Knowledge Base - Securing

New App Security

Security testing programme – 25 years of experience in a nutshell

Adam Zachara 2026.05.19 · 10 reading

cutting-edge knowledge delivered monthly – and not a bit of spam!

This field is required

I agree to Privacy Policy and Newsletter Terms & Conditions.

This field is required

View all

All
AI
App Security
Biometrics
Blockchain and Smart Contracts
Cloud Security
IAM
Infrastructure Security
IoT Devices Security
Mobile App Security
Our Tools
Physical Security
Red team
Single Sign-On
Software Development Security
Threat Modeling
Web App Security

View all

App Security Mobile App Security Web App Security

Security testing programme – 25 years of experience in a nutshell

Adam Zachara 2026.05.19 · 10 reading

Web App Security

Software developers in a digital crosshair

Mateusz Olejarka 2026.04.21 · 10 reading

Mobile App Security

Where should you begin with mobile application security requirements?

Jakub Czarnojan 2026.04.01 · 5 MIN reading

IAM Single Sign-On

Conditional UI in WebAuthn. Passkey autofill

Maksymilian Wiese 2026.03.02 · 10 reading

MCP security hot potato

Mateusz Olejarka 2026.02.04 · 5 reading

MCP security hot potato

Mateusz Olejarka 2026.02.04 · 5 reading

From the AI Red Teaming Diary – Example LLM Vulnerabilities in…

Dawid Nastaj 2025.10.28 · 10 MIN reading

New, old and new-old web vulnerabilities in the Era of LLMs…

Dawid Nastaj 2024.07.05 · 10 MIN reading

App Security Mobile App Security Web App Security

Security testing programme – 25 years of experience in a nutshell

Adam Zachara 2026.05.19 · 10 reading

App Security Web App Security

Upcoming changes in EU online payments and what they mean for…

Wojciech Dworakowski 2025.12.07 · 6 reading

App Security Web App Security

Transaction Authorization Pitfalls – How to improve the current payment ecosystem…

Wojciech Dworakowski 2025.06.24 · 12 MIN reading

App Security

Manual vs. automated penetration testing – or maybe both?

Liza Mariot 2023.10.18 · 7 MIN reading

App Security

Storing secrets in web applications using vaults

Aleksander Młodak 2023.04.19 · 17 min reading

Biometrics

Attacking the face recognition authentication – how easy is it to…

Sebastian Drygiel 2023.11.04 · 12 MIN reading

Biometrics

Voice Biometrics – how easy is it to hack them with…

Szymon Chadam 2023.05.04 · 15 MIN reading

Biometrics

Before you implement Face Recognition to your app – AI hack study

Sebastian Drygiel 2021.08.05 · 14 MIN reading

Blockchain and Smart Contracts

Blockchain bridges security & common cross-chain vulnerabilities

Jakub Zmysłowski 2022.07.05 · 8 MIN reading

Blockchain and Smart Contracts

Smart Contracts Audits – how to get the most out of…

Paweł Kuryłowicz 2022.03.10 · 3 MIN reading

Blockchain and Smart Contracts

Front-running attack in DeFi applications – how to deal with it?

Jakub Zmysłowski 2022.01.18 · 5 MIN reading

Blockchain and Smart Contracts

The future security of your smart contracts – upcoming changes in SCSVS

Paweł Kuryłowicz 2021.12.01 · 13 MIN reading

Blockchain and Smart Contracts

Reentrancy attack in smart contracts – is it still a problem?

Paweł Kuryłowicz 2021.09.22 · 7 MIN reading

Cloud Security

Public clouds are secure by default… but not necessarily in your case

Łukasz Bobrek 2025.04.17 · 12 MIN reading

Cloud Security Single Sign-On

Azure Single Sign-On Case Study #3: Secure authentication for Function Apps

Natalia Trojanowska-Korepta 2024.09.04 · 8 MIN reading

Cloud Security

Using Azure CLI and PowerShell to secure your Storage Accounts

Krzysztof Demczuk 2024.01.17 · 5 MIN reading

Cloud Security

Cloud Shared Responsibility Model explained

Łukasz Bobrek 2023.04.12 · 10 MIN reading

Cloud Security

Setting up your AWS Monitoring – Security tips

Paweł Kusiński 2022.01.05 · 14 MIN reading

IAM Single Sign-On

Conditional UI in WebAuthn. Passkey autofill

Maksymilian Wiese 2026.03.02 · 10 reading

IAM

Identity Broker case study: How to prevent tenant isolation vulnerabilities with…

Natalia Trojanowska-Korepta 2025.08.14 · 15 MIN reading

Infrastructure Security

CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability

Jakub Korepta 2025.01.07 · 5 MIN reading

Infrastructure Security

5 security tips for your macOS environment

Wojciech Reguła 2021.04.28 · 6 MIN reading

Infrastructure Security

Local Privilege Escalation in macOS infrastructure

Wojciech Reguła 2020.12.09 · 6 MIN reading

Infrastructure Security

Story about hacking security conference and their funny revenge

Wojciech Reguła 2018.04.09 · 3 MIN reading

Infrastructure Security

Several polish banks hit by watering hole attack – lessons learnt?

Wojciech Dworakowski 2017.02.08 · 5 MIN reading

IoT Devices Security

GATTacking Bluetooth Smart Devices – Introducing a New BLE Proxy Tool

Sławomir Jasek 2017.06.19

IoT Devices Security

HCE cloning FAQ

Sławomir Jasek 2017.04.11 · 5 MIN reading

Premium IoT Devices Security

GATTacking Bluetooth Smart devices

Sławomir Jasek 2016.08.05

Premium IoT Devices Security

Connected Car Security – Threat Analysis and Recommendations

Wojciech Dworakowski 2015.10.15

App Security Mobile App Security Web App Security

Security testing programme – 25 years of experience in a nutshell

Adam Zachara 2026.05.19 · 10 reading

Mobile App Security

Where should you begin with mobile application security requirements?

Jakub Czarnojan 2026.04.01 · 5 MIN reading

Mobile App Security

From .mlmodel to encrypted .mlmodelc: How Apple Encrypts and Delivers ML Models

Dawid Pastuszak 2026.01.21 · 7 MIN reading

Mobile App Security

Threats to consider when integrating Digital ID solutions into your organization

Szymon Chadam 2025.06.03 · 6 MIN reading

Mobile App Security

How we helped secure Poland’s digital ID system – technical analysis

Szymon Chadam 2025.04.11 · 10 MIN reading

Our Tools

Making iOS apps secure with iOS Security Suite (ISS)

Wojciech Reguła 2024.12.11 · 2 MIN reading

Our Tools

iOS Security Suite – anti-tampering Swift library

Wojciech Reguła 2019.09.01

Our Tools

BucketScanner

Paweł Rzepa 2018.08.30

Our Tools

DumpsterDiver

Paweł Rzepa 2018.08.30

Our Tools

Ethereum Responsible Disclosure Messenger

Damian Rusinek 2018.08.30

Physical Security

Mifare Classic cards security

Bartosz Klinowski 2025.07.04 · 15 MIN reading

Physical Security Red team

Red Team stories – Bypassing RFID-based access control systems

Julia Zduńczyk 2025.05.14 · 6 MIN reading

Physical Security

Red Teaming in practice: Physical Security Testing tutorial

Julia Zduńczyk 2024.11.05 · 3 MIN reading

Physical Security Red team

Red Team stories – Bypassing RFID-based access control systems

Julia Zduńczyk 2025.05.14 · 6 MIN reading

IAM Single Sign-On

Conditional UI in WebAuthn. Passkey autofill

Maksymilian Wiese 2026.03.02 · 10 reading

Single Sign-On

Which IAM SaaS architecture is for you – exploring IAM architectures…

Natalia Trojanowska-Korepta 2025.05.13 · 10 MIN reading

Single Sign-On

CVE-2025-26788: Passkey Authentication Bypass in StrongKey FIDO Server

Natalia Trojanowska-Korepta 2025.02.14 · 5 MIN reading

Single Sign-On

The year in review: The most interesting Single Sign-On vulnerabilities of 2024

Natalia Trojanowska-Korepta 2025.01.27 · 8 MIN reading

Single Sign-On

New Year, New IAM: A reasonable approach to Identity and Access…

Natalia Trojanowska-Korepta 2024.12.17 · 10 MIN reading

Software Development Security

Baking Mojolicious Cookies revisited: a case study of solving security problems…

Jakub Kramarz 2024.10.29 · 5 MIN reading

Software Development Security

Security of External Dependencies in CI/CD Workflows

Jakub Kramarz 2024.10.09 · 6 MIN reading

Software Development Security

Security Features in Financial Applications – our recommendations

Łukasz Bobrek 2021.08.19 · 7 MIN reading

Software Development Security

How to stay secure for longer? Software development case.

Mateusz Olejarka 2021.07.20 · 8 MIN reading

Software Development Security

Adding security to your SDLC process

Mateusz Olejarka 2021.05.04 · 7 MIN reading

Threat Modeling

Light & agile approach to threat modeling

Sebastian Obara 2024.08.07 · 7 MIN reading

Threat Modeling

How to prepare an effective threat modeling session

Sebastian Obara 2023.05.17 · 10 MIN reading

Threat Modeling

Why threat modeling is important

Sebastian Obara 2023.02.13 · 5 MIN reading

Threat Modeling

Threat Modeling – how to start doing it?

Jakub Kałużny 2021.03.30 · 9 MIN reading

Threat Modeling

Thinking what can go wrong? Introduction to Threat Modeling.

Jakub Kałużny 2021.02.17 · 9 MIN reading

App Security Mobile App Security Web App Security

Security testing programme – 25 years of experience in a nutshell

Adam Zachara 2026.05.19 · 10 reading

Web App Security

Software developers in a digital crosshair

Mateusz Olejarka 2026.04.21 · 10 reading

App Security Web App Security

Upcoming changes in EU online payments and what they mean for…

Wojciech Dworakowski 2025.12.07 · 6 reading

App Security Web App Security

Transaction Authorization Pitfalls – How to improve the current payment ecosystem…

Wojciech Dworakowski 2025.06.24 · 12 MIN reading

Web App Security

Next.js-based Application Security Insights

Dawid Nastaj 2025.06.06 · 10 MIN reading

We speak on

Presentation

View all

All
App Security
Blockchain
Cloud
Mobile
Security Testing

Behind Closed Doors – Hacking RFID Readers

Julia Zduńczyk Sep 12, 2024

Security Testing

How to Break into Organizations with Style

Julia Zduńczyk Nov 22, 2023

App Security

AI trick or treat – security implications of ML/AI in our everyday life

Mateusz Olejarka Nov 15, 2023

App Security

Developer in a digital crosshair, 2023 edition

Mateusz Olejarka Apr 25, 2023

Security Testing

Is persistency on serverless even possible?!

Paweł Kusiński Oct 18, 2022

Security Testing

What happens on your Mac, stays on Apple’s iCloud?!

Wojciech Reguła Oct 11, 2022

App Security

AI trick or treat – security implications of ML/AI in our everyday life

Mateusz Olejarka Nov 15, 2023

App Security

Developer in a digital crosshair, 2023 edition

Mateusz Olejarka Apr 25, 2023

App Security

How secure are webinar platforms?

Michał Ogorzałek Sep 28, 2021

App Security

Abusing & Securing XPC in macOS apps

Wojciech Reguła Mar 16, 2020

App Security

We need to go deeper – Testing inception apps

Jakub Kałużny Jun 04, 2019

App Security

Testing iOS Apps without Jailbreak in 2018

Wojciech Reguła Jul 09, 2018

Blockchain

Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards

Damian Rusinek Dec 03, 2019

Blockchain

Outsmarting Smart Contracts – an essential walkthrough a blockchain security minefields

Damian Rusinek Jun 08, 2018

Cloud

Serverless security: attack & defense

Paweł Rzepa Sep 28, 2020

Cloud

Attacking AWS: the full cyber kill chain

Paweł Rzepa Jun 08, 2019

Cloud

Hunting for the secrets in a cloud forest

Paweł Rzepa Jun 07, 2018

Mobile

Building & Hacking Modern iOS Apps

Wojciech Reguła May 28, 2019

Security Testing

How to Break into Organizations with Style

Julia Zduńczyk Nov 22, 2023

Security Testing

Is persistency on serverless even possible?!

Paweł Kusiński Oct 18, 2022

Security Testing

What happens on your Mac, stays on Apple’s iCloud?!

Wojciech Reguła Oct 11, 2022

Security Testing

0-Day Up Your Sleeve – Attacking macOS Environments

Wojciech Reguła Sep 20, 2022

Security Testing

20+ Ways to Bypass Your macOS Privacy Mechanisms

Wojciech Reguła Aug 30, 2021

Security Testing

Let’s get evil – threat modeling at scale

Jakub Kałużny Dec 17, 2019

Experts

Wojciech Reguła Principal IT Security Consultant
Head of Mobile Security

Łukasz Bobrek Principal IT Security Consultant
Head of Cloud Security

Mateusz Olejarka Principal IT Security Consultant
Head of Web Security

Join our team

Take on a journey with a market leader!

Join us

Where you can find us?

Future Events

May 25-26, 2026

Cracow, Poland

CONFidence 2026

Jun 4, 2026

Vilnus, Lithuania

BSides Vilnius

Sep 29-Oct 2, 2026

Gothenburg, Sweden

MacSysAdmin Conference 2026

Past Events

Apr 16, 2026

Cracow, Poland

SysOps/DevOps Meet up Poland

Dec 2-3, 2025

Warsaw

Oh My Hack

Nov 25-26, 2025

Düsseldorf, Germany

Security testing programme – 25 years of experience in a nutshell

Join our team

CONFidence 2026

BSides Vilnius

MacSysAdmin Conference 2026

SysOps/DevOps Meet up Poland

Oh My Hack

German OWASP Day 2025