RevEng3

What We Do

The idea is to make simple something that’s everything but simple.
Security is not a product — it’s a strategy.
Adapting the strategy to your reality is our business.

Need your assets tested?
Well, let’s do it. Together.
We put the skills, you put your knowledge.
Together we build the strategy.

We grow by sharing.
That’s why we do courses.
We love teaching — because every time we share knowledge, we create.

Security

Doing security since 1998 has given us a broad perspective on what security should be.

Back then, things were simple: there was a big wall.
You were inside the wall? You were trusted.
Outside? Untrusted.
Easy. Especially compared to today —
cloud infrastructures look more like a Möbius strip, and identifying boundaries is a luxury.

We don’t usually do website penetration testing.
We do it only when there’s a cause we believe in — animal rights, research, support for the disabled.
Something that aligns with our ethics.
Otherwise? There are tons of young testers out there sharpening their teeth on every website they find.
Send it to them.

But give us APIs to test.
Give us IoT devices. Infotainment systems. Blockchain backends.
That’s where we get adrenaline.
Let us exploit your systems — at the lowest level.

Coding

Whoever wants to break things must also be able to build things. Sic et simpliciter.
Don’t trust penetration testers who can’t code.

We code. We love to.

Specialties?

• Rust.
• C / C++ / Objective-C.
• Swift.
• Assembly — especially on ARM.

Do you use Python?
Yes… and no.
Python is great for some things — but you shouldn’t end up writing everything in Python.
It gets outperformed by pretty much everything else.

What do we love coding?

• Apps for macOS (sometimes iOS too)
• APIs
• Daemons for your systems
• Security tools

Other Stuff We Do

• Security architectures and designs
  We build things to be broken — then build them better.

• Reverse engineering
  Firmware, binaries, protocols, behavior.

• Compliance support
  We don’t do compliance.
  But if you have an auditor knocking, we’ll help you be ready.
  We make your security posture solid enough to survive a punch — and an ISO 27001 audit.

• Project management
  Only if it’s interesting.
  No daily stand-ups. No bullshit charts. Just technical leadership.

Still curious?

We write often about penetration testing, reverse engineering, security design and more.
You can find it all at blog.reveng3.org.
Take a stroll — you’ll get a pretty good idea of who we are.