Security research

The vulnerability research manifesto

Updated at
vvulnerability research manifesto

We work everyday to develop the tools, detections, and exploits that help ethical hackers fight to improve organizations’ defenses

As you know, the fight is unfair - and rigged: penetration testers and other offensive security practitioners are bound by the terms of engagement, while attackers are free to do anything - and everything

That’s why our research team dissects vulnerabilities that bad actors use in active attacks, for which there are no available public exploits security pros can use.  

We will often build those exploits and put them in your hands, so you can do good and counteract the damage criminals cause with their own. 

We know you may have questions about why we’re doing this, so here are some answers. 

Sharing knowledge and tools is how we advance

We believe information security only evolves if we, the people who care about it, share what we know, what we learn, and how we think about things. 

We discover what we (don’t) know by talking to others and working together.

shared knowledge with customers, developers, and operations

Tools are neither intrinsically good, nor bad 

Personal motivation influences everything. This is extremely important in offensive security, where the same set of skills and knowledge can either destroy or protect.

We make the conscious choice of building not just hacking tools but also the learning resources that help security practitioners use them with uncompromised ethics and strong integrity.

offensive security tools are nether good nor bad  

There are more defenders than criminals 

We believe that people who want to use their hacking skills and know-how for good outnumber the individuals driven by destructive desires.

They deserve our help, our support, and our faith in their ability to do good and influence others to do the same.

more defenders than criminals

Offensive security work has a disproportionate impact 

A public exploit has the power to mobilize an organization to fix critical vulnerabilities much faster. This is especially important in situations where a security issue can become debilitating for a company on which thousands of people depend for access to healthcare, food, transportation, employment, and more. 

fixing critical vulnerabilities

We believe in you - and your integrity 

You wouldn’t read this if you didn’t resonate with what we do and how we approach things. 

There’s a lot of good we can do together, even if we don’t know each other personally. 

We contribute to the same effort. We belong to the same tribe of people who believe technology can improve the world - if we build, use, and improve it to be safer. 

doing the ethical work in offensive security

Thank you for doing the work!

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account


© 2013-2024 has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn! has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.