Code Fighters

Lab

At Conviso, we believe that knowledge is more potent when it’s shared. Our Code Fighters Lab is composed by our Research and Development Team – Information Security Analysts dedicated to continuously studying Application Security, striving to promote relevant information for the AppSec community.

We are truly inspired by the ideal of AppSec as a culture. That’s why our professionals work daily to find new, innovative solutions to security challenges – to then share their findings and collaborate with the community.

Explore our latest articles

Conviso Code Fighters

Researching, Sharing, and Innovating

Gabriel Quadros
Security Researcher
Gustavo Dutra
Security Researcher
Ricardo Silva
Security Researcher
Rangel Rosa
Security Engineer
Uilton Lopes
Security Engineer
Relevant Submissions

Our most popular studies, findings, and analysis

07/10/2021

CVE: 2021–3311 October CMS Token Reactivation

By
Anisio Santos

Many bounties and many pieces of researches emerge just by looking at the right amount of code at the right path number and them BOOM!

Learn more
19/05/2021

A case study on: CVE-2021-22204 – Exiftool RCE

By
Gustavo Dutra

Recently, the researcher wcbowling found a vulnerability in the Exiftool tool, that enabled a malicious actor to perform a Remote code Execution attack.

Learn more
10/03/2022

CVE-2022-21831: Overview of the security issues we found in Rails’s image processing API

By
Communication Team

During a security auditing of the Ruby on Rails source and its dependencies, we discovered two ways to exploit ActiveStorage’s image…

Learn more
27/12/2021

Why are nonces important on CTR mode ciphers

By
Communication Team

This article: “Why are nonces important on CTR mode ciphers” was written 3 years ago, and is available again on our blog.

Learn more
04/11/2021

Bank malware mitigations

By
Communication Team

Malware (Bank malware mitigations) is the name for a program designed to mistreat its users.

Learn more
28/10/2021

Veracode API: Getting things done with AWS Lambda and AWS API Gateway

Every day at Conviso both dev and sre teams are working together facing challenges to make Conviso Platform a more complete solution.

By
Daniel Arenas
Learn more