Research projects focusing on intelligence and government solutions. Our research capabilities range from analysis and exploitation of known vulnerabilities to identifying new vulnerabilities in target software and developing custom proof-of-concept code.
Our research team is skilled in the following areas
The research team represents the core of our services and is comprised of highly skilled researchers who are in close collaboration with the consulting and delivery teams.
This course teaches common kernel exploitation techniques on modern Linux distributions (x86_x64 architecture and 3.x/4.x kernels). It provides up-to-date information on current kernel hardening implementations and exploit mitigations. It is designed for students already familiar with user-land exploitation who want to play with the heart of the OS and gain fundamental knowledge required to develop reliable and effective kernel exploits.
Even though this course is designed for beginners in kernel exploitation, a number of more advanced topics, such as reliable exploitation of heap vulnerabilities and SMEP/SMAP/KPTI bypasses, are discussed.
This course provides an overview of the Android kernel security describing the Android kernel attack surface and outlining any differences from the upstream Linux kernel. The main focus is on common kernel vulnerability classes and exploitation techniques on Android. The training is hands-on and assumes some familiarity with Linux kernel exploit development.
Kernel exploitation mitigations (Google and Samsung devices) are discussed and several bypass techniques will be presented. The course will also provide some introduction to fuzzing and crash analysis on Android devices.
The digital forensics service focuses on the following key areas
The forensic investigation procedure provides root cause analysis, extent of a security breach and mitigations steps required to contain and eliminate further risk.
Our goal is to help your organisation preserve evidence, limit exposure, and minimise losses after a security breach.
Our penetration testing services include
The outcome is a technical report providing detailed information on identified vulnerabilities with their associated risk ratings and remediation steps required to mitigate these security issues. The remediation steps provide both short and long-term solutions for instant and effective risk-elimination.
We perform detailed manual code reviews combined with static code analysis techniques. The scope ranges from web and mobile applications to operating system components.
Similarly to the penetration testing engagements, a detailed technical report is provided outlining identified vulnerabilities and remediation steps.