The official Zerocopter blog — the source for news, insights, and our thoughts on online security.

This is how hackers investigate your online security

One of the services we offer at Zerocopter is that hackers (we call them researchers) check whether they can find vulnerabilities in your online security. Here we will explain how it works, what options you have and how the researchers do this. When... Read all about it

Why letting your website get hacked makes it safer - Responsible disclosure

One of the ways to improve the security of your website and data is by placing a responsible disclosure policy on your website. In this blog we explain how it works. With a responsible disclosure policy you ask others to report any vulnerabilities... Read all about it

New features: 2FA, reports overview and terms & conditions

Happy Wednesday everyone, We’re excited to announce new features and updated terms & conditions. We updated the reports overview to make it more clear, easier to get an overview of all the reports and easier to close multiple reports. Since... Read all about it

Read this if you ever have a good idea.

While the majority of the blogs I read are written at a further stage, and a lot of times about “what I’ve learned” or “what I could do better”; in this case I chose different. This evening I walked downstairs to get me a drink. It’s 1:00 AM and I... Read all about it

400 million victims in Friend Finder data breach

Some 412 million users of the largest dating websites should be worried, because in October 2016, Friend Finder Network, Inc. was hacked and their data stolen. Friend Finder Network, Inc. is a company that operates a wide range of adult services, and... Read all about it

Should we report our cybercrime leaks?

Written by Edwin van Andel - Hacker and public speaker for Zerocopter Yesterday the Dutch parliament passed a law stating that organisations now have the obligation to report on severe cyberattacks. Last week in a dutch newspaper, an article emerged... Read all about it

Why you should get yourself hacked by a group of hackers you don't know

Written by Olivier Beg - Head of Researchers Zerocopter When you put something online on the internet you are automatically a target for hackers. They scan entire IP ranges to search for specific vulnerabilities and you might have one of them. Before... Read all about it

Let's hack together

We are really fond of hacking stuff together. Not only websites, but also the IoT stuff. Things like your iKettle, or Wi-Fi fridge (if you have this fridge, can we borrow it?) Olivier and I ordered a couple of Wi-Fi FPV Nano Drones (FQ777–954), and... Read all about it

Zerocopter on Risk Governance

Last week, Zerocopter was invited to attend a working group meeting organized by the faculty of Technology, Policy and Management of the Delft University of technology. The goals for the organizing party were to get input from government, private parties... Read all about it

Connecting hackers. Is it frequencies? Or just interest?

Yup, that's a pretty weird title. So you could have just clicked away and be on your way now to find something else of interest on the interwebs. But you didn't. You are here, reading these words. Why? The reason I ask, is that I'm wondering about... Read all about it

New Feature: Integrations

You can now integrate with your favorite tools I'm excited to announce our latest feature: Integrations. Integrations allow you to send your incoming vulnerability reports directly to your favorite third-party tools. You can send your reports to... Read all about it

Newsflash: Mission impossible? Hacking a country and obtaining its citizens database…

Have you ever imagined what would happen if a database was leaked containing all the personal data of all the citizens of an entire country? Today was the day that this happened (at least, hackers claim that it has happened, it’s not confirmed by... Read all about it

5 ways to bypass CSRF protection

The easter bunny came by Zerocopter’s offices today and while he didn’t leave any eggs, he did leave 5 ways to bypass CSRF protection for you! 1. Verify that the token is really random. The CSRF token isn’t always as random as it seems to be. For... Read all about it

Bollo. The quest for a Zero-day scanner

And so, it ended. What was supposed to be a fun and relaxing team outing, turned in to a nightmare of epic proportions. Knives where thrown, harnesses and armor were conquered. Bacon was consumed and many beers where liquidated. In the end we were... Read all about it

Why Mr Robot is awesome.

Mr Robot is awesome. It’s one of the best series that I have seen during the last year, (next to breaking bad, breaking bad is awesome^2.) Two things stand out when watching Mr Robot. At first, the hacking. I don’t know if you ever accidentally watched... Read all about it

Exploiting blind cross-site scriptings

A cross-site scripting vulnerability (also known as XSS) is a vulnerability that allows hackers to execute malicious scripts into a web application. Looking at the statistics of Google’s vulnerability reward program -Google rewards hackers for vulnerabilities... Read all about it

HP ThinClients hacked. EasyTools; Easy to (ab)use!

TL;DR This is about CVE-2015-2112 and CVE-2015-2113. HP ThinClients are shipped with Easy Tools software. This software allows a LOT (Like RCE). Uninstall / Disable it. Advisory: https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04629160 Read all about it

Scope: The final frontier

You all know what i’m talking about. You scored an assignment, a nice big pentest, and the customer defines it: scope. Or you are the customer, give some pentest company or platform written permission to test your website, and you define it: scope Read all about it

Edwin van Andel joins Zerocopter!

Edwin van Andel made the transition from Yafsec to Insite Security / Zerocopter. Starting this week, Edwin will strengthen us with his years of experience, and unorthodox view on information security. Edwin is a hacker at heart. Pressing buttons from... Read all about it

Not all hackers are stealing your credit card info...

The term Hacking is widely interpreted as “breaking into computers”. Although this sounds criminal, it sometimes is not. A lot of hacking actually happens with permission of the rightful owner of a site or device, for instance when a company hires... Read all about it