Skip to main content
🔬 Security Research & Development

Research &
Development

Cybersecurity research that creates measurable impact through vulnerability discovery, tool development, and industry leadership

Password Security

Leading the industry through DEF CON CMIYC contests and published password research

Vulnerability Discovery

Finding and responsibly disclosing security flaws in critical systems and software

Open Source Tools

Creating practical security tools used by researchers and practitioners worldwide

Recent Vulnerability Discoveries

yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

CWE-926 • CVE-2025-15464

Published: January 7, 2026

Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information

CWE-648 • CVE-2025-54766

Published: July 27, 2025

Xorux XorMon-NG Web Application Privilege Escalation to Administrator

CWE-648 • CVE-2025-54765

Published: July 27, 2025

Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

CWE-648, CWE-532 • CVE-2025-54768

Published: July 27, 2025

Responsible disclosure process ensures vendors can patch vulnerabilities before public release

View All 105 Security Advisories

Vulnerability Research

Our vulnerability research team systematically analyzes software, firmware, and hardware to discover security flaws that could affect production systems.

Security Advisory Series

Publishing detailed security advisories (KL-001 series) for discovered vulnerabilities

Cross-Platform Analysis

Vulnerability research across embedded systems, enterprise software, and network infrastructure

Password Security Research

KoreLogic is a recognized leader in password security research, organizing industry competitions and conducting government-funded research to advance password security.

DEF CON Crack Me If You Can

Annual password cracking contest we organize at DEF CON, pushing the boundaries of password security research

Password Village

Managing DEF CON's Password Village, fostering community learning and research collaboration

PathWell Project

DARPA Cyber Fast Track

Password Topology Histogram Wear-Leveling research project

Enterprise Password Strength

Dynamic password strength enforcement, blocking common passwords based on password topologies

Measurable Impact

Improving organizational password policies through data-driven insights

Open Source Tools

We develop and maintain open source security tools that are used by researchers, security professionals, and organizations worldwide.

Security Tools That Ship

Tools designed to solve common security problems faced by practitioners

Community Contributions

Supporting the security community through freely available, well-documented tools

Our Open Source Tools

FTimes

File system monitoring and analysis tool

WebJob Framework

Endpoint security solution with grid computing capabilities

WMkick

MITM tool for capturing NetNTLMv2 hashes

Browse Our Tools on GitHub

Government Research Portfolio

DARPA Cyber Fast Track

PathWell password topology research project

Multi-Year Security Research

Ongoing projects addressing pressing national security challenges

HardKore Labs

Vulnerability and exploit research for government agencies

Purpose-Built Solutions

Custom security technologies and patented innovations

Government Projects

As a trusted government contractor, we conduct advanced cybersecurity research that addresses national security challenges and protects critical infrastructure.

National Security Impact

Research projects that directly contribute to national cybersecurity capabilities

Industry Leadership

Our research team actively participates in the cybersecurity community through conference presentations, contest organization, and tailored client education.

Conference Organization

Leading DEF CON's CMIYC password cracking contest and Password Village activities. Since 2023, KoreLogic has led the development of the annual CyberConVA program.

Research Presentations

Sharing findings and techniques with the broader security community, including ICSJWG presentations on red teaming industrial control environments

Custom Security Briefings

Preparing focused crash courses and technical briefings around client-specific threat models, research questions, and areas of concern

Conference Participation

Major Conferences
  • • DEF CON
  • • Black Hat
  • • ShmooCon
  • • BSides Events
Specialized Events
  • • CyberConVA
  • • ICSJWG
  • • Techno-Forensics
  • • OWASP
  • • DerbyCon

Community Impact

Regular speaking engagements and contest organization that advance cybersecurity knowledge sharing

Research Collaboration

Partner with our research team on cybersecurity projects that create lasting security impact.

2004
Research Since
105
Security Advisories
CNA
CVE Numbering Authority
Contact Our Research Team
🔐 PGP Key for Secure Communication