Penetration Testing Services
We are vendor neutral and platform agnostic. This means that you get unbiased testing and appraisal of any and every environment. We keep a very clear and level head too. We are not fazed by high pressure situations so we can provide incident response in real-time, when it’s needed.
We’re not swayed by whatever the latest bleeding-edge technology is either, we’ve usually already found a way to break or subvert it, in the same way that hackers do.
We research and test a lot of interesting and complex things
From testing ships at sea, international finance infrastructure, mobile apps for smart toys, airplane systems and avionics, power stations and critical national infrastructure, automobiles and telematics, mobile banking apps, physical security, cloud services, to rail infrastructure.
There’s plenty more, but that should give you the picture! Here’s a few examples…
Financial Services Red Teaming
In one engagement we used threat intel to craft spear phishing attacks using job opportunities.
We cracked the hashes from retrieved hashed passwords. We then got shell on a machine after they executed the payload. We installed persistence, traversed the network and found a server to log into. Following recovery of infrastructure creds we achieved domain admin.
Smart car chargers
Smart domestic car chargers are emerging on to the market.
We investigated the security of several. One stuck out though; probably the least secure smart thing we have ever seen!
Serious Point: If large numbers of chargers can be remotely switched on and off through a hack, the stability of the electricity grid could be affected.
Hacking containerised transport
Want to steal a container full of valuable cargo? Fancy destabilising a ship or hiding arms/narcotics? You need EDIFACT.
This is the plain text messaging system that keeps containers moving around the world.
Tampering with the messages isn’t difficult, though can lead to container theft and serious threats to shipping.
Real Time Unit (RTU) hack
We demonstrated a number of security flaws in a RTU. We reported these to the vendor, who stated that they would only provide a patch to organisations that requested one.
That’s a really odd way of supporting customer security!
RTUs are widely used in remote telemetry and control, though there is functionality crossover with PLCs.
Wireless House Alarms
House alarms with wireless PIRs are surprisingly easy to jam. The comms from the panel to the PIR is only in one direction in the vast majority of consumer alarms. All the burglar has to do is jam the signal and the PIR can’t report that is has triggered – the alarm doesn’t go off.
This can be done with a HackRF software defined radio, though a dedicated jammer could be built from components for as little as $10.