Est. 2014 — Geneva, Switzerland

Beyond Standard
Cybersecurity.

Specialized offensive research, hardware hacking, 0day development, and critical infrastructure defense. Serving government entities and corporations requiring absolute discretion.

Initiate Consultation View Capabilities

Operational Capabilities

From high-level logic to transistor-level analysis.

Offensive Security & 0day R&D

Development of custom offensive tools and fully working exploits for authorized agencies. Research into 0day vulnerabilities across software stacks. Standard penetration testing and source code review (PHP, Java, NodeJS, Python) delivered with researcher-grade depth.

  • Exploit Development
  • Source Code Audit
  • Network Assessment
  • Red Teaming

Embedded & Hardware

Security testing for IoT, routers, and appliances. Low-level analysis including chip-off memory dumping, glitching (CPU/Power) to bypass hardware protections, firmware extraction, and side-channel evaluations (SPA/DPA).

Radio Frequency (RF)

Analysis of unknown air-wave protocols and crypto cracking. Resilience testing against jamming attacks. Reverse engineering RF stacks to surface logic flaws and exploitable bugs.

Defensive Engineering & Forensics

Post-disaster recovery and forensic analysis to trace attack vectors, remove backdoors, and recover from ransomware events. Secure network architecture design, WAF configuration, and firewall planning for maximum resilience.

  • Incident Response
  • Ransomware Recovery
  • Forensics
  • Architecture Design
Confidential Research

Innovative Vectors & Protocol Analysis

Research is the backbone of Hacking Corporation. Beyond standard assessments, I conduct deep-dive research into protocols and infrastructure.

Case Study: GSM Interception. Developed a fully operational fake Base Transceiver Station (BTS) coupled with a fake Mobile MS (phone), leveraging multiple open source projects. By cracking the A5/1 encryption key in real-time and replaying it on the real network, I demonstrated the ability to intercept requested SMS messages (specifically OTPs), enabling account hijacking of major platforms like Facebook, X and Gmail; the attack was later presented at multiple security conferences.

GSM interception tooling setup
GSM interception lab

Case Study: Swiss Transport Ticketing. Reverse-engineered the payment protocol used across Swiss cantons (e.g., Geneva, Vaud, Fribourg): a vulnerability made it possible to purchase tickets for CHF 0. Built a homebrew smart card with custom MCU firmware and hand-soldered electronics, reconstructed the protocol from low-level signal captures on the bench, and produced a PoC as simple as inserting the card and “paying”; findings were presented to Transports Publics Genevois (TPG) and the smart-card provider (IEM Group).

Smart card analysis for transport ticketing
Swiss transport ticketing analysis
// Additional research subjects are classified under NDA.
Selected Public Work

Publications

Hand-picked public references; detailed reports and additional cases remain under NDA.

Most findings and operational tooling remain private under NDA; this is a small sample from what went public.
CVE-2003-0109 · Exploit Dev
View exploit View CVE

IIS 5.0 WebDAV ntdll.dll overflow

Authored one of the first public, full-source exploits for this vulnerability within 18 hours of patch release—using dynamic runtime offset discovery inspired by virus-scene techniques.

SQLi · 2007
Read advisory

FuseTalk autherror.cfm SQL Injection

Bugtraq disclosure describing unsanitized error handling leading to data manipulation in FuseTalk forum software (Fastcom SA / Ivan Almuina).

CVE-2015-1188 · Remote
Read advisory

Swisscom Centro Grande (ADB) – Authentication bypass

Incorrect authentication in the HNDS service exposed management functions; chaining bugs enabled remote root shells on Swisscom customer routers. Reported to Swisscom CSIRT by Ivan Almuina (Hacking Corporation Sàrl).

HCA0005 · WiFi
Read advisory

Horizon HD default WPA2 key weakness

Liberty Global set-top boxes used predictable SSID-derived WPA2 passphrases; default Wi-Fi keys were recoverable offline in seconds. Proof-of-concept validated and patch coordinated.

CVE-2024-26199 · EoP
View CVE

Microsoft Office elevation of privilege

Improper link resolution (CWE-59) in Microsoft 365 Apps for Enterprise, patched March 2024; CVSS 7.8 with high confidentiality and integrity impact.

The "One Man Army" Advantage

Absolute Confidentiality

In this industry, the more people involved, the higher the risk. I am the sole handler of your case. No juniors, no outsourcing. Your data never leaves my encrypted environment.

20+ Years Experience

Active in cybersecurity since 2003. Founded Hacking Corporation Sàrl in 2014. My expertise spans from legacy systems to modern cloud architectures, bridging the gap between hardware and software security.

CTF Track Record

Played with Routards (FR) and Sexy Pandas (ES); 2nd place with Routards at DEF CON 18 CTF in Las Vegas.

Handle: kralor

Known online as “kralor” (author#1/exploit#1); gained early notoriety circa 2003 for releasing a detailed 1-day exploit for IIS 5.0 WebDAV (CVE-2003-0109).

Forensics Recognition

Winner of Honeynet Project Forensic Challenge #1 (PCAP Attack Trace), ranking first with a full trace reconstruction and attack narrative.

Foundational Certifications

Early career milestones include earning CCNA and CISSP, grounding offensive research with solid network and security fundamentals.

Secure Collaboration

Available for remote global contracts or on-site operations in Geneva/Carouge.

Carouge, Geneva

Switzerland

contact@hackingcorp.ch

PGP Key available below

+41 76 615 66 79

WhatsApp/Threema/Voice

PGP Fingerprint

2233 3BCF 48A2 00EC 464B 5AC5 2D7A E52B C1B3 0A30
Download .asc

Services

© 2014—2025 Hacking Corporation Sàrl. All rights reserved.

CHE-148.056.382 Geneva Registry