About us

CoreLabs is the research center of Core Security Technologies. It has been headquartered in Buenos Aires, Argentina, since its creation in 1996. The research focus is in computer security technologies, mainly attack technologies for workstations, servers and web applications; the detection of security vulnerabilities and technologies that prevent their exploitation.

Areas

We are devoted to designing new means for detecting web application vulnerabilities, exploiting them and executing post-exploitation tasks that target web-application technologies and their interoperation with other technologies. [+] We design techniques and build tools for detecting security vulnerabilities in software. [+] We research attack desing techniques in order to build techniques to help assess the security of computer-centric organizations. [+] This area encompasses several computer security projects in software protection, cryptography plus our efforts in computer security education and fostering a research community in Argentina. [+] In order to be ahead of attackers we research not only the vectors that are being exploited today (i.e., server vulnerabilities, client-side vulnerabilities and web- application vulnerabilities) but also those technologies underlying technologies that are being adopted or might be adopted by the mainstream. [+] We are tasked with discovering the changes in the threat-space introduced by public clouds and designing security assessment technology to cover these. [+]

News We are organizing the second Backdoorhiding Contest, online during DefCon 19. Visit the site for more details! We are organizing DataMatrix Contests, at BlackHat USA 2011 and DefCon 19. Visit the site for more details! Latest events Penetration Testing == POMDP Solving? At 3rd Workshop on Intelligent Security (SecArt'11). Barcelona, Spain. July 18, 2011. Latest advisories Multiple vulnerabilities in HP Data Protector HP Data Protector EXEC_CMD Buffer Overflow Vulnerability

Featured Projects

Attack Planning: Penetration testing is a highly manual practice, which requires an knowledgeable operator with the right toolset. Some task performed by penetration testers have been automated by complex tools, such as Core Impact. Yet, pen-testing requires making decisions as chosing which is the best possible action to take while judging the information available after each step. This project looks for means to automate penetration testing.

Cloud-security research: We are concerned with using the elasticity of public clouds to improve the deepness and coverage of penetration testing techniques. As part of this effort we designed and developed CloudInspect.