Security research and development is key to quality penetration testing, and the core of our identity. With our pentesting services targeted at sophisticated attack capabilities, we're constantly pushing to identify new flaws in customer infrastructure and applications. From AWS security research and reversing web applications to adding to our suite of proprietary attack tools, we're relentless in pushing the envelope. By developing these unique capabilities, we do more than just grow the sophistication of our services - we support the security community as a whole.
The right zeroday vulnerability can bypass multiple layers of protection -- and can provide useful in simulating advanced attackers. As part of our research efforts, we search for vulnerabilities in a range of applications and protocols, providing new attack vectors to sophisticated clients. But you don't need to be a client to benefit from this research; We adhere to a strict Vulnerability Disclosure Policy and work closely with vendors to get risks fixed - improving the security for everyone in the process.
As part of our IoT/Embedded Systems research, we looked at Epson projectors and the proprietary "EasyMP" authentication protocol. As part of this review, backdoor credentials and other vulnerabilities were identified, affecting millions of devices around the world.Read More
With some of the foremost experts in UNIX security, kernel and driver code review has become a core competency. Inspecting the security-hardened IBM AIX Operating System, we found a number of previously-unknown risks, including 3 privilege escalation flaws.Read More
Backup servers contain some of the most sensitive in the organization, often with less monitoring than production systems. To support a major assessment, new attacks were developed against the Unitrends Enterprise Backup Server, highlighting a series of risks in the process. Disclosure and partnership with the vendor has resulted in a more secure product for all Unitrends customers.Read More
While some clients are opting for private cloud hosting, those applications still often have security issues. In this case, the open source Owncloud server was reviewed as part of a larger client engagement. Rhino Security Labs reverse engineered various proprietary functions, identifying authentication and SMB handling flaws.Read More