Allow us to introduce ourselves

It all started with a closet full of old computers. They looked like the laptop version of the zombie apocalypse. We had this crazy notion to vulnerability scan the entire freaking Internet and publish the results for free -- because that’s the sort of thing we think up on a Tuesday -- and we were going to use a Hadoop cluster to do it. That zombie hoard of laptops became our first Hadoop cluster, and that crazy idea became our first open source project, PunkSPIDER.

Hyperion Gray is a small research and development company focused on web security, software development, distributed computing, and any combination thereof. Full disclosure: We're slightly off. We color outside the lines and put the square peg in the round hole. We like to come up with ideas and solutions that push the boundaries of the status quo. We don't just think outside the box -- we don't even *see* the box. Work with us and you'll see what we mean. :)

Our Work

Click on the images below to learn more about our projects

Close Project


ShmooCon 2013

Alejandro Caceres, owner, founder of Hyperion Gray, had the honor of speaking at ShmooCon 2013, where he unveiled his personal open source PunkSPIDER project to a great crowd. They provided some great feedback on the project and even laughed at some of Alex's jokes! You can watch the video of the talk below. Wait 'til you find out what the angry Iranian man is all about...

ShmooCon 2014

So we were over the moon about getting a talk at ShmooCon, but then Alex got accepted to be on the Closing Plenary panel at ShmooCon 2014, moderated by Bruce Potter himself! ::swoon:: If you weren't able to make it to the con this year, you can watch the closing panel here. Let's just say it was wholly entertaining. Where else but ShmooCon can you get a scan of the entire Internet in record time, a real time screenshot of someone typing "porn" into Google, and a fiery defense of American-made nipple covers all on the same stage?? Oh, and of course there's an interesting discussion on the ethics and legalities around mass scanning the Internet.

Close Project


We were selected for two talks at DEF CON 21. If you've never been to the con, you should. It. Is. Awesome. You can watch both of our talks right here!

Conducting Massive Attacks With Open Source Distributed Computing

The Massive Attacks project came about when Alejandro was surreptitiously accused of building a "cyber weapon" with PunkSPIDER and, after giggling to himself a little bit, thought, "Hey, what would a mass scale distributed cyber weapon actually look like?" So he went about creating the PunkCRACK and Mr. Injector tools. He threw his hat in the ring to speak at DEF CON 21 and, holy crap, was accepted. This talk demos these two proof-of-concept tools and discusses the theoretical repercussions of distributed cyber weapons.

Web 3.0: website mapping and vulnerability scanning in 3D

This talk was based on our DARPA Cyber Fast Track (CFT) project, whiched we audaciously named Web 3.0. The project came about when a fellow developer, Teal Rogers of Trinary Software, saw Alejandro's PunkSPIDER project on KickStarter. He contacted Alejandro, they soul-gazed via Skype, and then decided to go after a DARPA CFT together. Since the program has, sadly, come to an end, we were thrilled to have been accepted to the last round of awards AND get accepted to speak at DEF CON about it.

The idea of the Web 3.0 project was to create a powerful yet beautiful, intuitive 3D view of the Internet that shows interconnections between domains while also showing which pages within a domain contain vulnerabilities. The interface is designed to give the user an experience of "flying" through 3D space as they navigate their domains of interest, just like in the movies but for real. We developed a proof of concept model for the CFT, and we're currently devising plans for the future of the Web 3.0 concept.

Close Project

Research and Development

In addition to our con talks, we actually do real work. Really! We are currently performers on the super cool DARPA Memex program You can read our full press release here.

In 2013 we were performers on the DARPA Cyber Fast Track program.

We are also doing some funded research on home router security under the Comcast Tech Fund.

We occasionally do freelance development work and any cool research projects we can get our hands on.

More About Us

We're a small software development company focused on innovative research in a variety of areas. Our backgrounds are as hackers, pen testers, developers, engineers, security researchers and intel analysts. We spent some time in the infosec services world but we just aren't cut out for business suits and trade shows.

So, we decided to start Hyperion Gray as a way to develop and release our open source projects -- a tough business model, we admit, but we love it. We get to think up crazy ideas and make them happen without anyone telling us we can't, and we still get to tell our parents that we have real jobs -- with business cards and everything!

Our goal is to continue to apply disruptive research and development to solve hard problems in whatever fields interest us. We don't want to grow into a billion dollar company or anything; we're small but immensely talented and we like it that way (hey, we already told you that we're slightly off). We want to create and maintain an intellectual space where we can be free to create revolutionary solutions to complex problems, without the distractions of board meetings or stock prices. If you want to love what you do, do what you love, right?


In addition to the folks listed below, we also have a roving group of incredibly talented people whom we call upon as needed. We all wear matching rings and assemble like super heroes. It's awesome.

    Alejandro (Alex) began his hacker journey at the ripe young age of 15, causing minor (read: probably not illegal) trouble on AOL. While studying Physics in college, he learned all about how distributed computing could help with massive simulations of scientific problems in heavy ion collisions, and he's been in love with distributed computing ever since. Upon entering the real world, he spent a few years working in the information security field. But late at night, when no one was looking, he would play around with distributed computing, and he began applying it to web app hacking, thus effectively combining two of his favorite things.

    He originally started Hyperion Gray as a venue for releasing his open source stuff, but it picked up speed and eventually he decided to leave his day job to focus on Hyperion Gray full time. We think he made the right decision.

    Amanda began her career as a geopolitical intel analyst (think pirates and terrorists and rebel groups and such), and a few years ago she incidentally fell into the world of software development. She's glad she did -- it's fun here! Her official title at Hyperion Gray is "Queen Overlord of All Things Business-y" but she is also the project manager, the accountant, the coffee and tea maker, the make-sure-you-eat-something-er, the are-you-sure-you-want-to-do-that-er and the all-around do-whatever-needs-doing-er (like building this website...). She does pretty much everything but write code, although she will probably do that too eventually.

    Tomas joined our team very early on and we don't know where we would be if we hadn't (we don't like to think about it...). He has supported us on the PunkSPIDER project since the beginning and was fundamental to getting it off the ground. He is a highly skilled (understatement) Java and Python guru and is also well-versed in distrubuted computing technologies like Apache Nutch, Solr, Hbase, Hadoop and Hive.

    We can't neglect to mention all of the people who have helped us along the way on our great adventure here. This includes our families who've supported us leaving our stable day jobs to do what we love, the companies who believe in us enough to team up with us, and the hacker community, which has been an integral part of Hyperion Gray from the get-go. From the developers who've contributed to our projects, to folks who've put our stuff to good use, to the people who supported us on KickStarter, to the journalists who write about us, and the tons of people who've visited our sites, blogged about us, told your friends about us or re-Tweeted us -- THANK YOU for your support! We're so glad that you've come along for the ride. We take your input and feedback to heart and we hope you stick with us as we continue to grow up.


Here are a few articles about us and our projects. If you see any more floating around the web -- or if you write one yourself -- be sure to let us know so we can add it here!

Most recently our DARPA Memex work was highlighted in a couple of Forbes articles, here and here. The story was also picked up by nakedsecurity and BizJournals.

Here's an article in The Register about our DEF CON talk on massive attacks with distributed computing. Zombie PCs are for crimelord chumps: Fear clusters, says infosec ace.

We got a post on Slashdot about Web 3.0. We love poking the bear just a little bit -- it's fun! DEF CON Hackers Unveil a New Way of Visualizing Web Vulnerabilities.

And here's another article called Hadoop 101 on where Alex is cited as an expert source on Hadoop. Yep, that's right, an EXPERT! He's been wearing his wizard's hat ever since...

If you are with the media and are interested in covering any of our projects or just chatting with us in general, send an email to and we'll be happy to talk your ears off.


Grayed Out

Yes, we have a blog, but no, we're not bloggers. We mainly use it to communicate about new releases, give you a backstage view of our conference talks, and occassionally muse on things of our interest. Also, having a blog is an official business requirement these days, right?