Our Services
Our Penetration Testing services focus on identifying key vulnerabilities that can be chained
together for circumvention and exploitation and of a customer’s product.
We have over 15 years of customer experience in:
- Reverse engineering proprietary protocols in wireless
- Identifying vulnerabilities and backdoors in low-level System-on-a-Chip (SOC) firmware
- Hands-on hardware hacking by making physical modifications and firmware patching in embedded devices for data extraction and weaponization
- Uncovering edge cases in AI Assistant implementations, reverse engineering machine learning models, tainting data with adverarial attacks and leverage generative adversarial networks to bypass audio, video and facial recognition algorithms and recommendation engines
- Decompiling and altering mobile applications integrated in iOS and Android
- Targetting API integrations with Cloud and microservices in AWS, Azure and GCP
Click a service below to learn more:
Wireless
Our focus is in exploiting communication protocols whether they are proprietary wireless or
Cellular, LTE, ZigBee, Z-Wave, RFID, Bluetooth, BLE, NFC or WiFi.
We test for replay attacks, ease dropping, spoofing, network hijacking, device hijacking, exfiltration of data, reverse engineering the baseband OS, command injection, memory corruption, access to shared memory and cross-channel leakage.
We test for replay attacks, ease dropping, spoofing, network hijacking, device hijacking, exfiltration of data, reverse engineering the baseband OS, command injection, memory corruption, access to shared memory and cross-channel leakage.
Embedded Devices
Our customers want to have a better knowledge and control over the security of their chips and
devices.
For embedded systems, typically we perform penetration testing on IoT (Internet of Things) equipment, smart home / smart city appliances, medical devices and SCADA / Industrial Control Systems. Our Pentration Testing for embedded devices entails the folllowing:
For embedded systems, typically we perform penetration testing on IoT (Internet of Things) equipment, smart home / smart city appliances, medical devices and SCADA / Industrial Control Systems. Our Pentration Testing for embedded devices entails the folllowing:
- Security Architecture Review Documentation is reviewed and discussions are held with key system engineers to construct a high-level security overview of the system and to identify areas of specific interest or concern. Current security strategy is reviewed, including existing anti-tampering features, digital rights management (DRM), secure boot and "chain of trust" procedures, and related concepts.
- Firmware Reverse Engineering and Binary Exploitation Reverse engineering firmware binaries Encryption analysis and Obfuscation techniques in use 3rd party libraries and SDKs Binary reverse engineering and exploitation Debugging binaries to gain sensitive info
- Weaponization - A critical aspect to penetration testing is addressing end-to-end security and interopability of products. After the embedded device is compromised, it is then tailored and weaponized to leverage pivoted attacks against other components in it’s ecosystem. These targeted components can include other IoT devices, control systems, networks, mobile applications and cloud integrations.
AI / Machine Learning
In Machine Learning and AI , penetration testing involves uncovering edge cases in AI Assistant
implementations, reverse engineering machine learning models, tainting data with adverarial
attacks and leverage generative adversarial networks.
Bypass audio, video and facial recognition algorithms and recommendation engines
Manipulating Recommendation engines with regression models
Bypass audio, video and facial recognition algorithms and recommendation engines
Manipulating Recommendation engines with regression models
Mobile Apps
Our Testing includes full interrogation of a mobile application and its associated services (Web
Services & APIs) along with the server hosting those services.
This encompasses:
Mobile application security issues identification and exploitation for Android and iOS –
Platform related security issues, App reversing, Binary instrumentation techniques to
gain sensitive information.
We address API based security issues and test cloud-based and vulnerabilities in the
back-end systems.