Our Services

Predominantly manually executed to explore attack paths tailored in context of the targeted environment.
Our goal is focused on complete asset take over, identification and risk assessment pertaining to leverageable vulnerabilities, integrated security controls, misconfigurations and overall implementation.
We offer this services against a variety of environments, including that of, but not limited to;

• Web Application and UI
• Web Services
• Application Programming Interfaces (APIs)
• SignalR Channels & WebSockets
• Thick Client Applications
• External Network Perimeter (Infrastructure)

We target organisations, employees and individuals to determine their level of discoverability. Our objective is to obtain information from various resources which could be leveraged for further sophisticated attacks.

Execution of automated test cases in parallel with manual support accompanied by the prime objective to identify, quantify and determine the priority of vulnerabilities impacting the target.

Application layer, binary analysis and local device exploitation. We currently offer this service for Android & iOS only.

We assess the effeciency of your locked down environment through an attempt to escape intended restrictions and escalate privileges. We have experience performing this service across; Citrix containers, restricted shell environments (rShell), restricted operating environments (SOEs) and more.

We seek any vulnerable DNS configuration which may allow unauthorised takeover of subdomains belonging to the target's core subnet or cloud ecosystem.

A real-world simulated cyber attack against any developed environment. These engagements are objective-orientated and our techniques unconventional to emulate apex threat actors. We incorporate attack realism and stealth tradecraft to ensure that your remediations and cyber defence use cases are built from relevant and real-world tactics, techniques and procedures (TTPs).

Offered towards various systems and appliances across implemented infrastructure, as well as, network layer and application layer resources. This includes but is not limited to; firewalls, load balancers, IaaS, SaaS, PaaS platforms, Content Management Systems, Databases and more.

We offer source code analysis to evaluate, review and identify security flaws within your codebase.

Cryptographic hash audits, deterministic modelling and entropy analysis.

An architectural perspective; application, infrastructure and network related controls.

Experienced a breach? We could assist in attack path identification, risk of compromise, malware & persistent access (backdoor) removal.