Privately funded information security company based in Australia. We provide highly specialised services that include research capabilities focusing on offensive security.

Zürich - Amsterdam - Sydney

Research
android ios vulnerability research
Vulnerability Research

Research projects focusing on intelligence and government solutions. Our research capabilities range from analysis and exploitation of known vulnerabilities to identifying new vulnerabilities in target software and developing custom proof-of-concept code.

Our research team is skilled in the following areas

  • Operating systems
  • Mobile devices
  • Browsers
  • Hypervisors
  • Remote control systems
  • Post-exploitation persistence

The research team represents the core of our services and is comprised of highly skilled researchers who are in close collaboration with the consulting and delivery teams.

Training
Linux kernel exploitation - x86_64

This course teaches common kernel exploitation techniques on modern Linux distributions (x86_x64 architecture and 3.x/4.x kernels). It provides up-to-date information on current kernel hardening implementations and exploit mitigations. It is designed for students already familiar with user-land exploitation who want to play with the heart of the OS and gain fundamental knowledge required to develop reliable and effective kernel exploits.

Even though this course is designed for beginners in kernel exploitation, a number of more advanced topics, such as reliable exploitation of heap vulnerabilities and SMEP/SMAP/KPTI bypasses, are discussed.

Android kernel security - aarch64

This course provides an overview of the Android kernel security describing the Android kernel attack surface and outlining any differences from the upstream Linux kernel. The main focus is on common kernel vulnerability classes and exploitation techniques on Android. The training is hands-on and assumes some familiarity with Linux kernel exploit development.

Kernel exploitation mitigations (Google and Samsung devices) are discussed and several bypass techniques will be presented. The course will also provide some introduction to fuzzing and crash analysis on Android devices.

oops nonexec
Consulting
Forensics

The digital forensics service focuses on the following key areas

  • Incident response
  • Investigations, evidence collection and recovery of sensitive data
  • Malware sample analysis

The forensic investigation procedure provides root cause analysis, extent of a security breach and mitigations steps required to contain and eliminate further risk.

Our goal is to help your organisation preserve evidence, limit exposure, and minimise losses after a security breach.

Penetration Testing

Our penetration testing services include

  • Web and mobile applications
  • Internal and external infrastructure
  • SCADA and IoT
  • Red team engagements
  • Social engineering engagements

The outcome is a technical report providing detailed information on identified vulnerabilities with their associated risk ratings and remediation steps required to mitigate these security issues. The remediation steps provide both short and long-term solutions for instant and effective risk-elimination.

Source Code Auditing

We perform detailed manual code reviews combined with static code analysis techniques. The scope ranges from web and mobile applications to operating system components.

  • Java / Objective-C
  • C / C++
  • C# / Ruby / PHP / Python / Go
  • Web and mobile development frameworks

Similarly to the penetration testing engagements, a detailed technical report is provided outlining identified vulnerabilities and remediation steps.

Our consulting services aim to provide customisable security assessments and deliver a quick turnaround time.

Contact us
1 Market St, Sydney NSW 2000
ABN: 13634103405