We will audit your source or binary code and attempt to find bugs and reliability issues. Problems we come across frequently are memory corruption in file format parsing, bad homebrew/non-existent crypto usage, no user sanitization allowing for Cross-Site Scripting or insecure database accesses, and bad/no permission handling. We also make use of fuzzing, writing our own fuzzers as well as making use of third-party fuzzing frameworks (afl, KLEE, angr)
We will take a compiled program and give you as much information about the program as possible (how it was built, algorithms in use, protocols in use, etc). We use this information to help us develop re-implementations for compatibility issues or provide a report describing the code flow of the system for your own uses. We also write custom disassemblers and code analysis tooling for your needs.
We will take a URL, IP address(es), and attempt to gain access to the system. Compromise usually take place through vulnerabilities found through black box auditing of a URL, or from exploiting known vulnerable network services. If source is provided for any of the targets, coupling this service with a Code review is most beneficial and appreciated. If internal access is granted, we will take a look at your Database, firewall, IDS/IPS, microservices configurations.
We develop Python web applications (Django, Flask), Javascript web and mobile apps (Ionic, React.JS). We also do C/C++/x86 developement for userland/kernel code. We will also write customers disassemblers and fuzzers. Web scrapers in Python are a common request, as well as automation tasks with Bash for server administration work