Code Fighters
Lab
Na Conviso, nós acreditamos que o conhecimento é mais potente quando é compartilhado. Nosso Code Fighters Lab é composto pelo nosso time de Pesquisa e Desenvolvimento - pesquisadores de Segurança de Informação dedicados a estudar AppSec de forma contínua para trazer informação e desenvolvimento para a comunidade. A cultura de AppSec é um ideal que nos inspira. Nossos profissionais trabalham diariamente com o objetivo de trazer soluções inovadoras para os desafios de appsec - compartilhando suas descobertas e experiências e colaborando com a comunidade.
Explore nossas descobertas recentesConviso Code Fighters
Pesquisa, Colaboração e Inovação
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad3401281a6dd6_Gabriel_Quadros.png)
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad34752a1a6ddc_Ricardo-Silva.png)
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad34453c1a6dd3_Rangel.png)
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad340d771a6ddf_Uilton-Lopes.png)
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad34dcdf1a6dd9_Gustavo_Dutra.png)
Nossos estudos, análises e pesquisas mais populares
![](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad34186c1a6de2_30-09-2021.jpg)
CVE: 2021–3311 October CMS Token Reactivation
Many bounties and many pieces of researches emerge just by looking at the right amount of code at the right path number and them BOOM!
![Blog img](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad3421b31a6de5_CVE-2021.jpg)
A case study on: CVE-2021-22204 – Exiftool RCE
Recently, the researcher wcbowling found a vulnerability in the Exiftool tool, that enabled a malicious actor to perform a Remote code Execution attack.
![Blog img](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad342b7d1a6dc6_Overview-of-the-security-issues-we-found-in-Rails%E2%80%99s-image-processing-API_Thumb.jpg)
CVE-2022-21831: Overview of the security issues we found in Rails’s image processing API
During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…
![Blog img](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad344c3f1a6dc9_CTR_mode_ciphers_Thumb.jpg)
Why are nonces important on CTR mode ciphers
This article: “Why are nonces important on CTR mode ciphers” was written 3 years ago, and is available again on our blog.
![Blog img](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad3407ba1a6dcc_Malware_Thumb.jpg)
Bank malware mitigations
Malware (Bank malware mitigations) is the name for a program designed to mistreat its users.
![Blog img](https://cdn.prod.website-files.com/61c9f20a2534eb1494277675/6267eff910ad348af91a6dcf_Veracode_Thumb.jpg)
Veracode API: Getting things done with AWS Lambda and AWS API Gateway
Every day at Conviso both dev and sre teams are working together facing challenges to make Conviso Platform a more complete solution.