Black Hat, it got lots of attention and discussions due to its great severity and huge impact. Many people desire first-hand news and wonder when the exploit(especially the Pulse Secure pre-auth one) will be released.

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing

We reported an overflow vulnerability in the base64 decode function of Exim on 5 February 2018, identified as CVE-2018-6789. This bug has existed since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk. Patched version 4.90.1 is already released, and we suggest to upgrade exim immediately.

Learn more

Cybersecurity Services

Red Team Assessment
Protects Your Assets.

Learn more
  • Analysis of potential attack scenarios.
  • Patch and mitigation of discovered vulnerabilities.
  • Customized defense strategy and risk mitigation.
  • Attack timeline to re-evaluate defense capability.
  • Simulation of real cyber attacks.

Penetration Testing
Verify systems with the most realistic attack.

Learn more
  • Arrange comprehensive tests based on the complexity of the system.
  • Discover complex attack techniques.
  • Provide methods of mitigating vulnerabilities.
  • Assist in verifying the patch effectiveness.
  • Provide universal secure programming advice.

Security Consulting
Customize your own defense strategies.

Learn more
  • Advice on defense strategies based on Red Team Assessment results.
  • Enhance enterprise defense strategies.
  • Advice on practical defense implementation from hackers' perspective.
  • Advice based on international standards and frameworks.

Security Training
Perfect defense starts with understanding the attack.

Learn more
  • Understand the attacker's infiltration routes and context.
  • Hands-on practice to enhance attack capability.
  • Learning attack techniques which are practical in assessment.
  • Analysis of the latest trends techniques.