tosch is specialized in delivering high-quality penetration testing services tailored to meet your unique security needs. With a diverse skill set, we are equipped to assess various targets within your environment, ensuring a comprehensive evaluation of your security posture.
Whether you require an assessment of your entire IT environment, a specific system, or a particular application, be it web-based or a thick application, we've got you covered. Our penetration testing services are adaptable to your specific requirements, providing a thorough analysis of the designated target.
Vulnerabilities can often hide within the intricate layers of your source code. Our source code review services are designed to unearth complex security issues, accelerate the validation process, and provide precise recommendations for effective remediation for the following languages:
We believe in a collaborative partnership, working closely with your development team to understand the intricacies of your code and provide actionable insights.
We're not just about security assessments; we're also your go-to team for crafting custom software solutions. Whether you're looking for specialized IT security tools or need a unique application, from your website to your bespoke RFID reader, we've got you covered.
Our programming skills extend across a range of languages, including C, C#, Python, Java, PHP, and the trio of HTML, JS, and CSS. This diversity allows us to adapt to your project's specific needs and integrate seamlessly into your existing tech environment.
Elevate your team's expertise with our training programs. Previously featured at conferences such as Trooper, "La Nuit du Hack," hack.lu, and lehack, our training sessions are crafted to empower professionals in the ever-evolving landscape of IT security.
This training delves into reverse engineering a (M)MORPG (Pwn Adventure 3). Covering network protocol reverse engineering, participants learn to make accurate assumptions, isolate data, and analyze changes in network traffic. The workshop progresses to building a Wireshark dissector in Lua, creating an asynchronous Python proxy for traffic interception, and exploring binary reverse engineering for quest secrets and game vulnerabilities. Attendees will engage in manual binary patching for enhanced gameplay and conclude by dynamically hacking the game through library hooking. This comprehensive session equips security professionals with transferable skills for client-server application penetration tests.
This training explains the most well-known application security vulnerabilities: namely, buffer overflow, use-after-free, format string, and integer under/overflow. Beginning with the basics, it elaborates on what a CPU is, how it executes operations, and how it coordinates with memory and inputs/outputs to run applications. We then proceed with a programming crash course in C language before transitioning to assembly. Rest assured, we won't delve too deeply—just enough to comprehend, identify, and exploit basic buffer overflow, use-after-free, format string, and integer under/overflow vulnerabilities.
We can also create customized security training tailored to your specific needs. This includes developing personalized awareness programs, covering essential security concepts like the OWASP Top 10, as well as technical topics such as developing BurpSuite extensions or RFID security. We are equipped to design and deliver training that perfectly aligns with your requirements.
tosch founded the first DEFCON Group in Belgium. The group is hosted by the University of Louvain-La-Neuve and usually takes place once every two months.
DCGs are a gathering point for folks interested in the alternate applications of modern technology, referred to properly as "hacking"; a place for the discussion of technology and security topics.
Our DEFCON Group covers topics suchs as...
More information and announcements are available on our Meetup and our Discord.
With over a decade of dedicated experience in the field of security, I have seamlessly navigated the realms of both internal and consulting roles within renowned entities listed on the DAX top 10, startups, telecom, government, and research institute. Specializing primarily as a penetration tester, I have also honed my expertise in incident response. My journey has not only been about mastering the intricacies of security but also about the joy of continuous learning and the fulfillment derived from sharing knowledge. Whether identifying vulnerabilities or responding to incidents, my commitment extends beyond safeguarding systems to fostering a culture of perpetual growth and education within the security domain.
Rue de la Briqueterie 3,
5340 Faulx-Les-Tombes
BE1004.661.563
