Tag: DEVCORE

DEVCORE announced today (February 12th) that its Red Team Exercise service will be included in the public sector co-supplier contract for cybersecurity services by the end of 2024. DEVCORE is also one of the co-suppliers of the Red Team Exercise service, indicating that government departments expect to improve cybersecurity effectiveness through Red Team Exercises. ▲Left: DEVCORE CEO and Co-founder, Ong Hao-cheng; Right: DEVCORE Co-founder and Senior Vice President, Hsu Nien-en. DEVCORE also pointed out that the value of Red Team Exercise projects in 2024 increased by 11% compared to the previous year, and it is estimated that the revenue growth of Red Team Exercise services in 2025 will exceed 20%. To strengthen cybersecurity, the government and industry are joining forces. DEVCORE's Red Team Exercises are included in the public sector joint contract. To comprehensively enhance the cybersecurity capabilities of government agencies, the Digital Industry Administration of the Ministry of Digital Development included "Red Team Exercise Services" in the "Fifth Computer Software Joint Supply Contract Procurement – ​​Cybersecurity Services and Information Services" in 2024. This is not only the first cybersecurity service item added in ten years, but also a milestone in the government's high regard for and further strengthening of cybersecurity protection. DEVCORE, as Taiwan's first professional provider of Red Team Exercise services and a leading provider in this service, assists government agencies in procuring necessary cybersecurity services through joint supply contracts in the future. This significantly improves procurement efficiency for the government, allowing them to select cybersecurity services with sufficient quality and standards based on their budgets and needs, enabling more precise cybersecurity exercises and protection enhancements. DEVCORE CEO and Co-founder Hao-Cheng Weng stated, "DEVCORE is pleased to see red team drill services included in the public sector joint supply contract. This not only symbolizes the government's increased investment in cybersecurity, but also demonstrates the value of drill services, potentially influencing industries to adopt advanced drill services. We also hope to leverage our technical expertise and years of practical experience in red team drills to help companies apply the results of red team drills to their strategies and overall response mechanisms, creating a more secure and forward-looking digital environment at the architectural and process levels, and comprehensively deepening cybersecurity resilience." Demand for red team drills is booming, with market momentum expected to peak again in 2025. According to DEVCORE's internal observations, red team drill services are being adopted by more industries, and market demand continues to grow steadily. From 2021 to 2024, DEVCORE received 2.6 times more inquiries and bookings for red team drills, and the number of inquiries and bookings in January 2025 alone has already exceeded 60% of the same period last year. Among the industries with the strongest demand for red team exercises, the financial sector stands out, while inquiries from the semiconductor industry have been steadily increasing since 2022. Looking at actual procurement data, the financial sector remains the most active in adopting red team exercises, accounting for 29%, followed by the semiconductor industry at 28% and government agencies at 14%. These three industries account for over 70% of DEVCORE's total red team revenue in 2024. DEVCORE also observed that the value of completed red team exercise cases in 2024 increased by 11% compared to the previous year, with new clients accounting for over 50% that year. Notably, unlike in the past, inquiries have also begun to come from major server foundries, indicating that the benefits of red team exercise services are gaining more attention from enterprises and various industries. Enterprises are increasingly recognizing and actively investing in cybersecurity to address the growing severity of cyber threats. To deepen cybersecurity defenses, DEVCORE continues to promote red team drills and disseminate hacker thinking in response to the ever-increasing cybersecurity capabilities and dynamic evolution of the cybersecurity landscape from both government and industry perspectives. DEVCORE will also provide different types of drills based on varying cybersecurity profiles and drill expectations. This extends beyond simply identifying vulnerabilities and maximizing their effectiveness to more realistically simulating attack scenarios. Using a red-blue team coordination model, DEVCORE verifies enterprises' response speed, capabilities, and cybersecurity incident handling procedures in the face of real attacks. This expands the focus from technical patching to a comprehensive improvement in cybersecurity strategy and management. Furthermore, supply chain security has become one of the most challenging cybersecurity issues for enterprises in recent years. DEVCORE will also launch customized proactive product security research services, led by an internationally award-winning cybersecurity research team. These services assist enterprises in verifying the security of various products, including software, hardware, and firmware, ensuring compliance with high-standard cybersecurity requirements, protecting user safety, and enhancing brand image and trustworthiness through secure products. In addition to strengthening the defense capabilities of Taiwanese agencies through red team drills, DEVCORE has long been committed to conveying hacker thinking. In 2025, it will continue to hold the DEVCORE CONFERENCE, a technical seminar focused on attack orientation. The event will take place on March 15th, bringing together industry, government, and academia to focus on the essence of attack techniques and methods, helping the industry to think about defense strategies from the attacker's perspective, and to more effectively review their own cybersecurity protection configurations in order to jointly cope with the ever-changing cyber attack threats.

Offensive cybersecurity company DEVCORE announced today (July 19th) a collaboration with cybersecurity talent development brand OffSec to launch Taiwan's first in-person cybersecurity certification course taught by OffSec instructors. This initiative aims to create a more comprehensive and systematic learning system for Taiwanese cybersecurity professionals. Recognizing the rapidly growing demand for cybersecurity talent in Taiwan, this collaboration between DEVCORE and OffSec targets four essential in-person courses for technical professionals: OSCP, OSWA, OSDA, and OSEE. Senior OffSec instructors from Europe, America, Oceania, and the Asia-Pacific region will personally teach these courses in Taiwan, providing students with systematic cybersecurity learning resources without the need to travel overseas. DEVCORE Co-founder and CEO Hao-Cheng Weng stated, "As a leading company in offensive cybersecurity in Taiwan, DEVCORE is pleased to see global giants like OffSec emphasizing attack technologies and launching corresponding courses and certifications. We also recognize the need for cybersecurity talent development in Taiwan and the provision of relevant resources. We hope that by introducing OffSec's original courses, we can provide Taiwanese cybersecurity talent with more systematic and structured learning resources, breaking down the previous difficulties of having to sift through knowledge points on their own due to their fragmented nature, and further helping Taiwan and businesses to more efficiently enrich their cybersecurity talent pool." For the first time, OffSec instructors are offering in-person OSCP, OSWA, OSDA, and OSEE courses in Taiwan. The live training courses jointly offered by DEVCORE and OffSec cover four major themes, providing in-depth training in skills and professional knowledge through interactive sessions and live explanations. The four main themes include PEN-200 (OSCP), which focuses on successful attack and penetration testing in a secure laboratory environment to enhance practical skills; WEB-200 (OSWA), which focuses on exploring and exploiting common web vulnerabilities and learning how to extract sensitive information from target web applications; SOC-200 (OSDA), which is designed for Security Operations Center (SOC) analysts and threat hunters, teaching them to identify and evaluate real-time end-to-end attacks on different network architectures, thereby gaining practical experience in SIEM (Security Information and Event Management); and EXP-401 (OSEE), which is OffSec's most advanced course, cultivating students' ability to develop creative solutions in increasingly challenging vulnerability exploitation environments through in-depth Windows operating system core courses and extensive teacher-student interaction. Previously, OSWA, OSDA, and OSEE courses were only offered overseas, with Taiwan only offering the OSCP in-person course taught by certified instructors. Through this collaboration, original equipment manufacturer (OEC) instructors will travel to Taiwan to prepare comprehensive course content for students. OSCP will be the first globally to be taught in Chinese by OEC instructors, creating a completely new learning experience through live instruction. From now until August 9th, you can register through the DEVCORE course website to participate in the Live Training courses taught by OEC professional instructors from August 26th to August 30th at a discounted price. Each course includes one exam voucher and 180 days of access to the practice environment. Students who complete the course will have one year to take the exam independently and obtain the corresponding certification to prove their technical skills.

DEVCORE, an offensive cybersecurity company, is celebrating its 10th anniversary and announced today (January 6th) that it will be expanding its recruitment drive, calling on like-minded partners with a passion for cybersecurity to join and strengthen the cybersecurity industry's protective capabilities, becoming an important player in safeguarding cybersecurity in Taiwan and globally. Founded in 2012, DEVCORE's proactive cybersecurity services have broken through the industry's previous perception of primarily defensive operations. Its red team drills, employing a "hacker's mindset" and closely mimicking real attacks with comprehensive attack capabilities, assist large enterprises and government agencies in sectors including semiconductors, finance, transportation, healthcare, and e-commerce to identify potential attacker paths, assess the effectiveness of cybersecurity measures, and mitigate cybersecurity risks. Recognizing the growth potential of the cybersecurity market and red team drill services, DEVCORE is taking this opportunity to announce continued recruitment, aiming to double its team size by 2023. The company will continue to recruit and train red team drill experts, creating a larger, more technologically diverse team to conduct red team drills for Taiwan's key industries. DEVCORE CEO and co-founder Hao-Cheng Weng stated, "Over the past 10 years, we are pleased to see the gradual improvement in cybersecurity awareness among the government and industry, as well as their ongoing assessment of their own cybersecurity capabilities and adjustments to their cybersecurity strategies and priorities. At the same time, we also want to remind everyone that while security providers are accelerating their deployments, hackers' attack capabilities and techniques are constantly evolving. Organizations must test the effectiveness of their own cybersecurity protection, and red team drills are a strong cybersecurity support for businesses." Staying true to its original mission of protecting the world, DEVCORE continues to cultivate new cybersecurity talent. DEVCORE hopes to nurture more cybersecurity professionals in Taiwan who understand "hacker thinking," and further encourage more young people to engage in cybersecurity, thus strengthening Taiwan's cybersecurity protection network. DEVCORE is one of the few cybersecurity teams in Taiwan with world-class research capabilities in attack techniques and the ability to provide offensive cybersecurity services. Driven by a passion for innovative technologies and expertise in cybersecurity, since its founding in 2012, it has not only garnered recognition in major global cybersecurity competitions such as Pwn2Own and the Pwnie Award, but has also identified and reported over 130 vulnerabilities, winning over 25 vulnerability reward programs from major global companies. Furthermore, since 2017, it has been ranked among the top 10 global website hacking techniques for five consecutive years and has been invited to speak at the prestigious Black Hat USA conference five times, frequently taking its place on the international stage. Adhering to the spirit of "giving back to society," DEVCORE expanded its cybersecurity scholarship program in 2022, extending it from Fu Jen Catholic University and National Taiwan University of Science and Technology to all universities and colleges in Taiwan. The "DEVCORE National Cybersecurity Scholarship" aims to help students connect with industry resources and needs, promote community cohesion in cybersecurity, and cultivate a new generation of cybersecurity professionals in Taiwan. Meanwhile, the DEVCORE founding team, whom we met through a cybersecurity exchange community during our school days, has been tirelessly supporting NISRA (Network and Information Security Research Association), a campus cybersecurity club they founded during our student days, for the past ten years. They will also continue to provide support and exchange for various cybersecurity community activities through the 2022 cybersecurity education activity sponsorship program. DEVCORE CEO and co-founder Hao-Cheng Weng stated, "Taiwan has strong cybersecurity capabilities, so how to pass on knowledge and experience to the next generation and how to retain talent in the cybersecurity field are important issues for the future. We hope that through DEVCORE's energy and resources, we can cultivate more cybersecurity talents in Taiwan who understand 'hacker thinking,' and we also hope to encourage more young people passionate about cybersecurity to join the cybersecurity industry, strengthen the cohesion of the cybersecurity community, and lay a solid foundation for Taiwan's future cybersecurity industry."

As enterprise cybersecurity and information security have become increasingly popular topics, companies are considering how to achieve compliant and most effective information security protection. Today (November 23), DEVCORE, an attack-oriented information security company, was invited to participate in a keynote discussion at the "Annual Enterprise Information Security Review Guide" online forum hosted by Microsoft Taiwan and TechCrunch. DEVCORE shared insights on three main themes: risk assessment priorities, reviewing enterprise information security capabilities, and information security talent development. In addition, DEVCORE discussed with Microsoft Taiwan and EY Consulting Services how to help companies build their own information security capabilities and be fully prepared for the ever-changing information security battlefield. ▲DEVCORE CEO Hao-Cheng Weng, Microsoft Taiwan Cybersecurity Experts Technical Department Vice President Yen-Ju Chou, Ernst & Young Consulting Services Senior Manager Chen-Wei Pai, and TechCrunch Editor-in-Chief Yun-Chieh Tsou jointly participated in Microsoft Taiwan's "Annual Enterprise Cybersecurity Review Guide" online forum. AI as a New Cybersecurity Weapon: Insufficient Compliance with Regulations, Prioritizing Risks as a Strategic Focus. The prevalence of black market supply chains and the continued rise in global cyberattacks, coupled with the emergence of technologies and new concepts such as AI (Artificial Intelligence), Deepfake, and Metaverse, have created even more difficult-to-defend attack methods. According to DEVCORE's observations, AI is becoming the latest weapon in the cybersecurity battlefield. Attackers use AI to deploy automated botnets, analyze stolen data, and even use Deepfake videos to conduct social engineering attacks. In addition, for hackers, exploiting human weaknesses such as weak passwords, poor security habits, and cookie settings to launch attacks and gain access control is far more time-efficient and less labor-intensive than finding zero-day exploits. This makes "identity verification" a major threat to cybersecurity configurations. According to Microsoft cybersecurity experts, 98% of attacks are related to identity verification and access control. Faced with the application of AI and new technologies, coupled with larger-scale and meticulously planned attack operations, DEVCORE CEO Hao-Zheng Weng believes that in addition to complying with cybersecurity regulations, correctly assessing and prioritizing risks is paramount for cybersecurity protection. Enterprises should regularly conduct defense priority assessments through red team exercises, penetration testing, and other methods employing a "hacker's mindset" to reduce information asymmetry between attackers and defenders, prioritize the protection of high-value assets, and identify vulnerabilities that attackers can immediately exploit, such as often-overlooked network boundaries, thereby ensuring the accuracy of risk assessments. Weng Haozheng stated, "Taking DEVCORE's customer drill experience as an example, although the company has purchased quite comprehensive cybersecurity equipment and passed multiple cybersecurity audits, the difference in focus between the attacker and defender led to the red team still gaining 97% initial control and 70% core system control during the drill. Compliance does not mean complacency; a highly realistic risk assessment is needed to benefit the company. The company needs to understand what the real risks are, on which assets they occur, the probability of occurrence and their impact, and prioritize its arrangements from the 'attacker's perspective.'" In addition, with the continuous evolution of attack patterns, companies are gradually shifting from a "Rule-Based" to a "Machine Learning-Based" strategy when developing cybersecurity management frameworks. Many companies have begun to use machine learning technology to identify attack behavior and help analyze potential attacks, reducing the inadequacies and limitations of internal personnel in considering defense measures. In response, Weng Haozheng cautioned, "Attack methods will continue to evolve, and they may avoid using previously detected or repeated techniques. While AI may excel in identification, defense, and detection within the five dimensions of the National Institute of Standards and Technology (NIST)'s cybersecurity framework—identification, protection, detection, response, and recovery—enterprises still need to understand the attacker's mindset and regularly practice the defender's response capabilities to effectively assess the effectiveness of cybersecurity protection and comprehensively improve cybersecurity capabilities in terms of 'response' and 'recovery.'" Finally, addressing the issue of a cybersecurity talent shortage, Zhou Yanru, Vice President of the Cybersecurity Experts Department at Microsoft Taiwan, suggested, "Enterprises often only bring in cybersecurity talent after an incident occurs. However, cybersecurity talent should be incorporated from the early stages of digital transformation, instilling a sense of mission in them and cultivating a cybersecurity mindset among all employees." Pai Chen-wei, Senior Manager of Consulting Services at Ernst & Young, pointed out, "Cybersecurity skills and knowledge span numerous fields. Talent must simultaneously understand regulations and international standards, attack techniques and defenses, security control mechanisms, system integration, etc. Companies struggle to find such talent in a short period, which is the main reason for the current talent shortage in the industry. In the short term, external expert consultants can help strengthen a company's cybersecurity capabilities. In the long term, cultivating a company's cybersecurity awareness and talent development is the fundamental solution." Besides finding suitable cybersecurity talent, Weng Hao-zheng shared, "Cybersecurity talent development is also a crucial issue for companies. Cybersecurity personnel can start with 'risk identification,' continuously learning new methods, developing a more complete skill set, and, more importantly, training attackers' thinking, thereby helping companies prepare for risks." DEVCORE...

Cybersecurity chiefs, required by the Financial Supervisory Commission (FSC), have become sought-after high-level talents. How can they grasp current cybersecurity threat trends and allocate cybersecurity resources while maintaining compliance? DEVCORE, an offensive cybersecurity company, was recently invited by Microsoft to the Microsoft CISO Salon. As a white-hat hacker, DEVCORE shared its insights on enterprise cybersecurity risks and resource allocation, and explored optimal cybersecurity investment strategies with Microsoft representatives. Microsoft launched the CISO Salon enterprise cybersecurity team exchange platform program in April of this year, inviting industry professionals to discuss technology, regulations, market trends, and talent development. DEVCORE was invited to be the first external partner to serve as a CISO Salon participant, working together to find the best cybersecurity configuration and improve the cybersecurity capabilities of various industries. Cybersecurity risks are difficult to prevent, and an attacker's mindset can help cybersecurity chiefs achieve twice the results with half the effort. The pandemic has accelerated the pace of digital transformation in industries, making cybersecurity threats more serious than ever before and causing concern for enterprises. The Financial Supervisory Commission recently announced a two-phase requirement for listed companies to establish cybersecurity-related units, prompting large enterprises to start looking for suitable cybersecurity chiefs and developing more comprehensive cybersecurity strategies. DEVCORE, as one of the few "attack-oriented cybersecurity companies" in Taiwan that focuses on research into world-class attack methods and has extensive experience in detection and cybersecurity risk assessment, helps cybersecurity chiefs assess risks and allocate resources with an "attack-side" mindset. DEVCORE CEO Hao-Cheng Weng pointed out at the CISO Salon that the biggest challenge currently faced by enterprises is not the difficulty in complying with regulations or the lack of a strategy, but rather that the battlefield of cybersecurity risks is far larger than enterprises imagine. In the case of information asymmetry between defenders and attackers, enterprises find it difficult to identify key attack areas from the hacker's perspective and implement effective corresponding protection configurations. As a result, undefended areas often become attack intrusion paths, leading to losses for enterprises. DEVCORE CEO Hao-Cheng Weng stated, "When reviewing risks, companies should not merely examine regulatory requirements to select the scope and target of protection, or to purchase cybersecurity equipment and services. Instead, they should comprehensively consider external risk assessment methods such as red team drills and penetration testing to verify the effectiveness of their cybersecurity investments and continuously examine the investment in cybersecurity resources. This includes reviewing monitoring coverage, incident accuracy, and response time to identify unknown risks." Cybersecurity resource allocation is not just about increasing budgets; correctly assessing the scope of risks is crucial. Furthermore, with the increasing frequency of cybersecurity crises, corporate budgets for cybersecurity have become a focus. Most organizations have increased their cybersecurity budgets in accordance with regulations and for sustainable development considerations. However, based on DEVCORE's long-term experience, many companies overemphasize known and existing vulnerabilities in their budget preparation and considerations, neglecting the fact that undiscovered system vulnerabilities can also have a high impact on the organization. Therefore, allocating budgets to external teams with attack capabilities to assist in drills can effectively reduce risks. "Enterprises should recognize that cybersecurity budgets, as a crucial component of maintaining stable operations, should not merely be part of the IT budget, but rather considered from a sustainable operational perspective. Strategic thinking is often more effective than simply purchasing weapons. Enterprises should allocate budgets or make purchases based on actual risks, developing commensurate budget plans through risk assessment to optimize cybersecurity investments. Regarding the scope of risk assessment, a proactive approach can be adopted, starting with a 'hacker's mindset,' using red team exercises to identify potential threat areas in the system, fully optimizing the enterprise's internal risk assessment mechanism, and improving the overall quality of cybersecurity protection," shared Weng Haozheng at the meeting.

DEVCORE, an offensive cybersecurity company, announced today (June 1st) the expansion of its "Cybersecurity Talent Development Program," calling on more ambitious individuals to join the cybersecurity industry and deepen the cybersecurity awareness of young talent. The program aims to cultivate a "hacker mindset" from their school years, enabling them to become crucial members in safeguarding Taiwan's cybersecurity. The pandemic has accelerated the digital transformation of industries, making cybersecurity risks even greater than before. The diversification of services has made information security and risk management a pressing concern for many companies. Furthermore, starting this year, the Financial Supervisory Commission (FSC) has required large enterprises to gradually establish chief cybersecurity officers and dedicated cybersecurity units, integrating cybersecurity into corporate governance. This has brought the issue of cybersecurity talent recruitment and shortages to the forefront. According to a 2021 corporate cybersecurity survey, large Taiwanese enterprises need to recruit an additional 60% of their cybersecurity personnel to meet actual needs. DEVCORE has expanded its "Cybersecurity Talent Development Program" to cultivate a new generation of cybersecurity professionals. Founded by a white-hat hacker team that has exposed numerous international vulnerabilities, DEVCORE focuses on red team training services to penetrate and practically test enterprise cybersecurity defenses, thereby improving cybersecurity capabilities. In addition to continuing to serve as a full-time lecturer and consultant for academic and government agencies to strengthen cybersecurity awareness in Taiwan, DEVCORE has expanded its "Cybersecurity Talent Development Program" specifically for young people. This program includes internships, scholarships, and community support, comprehensively enhancing the cybersecurity skills of the next generation. DEVCORE CEO and co-founder Hao-Cheng Weng pointed out: "With frequent cybersecurity incidents, the establishment of relevant regulations, and the increasing emphasis on cybersecurity by enterprises, the demand for cybersecurity talent in Taiwan has increased dramatically in the past two years. However, information security or cyberattacks involve a very wide range of aspects, and cultivating talent is not easy. In addition to the management positions and 'defender' talents that are more familiar to the public in the past, enterprises now need to understand hacker attack methods to deal with the ever-evolving attack patterns. We hope to cultivate more 'attack' talents in Taiwan who understand 'hacker thinking,' can simulate hacker attack scenarios, and identify potential cybersecurity risks through expanding talent training programs." Starting from campus, DEVCORE uses hacker thinking to cultivate cybersecurity capabilities in young students. The founding team of DEVCORE has been passionate about cybersecurity research since their student days. They hope to inspire more young students who also have a passion for cybersecurity during their studies, and also hope to cultivate more "attack-oriented" cybersecurity talents with hacker thinking in Taiwan. DEVCORE is launching its first-ever internship program this year, with experienced team members serving as mentors. The program focuses on "vulnerability discovery" and "attack technique research," allowing students to identify potential attack surfaces and weaknesses, and to delve into past vulnerabilities and recent emerging vulnerabilities and attack methods. This process hones their thinking skills, provides real-world testing experience, and helps them gain practical experience. In addition, DEVCORE continues to offer the "DEVCORE Cybersecurity Scholarship" to its founding team's alma maters, Fu Jen Catholic University and National Taiwan University of Science and Technology. Students must explain their motivation and journey in learning cybersecurity and submit their research or competition results. Selected students will receive research grants of up to NT$10,000. Applications are now open. This initiative aims to give back to their alma maters and encourage more young people to actively engage in cybersecurity research during their studies, laying a solid foundation for their future careers in Taiwan's cybersecurity industry. Hsu Chia-lien, Chair of the Department of Computer Science and Engineering at Fu Jen Catholic University, stated, "With the ongoing pandemic, all industries are facing manpower shortages, urgently requiring outstanding science and engineering professionals to address the talent gap. Fu Jen Catholic University's Department of Computer Science and Engineering upholds the spirit of 'truth-seeking' and 'pragmatism' in its educational philosophy. We are delighted to see the contributions of our outstanding alumni to the cybersecurity industry and thank them for their continued support of their alma mater and their encouragement of future generations. Our department has always emphasized cultivating students' academic research and immediate employment capabilities. We also hope to have more opportunities to collaborate with Dave Cole in the future, helping more students to solidify their aspirations during their studies, unleash their 'hacker spirit,' and continue to contribute to and give back to society even when the future is uncertain, making Taiwan's cybersecurity talent a pillar of the global cybersecurity system." Cha Shih-chao, Head of the Department of Information Management and Director of the Center for Information Security Research and Teaching at National Taiwan University of Science and Technology, stated, "Information security is one of the hottest industries today. It requires time and money to master different technologies in order to shine in this industry. Scholarships can play a crucial role, allowing students to focus more on their studies. I am very moved by Dave Cole's active giving back to his alma mater and his juniors, creating a positive cycle. Resources are hard-won, and I hope that students aspiring to information security will not only strive for scholarships to enrich themselves but also actively learn from Dave Cole's outstanding seniors to build their own expertise." Starting with an attack-oriented mindset, he has become a highly sought-after member of the DEVCORE team. He also actively participates in and organizes various communities and is currently a core member of the Taiwan Hacker Association and HITCON (Taiwan Hacker Conference). He continues to support NISRA (Network and Information Security Research Association), a campus information security club he founded during his student days, providing opportunities for exchange with external information security-related groups. He firmly believes that uniting the power of Taiwan's information security community can drive overall industry innovation. DEVCORE also announced today that it will provide long-term sponsorship for cybersecurity education activities, funding various events for cybersecurity-related communities and organizations, hoping to reduce the knowledge gap in cybersecurity and continuously promote information security awareness and skills. NISRA instructor Mei Xing stated, "DEVCORE..."

Last year, after discovering a vulnerability in Microsoft Exchange Server and winning the Best Server Vulnerability award at the Pwnie Awards (often referred to as the "Oscars of cybersecurity"), DEVCORE today (January 12th) shared its philosophy behind services such as Red Team Assessments, emphasizing its aim to help enterprises build adequate system security mechanisms through hacker attack ideas. DEVCORE co-founder and CEO, Hao-Zheng Weng, stated that many enterprises' security concepts are often based on purchasing external security solutions, neglecting vulnerabilities that arise during actual system operation. This makes them vulnerable to external attacks, leading to data theft or even greater damage. DEVCORE believes that by using the same attack methods as hackers to infiltrate enterprise systems, it can more directly and effectively help enterprises identify security vulnerabilities and improve their protection capabilities without affecting business operations or data security. Therefore, through Red Team Assessments and penetration tests, enterprises can discover vulnerabilities early, avoiding being overwhelmed when facing actual attacks. Weng Haozheng stated that building defenses through attacks has always been the core spirit of DEVCORE, and he also believes that only through continuous attacks and vulnerability discovery can true security protection methods be found. ▲From left: DEVCORE Co-founder and Red Team Director Xu Fukai, DEVCORE Co-founder and CEO Weng Haozheng, DEVCORE Co-founder and Support Team Leader Lai Weiting, DEVCORE Co-founder and Senior Project Manager Xu Nianen. Founded in November 2012, DEVCORE has been assisting industries with high cybersecurity requirements, including government agencies, finance, semiconductors, e-commerce, and healthcare, in reviewing the adequacy of their security protection through high-quality penetration testing services. In 2017, they officially launched red team exercises to further verify enterprises' cybersecurity protection capabilities through practical drills and to discover any additional potential vulnerabilities. Following numerous awards and its assistance in uncovering various enterprise security vulnerabilities, DEVCORE states that nearly 90% of external enterprise systems can be directly penetrated and accessed, and over 70% of core enterprise systems can be compromised and gained control, leading to service interruptions. This underscores the crucial need for practical testing to confirm the actual level of enterprise cybersecurity. However, does the continued discovery and patching of enterprise security vulnerabilities mean DEVCORE will become obsolete? Hsu Fu-kai, co-founder and director of the red team at DEVCORE, believes that while technological advancements will undoubtedly make the network environment more secure, and antivirus technologies and protection solutions will become smarter, even making it harder for new application services and frameworks to generate vulnerabilities, system iterations and updates will still lead to vulnerabilities arising from outdated code, access permissions, and more complex system structures. Therefore, DEVCORE can continue to assist enterprises in uncovering vulnerabilities using a hacker's mindset. Therefore, in terms of how enterprises approach cybersecurity, DEVCORE believes that they should place more emphasis on field exercises and simulated penetration results. In particular, some countries are now intending to use system vulnerabilities as digital weapons, and more organizations are openly or privately acquiring cybersecurity vulnerability information. In the future, it may be even more difficult to imagine the potential impact behind system vulnerabilities.

DEVCORE, a world-class attack-oriented cybersecurity company from Taiwan, announced that it won the "Best Server-Side Bug" award at the Pwnie Awards, often referred to as the Oscars of cybersecurity, at the Black Hat USA conference earlier this year. Orange Tsai, DEVCORE's chief cybersecurity researcher, beat out six other teams from around the world to become the only Taiwanese team to win the award, thanks to his in-depth research on Microsoft Exchange server vulnerabilities. DEVCORE is a world-class attack-oriented cybersecurity company that was among the first globally to discover and report two Microsoft Exchange server vulnerabilities in late 2020. The research team subsequently continued its in-depth research on Microsoft Exchange servers, finding a total of eight different Microsoft Exchange server vulnerabilities. These vulnerabilities, when combined, could form an attack surface that could potentially create a larger-scale threat, allowing attackers to obtain plaintext passwords or even execute arbitrary code without authentication, with a significant impact on enterprises worldwide. This year marks DEVCORE's third nomination and second Pwnie Awards. Back in 2019, they won the "Best Server Vulnerability Award" for revealing vulnerabilities in Pulse Secure and other SSL VPN products, becoming the first team in Taiwan to receive a Pwnie Awards recognition. Furthermore, DEVCORE is currently the only Taiwanese team to have received a Pwnie Awards award. This year, seven significant studies were nominated for the "Best Server Vulnerability Award," including a remote code execution vulnerability in VMware and the PrintNighmare vulnerability affecting the print multiplexing buffer processor in all Windows versions. The Pwnie Awards, often referred to as the "Oscars of cybersecurity," are judged by a panel of the world's most authoritative cybersecurity experts. Each year, they nominate 10 different vulnerability awards, including Best Client-Side Vulnerability, Best Encryption Attack, and Most Innovative Research, with winners announced at the prestigious Black Hat USA conference. It's worth noting that in addition to the "Oscars" recognizing the best cybersecurity research, the Pwnie Awards also recognize outstanding contributions to cybersecurity research...

Regarding Microsoft's recent announcement of patches for the Exchange Server vulnerability exposed by hackers, DEVCORE Taiwan stated that it discovered the vulnerability as early as January 5th and reported it to Microsoft. The vulnerability, designated "CVE-2021-26855" and "CVE-2021-27065," is a zero-day vulnerability, also known as "ProxyLogon." The disclosed "ProxyLogon" vulnerability is a zero-day exploit for pre-authentication remote code execution (Pre-Auth RCE), allowing attackers to bypass authentication steps and compel system administrators to execute malicious files or commands, potentially triggering wider attacks. "ProxyLogon" is one of the most significant RCE vulnerabilities recently disclosed by Microsoft. Adhering to the principle of responsible disclosure, the DEVCORE team immediately reported it to Microsoft on January 5th for patching, preventing malicious exploitation and significant losses for users worldwide. Microsoft subsequently released a security update on March 2nd to address the vulnerability and prevent users' sensitive information from being maliciously attacked. Tsai Cheng-ta, Chief Cybersecurity Researcher and Research Group Leader at DEVCORE, pointed out, "The DEVCORE team published numerous studies on remote code execution (RCE) in 2019, sparking much discussion. The NSA and other agencies even issued warnings to businesses. However, this RCE is still being exploited by many malicious attackers worldwide. The ProxyLogon research project aims to raise security awareness among organizations and prevent advanced persistent attacks (APTs) or breaches by international hacker groups due to vulnerabilities." DEVCORE primarily provides red team exercises, penetration testing, and consulting services with a hacker's mindset, effectively testing the cybersecurity defenses of organizations to improve their cybersecurity capabilities. The DEVCORE research team has previously exposed RCE vulnerabilities in international companies such as Amazon, Facebook, Twitter, GitHub, and Uber. In addition, the team has also conducted in-depth research on email-related solutions including Exim and Dovecot. DEVCORE CEO Hao-Cheng Weng stated, "DEVCORE was founded by a world-class white-hat hacker team. It has a team with high ethical and technical capabilities and continuously adheres to the principle of responsible disclosure. After discovering vulnerabilities in enterprises, it promptly alerts them to patch them as soon as possible, helping global enterprises and organizations to meet the ever-evolving attack patterns and defend against constantly changing threats."