We're a small, independent security firm made up of dedicated security researchers and engineers.
Our core mission is to drive long-lasting best security practices for companies around the world, stop intrusions, and kill some awesome bugs along the way.


Architecture Reviews

Get an overarching assessment of your behaviors and technology and defend against current and future threats by ensuring best security practices.

Security Assessments

We specialise in security design & reviews, code audits, and blackbox security testing.

Red Teaming

Test your team's incident response readiness and the effectiveness of your security tools before a real attack ever happens with a realistic attack simulation.

Security Training

We offer Secure Development courses, Offensive Security training, Incident Response Readiness teaching, and more.

Capture The Flag

Want to run a hacking competition? We can build and host it with uniquely crafted challenges tailored to your niche and your players.

Research & Development

Whether you're building cutting edge security technology or looking for advanced reverse engineering skills, we're ready to hear more about your tough engineering challenges.

Team Members

Alex Radocea


Alex started in Security by testing firms from an office on Wall St at Matasano. He’s worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify.

Philip Olausson


Philip leads over a decade of experience in computer security. After working as a consultant for Bitnux, he started Programmatic improving the security posture of internet and finance companies.

Dan Bergström


Dan previously worked as a security consultant for Bitsec AB. He specialises in vulnerability research, binary reverse engineering, and exploit development.


Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets


Update: We're happy to announce that our session has been accepted at BlackHat USA 2017. Hope to see you there! We will speak in detail about the inner workings of iCloud keychain and the OTR vulnerability.

Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery Jun 8 2017

About two years ago, Eduardo Vela pointed out that the Navigator Beacon API can be used to exploit "accidentally-CSRF safe" websites. Philip Olausson and I recently noticed Chrome 59, which just shipped, addressed this behavior and we investigated a Flash bypass.

Linux & Cloud Security Operations Training Apr 18 2017

At Longterm Security, we provide training for organizations looking to build up or improve their in-house Security Operations capabilities. Our other trainings include offensive security training which focuses on reverse engineering, vulnerability discovery, and bypassing exploit mitigations.We also have defensive security training for security design reviews, secure coding and testing methodology.

G Suite Security Tips — That One Weird Multifactor Trick to Stop Phishing & Account Takeovers on Your Domain Apr 18 2017

Over the years there have been numerous high-profile attacks that have compromised accounts hosted on Google Mail or the G Suite. There are some highly effective measures that can be taken to help prevent these scenarios. And the most important tip is probably…

Contact us today about working together
Social Media
Call Us

U.S. +1 (914) 623 84 71

Sweden(+46) 0720-04 15 59

Social Media