Malectrica Logo

Your Cybersecurity Partner

Protecting your digital assets with cutting-edge technology.

Learn More

Our Services

Bug Bounty

Our members have found sophisticated chains. And bugs in websites you've almost definitely used. Feel free to invite us to private programs.

Pentesting

We will audit an asset, and report to you all security issues we find. Whether it be outdated versions, bugs in custom code, misconfiguration etc.

Tool Development

Malectrica pride ourselves on our innovative tooling. In everything we create we seek to stand out. Our tooling is FOSS and available mostly via github and PyPi.

SE Training

We will audit a set of employees to assess their awareness around SE campaigns. Then demonstrate how to detect deceptive interactions.

About Us

With several decades of combined experience. Malectrica is an organisation founded on the principals of innovation.

Malectrica pride ourselves on our innovative tooling. In everything we create we seek to stand out.

This same creativity focussed ethos extends to our security research work, where we use it to find obscure chains and escalate impact.

Team Member

Witchdoc

Co-Founder

Team Member

Proleetariat

Co-Founder

Blog

Latest in Cybersecurity

Stay updated with the latest trends and tips in cybersecurity.

Bugs We Found

Affected Company Logo

Fixed Race - a Foxycart chain

[redacted] -> [redacted] . Leading to [redacted] .

View Report Read Blog

Our Profiles:

Bugcrowd

Tools and Packages

Rainbownator

Multi threaded hash cracker with support for md5 and sha. Generates sqlite dbs to act as rainbow tables on first run through a wordlist. On every following run the rainbowtable will be used for near instant hash retrieval.

More Details Download

SUnami

0 interaction privesc is always desired but not always achievable. For this reason, we have created a tool for the most trivial non-0-interaction privesc in history (with a few drawbacks). This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred. It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background. This does mean you will need to wait for sudo to be executed.

More Details Download

BrowserBrute

Online bruteforcing tool based on selenium.

More Details Download

Balsamic

Balsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client we will add more payloads but for now we just execute shell commands, via the oscmd payload.

More Details Download

Contact Us