Web Security

Cyber Security Services

We provide business information security. Penetration Testing, Finding Vulnerabilities, Reverse engineering, Developing protection plan, prevent damage.




Penetration Testing

Penetration Testing

Limitation of an attacker's actions (hacker attacks) to determine the current state of the company's information security and assess the effectiveness of the security service’s response and the security tools implemented in practice. Works are carried out with the notice of a security service or without (according to your desire). The actions of the external (hacker) and / or internal (insider) intruder are simulated.

Methods of IT attacks are used:

  • Network attacks
  • Physical penetration
  • Social engineering

As a result, you will recognize vulnerabilities that competitors can use to carry out industrial espionage and what measures need to be taken to eliminate these threats and minimize the risks of information security.

Making Business Secure

IT audit by a security experts: we identify vulnerabilities, create a protection plan, reduce risks and prevent damage. A detailed report on your safety.

  • Professionalism
    Only experts with experience of 10 years or more
  • Support
    Update and control after end of the project - 6 months
  • Unique methodology
    Hybrid Audit Approach with Practical Tricks by Attackers Around the World
  • Own developments
    We automate the work to make it faster and better



Making Business secure

Key Service

Key Services

Web Service Security Audit
Security audit and penetration testing for a Web service. We simulate the actions of a potential attacker, find and help fix all vulnerabilities that could threaten the security of your business. Increase your security without compromising business.

Network Security Audit
Security audit and penetration testing for the company's external network. We imitate the actions of a potential attacker acting through the Internet, the purpose of which is to hack your company and steal confidential information. Find and help fix all vulnerabilities. Increase your security without compromising business.

How we are working

  • We clarify your needs and get access to systems + prepayment of work
  • We do a security it-audit and find vulnerabilities
  • Report presentation, demonstration of vulnerabilities and recommendations + final payment
  • Free vulnerability recheck
  • The average project time is from 1 week to 1 month.

how work?
What do we get



What do you get

  • Competitive attack protection
  • Client base protection
  • Identification of all vulnerabilities
  • Calm for your business

Direction "Security Audit"

  • Penetration testing on the branch network across the country: IT-infrastructure Penetration testing of companies through internet, a physical "pentest" using social engineering, physical "pentest" using hardware tracking, physical penetration inside the protected perimeter.
  • Preparation for PCI DSS: Numerous penetration testing of banks and ASV-scan within the PCI DSS, including foreign ones.
  • Government agencies (Russia): Penetration testing of several federal agencies and their offices in the country.
  • Experience in testing payment systems: External and internal penetration testing major payment systems.
  • Industrial production: IS audit of internal and external networks of production enterprises.
  • IS audits of Web-resources: Testing media sites, e-currency exchangers, entertainment and others.
  • IS Audit of electronic documents: IS Audit of distributed electronic document management system. Audit software, protocols and architecture.
  • IS Audit of electronic documents: IS Audit of the system of state interdepartmental electronic document management. Audit software, protocols and architecture.
  • AntiPhishing: Protection of the American company Invitae from targeted phishing attacks. Employee training and implementation of gamification processes to combat phishing among employees.




Direction Security Audit
Forensics

Direction "Forensics"

  • Abnormal activity: Investigation of abnormal activity in the corporate traffic.
  • Web-resources break: Investigation of incidents of burglary and contamination of web-sites.
  • APT-attack: The investigation of focused and well-organized attacks using malicious ACT.
  • Investigation of intruders PCs: Forensic analysis of hard disks of the attacker, crypt-container autopsy.
  • Investigation: Investigation of a black PR attack on a customer

Direction "Security Research"

  • APT "Flame": The study of "Flame" in the investigation of the IS incident. "Flame" is a complex malware, which is widely used in some countries as cyber weapons.
  • Analysis and development of corporate rootkit: Reverse Engineering of special software for corporate security for covert surveillance for employees.
  • Anti-virus products: Leading antivirus products drivers research for vulnerabilities.
  • Cryptographic software: Security analysis of cryptographic software, the company's market leader in enterprise encryption of traffic.
  • Reverse Engineering Protected Software: Deobfuscating a mobile Android banking app obfuscated by top protection DexGuard.
  • Reverse Engineering Malware: writing a tools for automatic decrypting configs from top malware families like trickbot\dridex
  • Reverse Engineering: PLC firmware reversing
  • Vulnerability Research: some 0days found in popular soft that helps financial institutions detect and prevent malware infections and phishing attacks
  • Vulnerability Research: found fuzzed local code execution exploit in mimikatz dump file format parser
  • Vulnerability Research: a large number of found platform based vulnerabilities in mobile applications from the RU financial sector
  • Vulnerability Research: vulns found in avira, trendmicro AVs that bypasses AV scanning\excluding settings
  • Vulnerability Research: found vulns in SIM Card STK applet to Android OS auth realization
  • ATM Security: reversing interesting ATM jackpotting technique malware
  • ATM Security: Identified 0day vulnerabilities for leading ATM vendors, developed physical-technical vectors of attacks on ATM that are unnoticeable for security and alarm systems






Direction Security Research





Direction Hardware Development

Direction "Hardware Development"

  • Localization of cell phones: Commissioned by the US company we modified The low-end cell phones protection localization for Latin American markets. Research and development counterpart was conducted, phone localization and operator lock were made. The basis of the profit that nobody else in the world could copy our product.
  • Kosher wireless phones: The development of a previous project. The project team worked with George Hotz, known for hacking Iphone and Sony PS3. Creation of ultra-Orthodox Jews phones based on Samsung A157. Phone line with the approved set of religious requirements, for example - cannot send and receive SMS. Phone received official kosher certification from Rabbi of Israel. At the moment no one could copy solution. For sale in Israel and Germany.
  • Development of GSM-modules analogues: Commissioned by the Chinese company was there was a research and a gsm-module firmware analogue on the base of Infineon E-Gold was developed. It Was also created a hardware-software system for testing and calibration of new modules. Production facilities are located in China.
  • Development of control unit X-DAQ analogue: Capture and digital X-rays card for screening equipment. Sharing protocols copied, component base completely changed and updated. Created testbed for emulation of X-ray sensors and control of electrical parameters of produced modules. The interface board is fully analogous to X-DAQ and requires no software modifications.
  • Russia, Kemerovo. The system of collecting sensors from gas pipelines. Development of hardware and software, implementation of the CAN protocol.
  • Russia Moscow. Development of bank security keys. Prototypes, software. Preparing for serial release.
  • Russia Moscow. Development and production of an experimental batch of a meteorological station for a roof anti-icing system. Hardware, software, testing and certification.
  • Saint Petersburg, Russia. Development of software RFID readers 125KHz. Hardware, software, preparation for serial production.
  • Singapore. Development of a BLE base station, labels with a screen and a barcode scanner. Hardware, software, preparation for serial production.
  • Singapore. Development of tags for tracking baggage of a large hotel chain. Hardware, software, preparation for serial production.
  • Singapore. Development of wi-fi weight platforms for inventory accounting. Hardware, software, data acquisition daemon, preparation for serial release.
  • Singapore. Development of SoM modules with Linux. Hardware, drivers, preparation for serial release.