Services What We Do

Cyber Warfare

As experts in Red Team penetration testing and “ethical hacking”, we also have a step up with a background in digital forensics, cyber defense, secure coding, and SCADA (Industrial Control Systems). This allows us to validate your security posture for your website, network, and the attacker's view of your organization using OSINT methodologies...

With industry leading expertise in data recovery (physical and logical) added to years of experience in computer / cell phone / network forensics, our team is as good as it gets. We use the most recent methods and support almost 10,000 different mobile environments along with all of the common operating systems. We also offer OSINT and Socail Media forensics options.

"Trust but verify" - Ronald Reagan or the Russian proverb "Доверяй, но проверяй"

Simple fact is that there will always be risk. If you do not “trust” those you work with, you will over spend chasing ghosts. If you trust implicitly, malicious intent or human error will create damaging “events”. Give those with a need to know enough to do their job, but verify security is not sacrificed.

Penetration Testing / Ethical hacking

These assessments are NOT basic vulnerability scans using tools like Nessus or Retina. They are much much more... Scanners may be employed during an assessment to find low hanging fruit towards the end of the assessment. Our Penetration tests validate your risks from the outside and attempt to exploit the potential flaws found. We simulate real world threats and attempt "malicious" entry through both the physical and cyber world. This means that we use the same tools, methods, and skills the bad guys use every day to compromise companies and governments. The best defense has always been a good offense. This means to be proactive and find your weaknesses before your opponent does.

We offer several options in this tier to help test your security ranging from remote "cyber-attacks" to on-site "infiltration.

  • OSINT / Recon
  • Advanced Persistent Threats (APTs)
  • Denial-Of-Service Exploitation
  • Social Engineering

Identify your weaknesses / Verify your strengths

When you need to establish a security baseline, conduct a quarterly assessment, test a new custom application or the internal audit department requires technical resources, InfoSec Professionals Services is just a phone call away. When our analysis is complete, we will explain, in plain terms the issues we discovered, how to mitigate those issues, and the relative threat they pose to your organization. What are the factors?:

  • Confidentiality - The information requires protection from unauthorized disclosure.
  • Integrity - The information must be protected from unauthorized, unanticipated, or unintentional modification. This includes, but is not limited to:
    • Authenticity – A third party must be able to verify that the content of a message has not been changed in transit.
    • Non-repudiation – The origin or the receipt of a specific message must be verifiable by a third party.
    • Accountability - A security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
  • Availability - The information technology resource (system or data) must be available on a timely basis to meet mission requirements or to avoid substantial losses and ensuring that resources are used only for intended purposes.

Some of the things that are covered:

  • Attempt standard/common vulnerability exploits
  • Denial-Of-Service Exploitation
  • "Backdoor" checking
  • Server/HTTP "Known-Fault" Checking
  • Comprehensive reports
  • Threat-Assessment Consultation
  • Mitigation Consultation

Wep Application Testing

We are constantly bombarded with headlines of huge breaches and many of these leaks were caused by known vulnerabilities or poor decisions. A website or web app is one of the biggest targets a company has. What weaknesses does your web application have? We will test your web app for the OWASP Top 10 vulnerabilities

  • A1:2017-Injection
  • A2:2017-Broken Authentication
  • A3:2017-Sensitive Data Exposure
  • A4:2017-XML External Entities (XXE)
  • A5:2017-Broken Access Control
  • A6:2017-Security Misconfiguration
  • A7:2017-Cross-Site Scripting (XSS)
  • A8:2017-Insecure Deserialization
  • A9:2017-Using Components with Known Vulnerabilities
  • A10:2017-Insufficient Logging&Monitoring

Wep Application Testing

SCADA / ICS / IIoT / IoT control the everything from the Critical Infrastructure to autonomous vehicles to the devices in your homes. Unfortunately many of the devices are vulnerable to cyber attacks and many of those are connected directly to the Internet. We help Identify these types of assets and assess their cyber resilience. Don't let a "Cyber Pearl Harbor" happen because of you.

We test these systems using a few different frameworks including the OWASP IoT top 10.

  • I1: Insecure Web Interface
  • I2: Insufficient Authentication/Authorization
  • I3: Insecure Network Services
  • I4: Lack of Transport Encryption
  • I5: Privacy Concerns
  • I6: Insecure Cloud Interface
  • I7: Insecure Mobile Interface
  • I8: Insufficient Security Configurability
  • I9: Insecure Software/Firmware
  • I10: Poor Physical Security

Computer crime and cyber warfare happens EVERY day.

It is actually worse than that. Individuals, companies, and countries are constantly under attack. There is no down time or time off when it comes to defending against these unrelenting attacks. The proof is shown on the news every day and shown in our Cyber Intelligence Reports. You are responsible for defending yourself. We have the knowledge and skill to make that responsibility a little less daunting while giving you the tools and know-how to combat the villains.

Historical Computer Forensics

"Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information." - Wikipedia

From the forensic acquisition of evidence to testifying in court, we can help you with your computer investigation or analysis needs. These services include:

  • On-site Crime scene Documentation
  • Forensic Acquisition and Imaging of Digital Evidence
  • Expert Analysis of Digital Evidence
  • Reporting and Presentation
  • Courtroom Testimony

Mobile Device and Cell Phone Forensics

Mobile devices have become a staple of todays society. These devices are constantly with us and can contain a plethora of information ranging from phone calls to media to location tracking. This is a treasure trove of data and sometimes the bulk of what you need for your case.

What kind of evidence are you looking for?

  • Evidence Collection: What was on the device?
  • Timeline Analysis: When was the picture taken to message sent?
  • Location Identification: Where was the image taken?
  • Multi Device Correlation: Were the mobile devices in the same area at the same time?

CSIRT Work / Hacking and APT Investigations

Mobile devices have become a staple of todays society. These devices are constantly with us and can contain a plethora of information ranging from phone calls to media to location tracking. This is a treasure trove of data and sometimes the bulk of what you need for your case.

What kind of evidence are you looking for?

  • Evidence Collection: What was on the device?
  • Timeline Analysis: When was the picture taken to message sent?
  • Location Identification: Where was the image taken?
  • Multi Device Correlation: Were the mobile devices in the same area at the same time?

Competitive Intelligence / OSINT

"CI means understanding and learning what is happening in the world outside the business to increase one's competitivity. It means learning as much as possible, as soon as possible, about one's external environment including one's industry in general and relevant competitors." - Wikipedia

Open Source Intelligence / OSINT uses similar resources but the goal is to gather information on a suspect or target. Do you want to know what your competitors or future hackers know about you? Do you want to document the online activity of a suspect? These are the same techniques we use during the reconnaissance process during the attack phase.