NEWS AND EVENTS

2016-10-21

We are going to have Pwn0rama in Shanghai (24-25, Nov). USD500,000 for iOS remote jailbreak and USD700,000 for Android Chrome RCE+SBX(persistent). Register now at https://www.coseinc.com/en/index.php?rt=pwn0rama

2016-10-20

Registration for SyScan360 in Shanghai is open. There will be only 200 tickets for sale. Registration will close Nov 6. Go grab your ticket.

2016-02-24

Safari exploit with sandbox escape into kernel context that works on 5c and 6s, is reliable(1), runs fast(2) and generic(3): Total: $345,000

2016-02-24

Safari exploit without sandbox escape that works on iphone 6s only, is reliable(1) and runs fast(2): Total: $51,000 #pwn0rama

2016-02-24

we have written a new version of the rules for PWN0rama. feel free to use it for your similar competition. #pwn0rama #coseinc

2016-02-18

i received a letter from the lawyers of HPE threatening legal action if i do not take down PWN0rama @dragosr #pwn0rama #coseinc @COSEINC_SG

2016-02-17

i am pleased to announce that @thegrugq will be one of the distinguished judges at PWN0rama #PWN0rama #COSEINC

2016-02-15

PWN0rama will offer all successful contestants 2 nights of hotel stay (swissotel stamford). please sign up by 29 Feb 2016.

2016-02-15

If you have a sandbox escape for Safari browser context to kernel (iOS) context, we will pay you US$100k.

2016-02-15

if you have a mobile web browser exploit lying around, come to Pwn0rama and we will pay between US$30k - US$80k

2016-02-15

COSEINC is organising mobile Pwn0rama 23-24 March 2016. Prizes worth US$500,000 to be won. More details available at https://www.coseinc.com/en/index.php?rt=pwn0rama …

2015-11-03

COSEINC is hiring Browser Security Researchers. If you are interested, please email info@coseinc.com

2015-05-20

Linux Security Researcher Job Descriptions: • Perform source code auditing to identify bugs within Linux kernel or open-source applications that may bypass existing security mitigations, thereafter leading to code execution. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the Linux security landscape Requirements: • Experiences in auditing source code for Linux Kernel and open-source applications (and services) for bugs that may lead to code execution • Good understanding of kernel and userspace exploitation, preferable with experiences in developing proof-of-concepts to demonstrate the severity of bugs found • Demonstrate requirements a. and b. through one or more of the following - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

2015-05-20

Web Browsers Security Researcher Job Descriptions: • Perform cutting edge vulnerability research on web browsers (running on Windows OS). • Identify and audit browsers for bugs that may lead to RCE and bypassing/mitigation of security mechanisms • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on new security technologies that may impact web browsers Requirements: • Experiences in auditing browsers running on Windows for bugs that may lead to remote code execution (RCE) • Good understanding of different browser security mechanisms, such as sandboxes, and preferably experiences in auditing these mechanisms to bypass/mitigate them • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Good track record, demonstrated through one or more of the followings: - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

2015-05-20

Virtualization Security Researchers Job Descriptions: • Perform cutting edge vulnerability research on Hypervisor technology. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the security landscape, especially in the area of hypervisor vulnerabilities. Requirements: • Experience with Binary Analysis and Reverse Engineering • Experience with researching on VMware Hypervisors • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Good record of performing hypervisor related vulnerability research, demonstrated by the following: - Wrote blog/articles on relevant topics - Training classes - Presented at renowned conferences - Publicly disclosed CVEs - Relevant work experience - Substantial code contributions to open-source hypervisors

2015-05-20

Mobile Security Researchers Job Descriptions: • Perform cutting edge vulnerability research on IOS or Android. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the security landscape, especially in the area of mobile vulnerabilities. Requirements: • Experience with Reverse Engineering , Debugging and Code Analysis on IOS or Android • Experience with vulnerability research on IOS or Android • Solid understanding of IOS/Android security model, how they are implemented and how they can be bypassed • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Strong problem solving and analysis skills • Good track record in the area of IOS and Android vulnerability research, demonstrated by the following: - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

2015-05-20

We are hiring the following roles: Mobile Security Researchers Virtualization Security Researchers Web Browsers Security Researchers Linux Security Researchers Send in your detailed CVs to info@coseinc.com

2015-02-10

We are at NUS Career Fair booth 155. Do come down and visit us.

2014-10-21

COSEINC's analysis of XratClient that affected Hong Kong is now available at https://camal.coseinc.com/publish/From%20Xratclient%20to%20HK%20with%20Love.pdf

2014-10-21

COSEINC's analysis of the Phenom malware is now available at https://camal.coseinc.com/publish/Phenom%20-%20Bypassing%20Antivirus.pdf

2014-03-07

COSEINC's analysis of TDR is now available for download at https://camal.coseinc.com/publish/2014TDR.pdf

2014-03-06

We have just published the analysis of Trojan.TDR. The report can be found at https://camal.coseinc.com/publish/2014TDR.pdf

2013-12-27

At the launch of CAMAL v2, we will also launch Mobile Apps Threat Reporting Service powered by VisualThreat. So email info@coseinc.com to sign up for the launch seminar.

2013-12-27

On January 24, 2014 COSEINC will launch CAMAL v2 at the Swissotel Merchant Court Hotel. The technical highlights of CAMAL v2 are: Behaviour Tracking Engine that captures all interactiona between a malware and the OS; Behaviour Hueristic Engine that analyses a malware's behaviour to determine if it's malicious; a fast Clustering Engine that determines if a malware is unique or a variant of an existing family; and a Multi-AV engine that scans a malware with updated leading AV vendors.

2013-12-19

In late January 2014 COSEINC will be launching CAMAL v2 with clustering engine, multi-AV scan, behavior tracking and heuristic capabilities.