Cyber
Security
Experts

We are experts in cyber security and a trusted adviser for the Cyber and Computer Network Operation (CNO) missions. We provide numerous recommendations for improvements to our clients to help prepare and respond to new technological and political realities. We support numerous challenging, mission-critical projects that make a direct impact on our nation’s security and intelligence mission.

We continuously advise our clients on proposed technical landscapes, and leverage our experience and industry trends to propose prototypes on complex systems and non-traditional technologies. We also provide an active voice in project operational planning, cataloging, evaluating available CNO engineering avenues, and advising the client on the feasibility and re-usability for each solution.

Reverse Engineering & Vulnerability Analysis

We have extensive experience with reverse engineering and vulnerability analysis, and we apply skills and techniques developed over decades of supporting the U.S. government's offensive and defensive cyber operations. We provide “systems” reverse engineering, which goes beyond simple software engineering (loading a binary into a disassembler and looking for vulnerabilities). We provide analysis of all aspects/components of a system and how they interact with each other.

We perform reverse engineering, vulnerability analysis, and proof of concept exploit development spans across most operating systems and architecture platforms. We perform both hardware and software analysis utilizing tools such as JTAG debuggers, flash programmers, and a variety of disassemblers. We also utilize tools such as gdb/gdbserver to debug code execution errors on embedded systems platforms and to debug code during vulnerability analysis/exploit development to trace overflow/ROP execution flow.

CNO Software Development

We provide a vast amount of experience spanning the range from traditional software development (C/C++/Java/etc) to the scripting/prototyping (python/bash/ruby/etc) of support tools and/or proof of concepts. We have experience with UNIX kernel internals and or low-level Windows internals and are experienced with Windows and Linux system APIs (POSIX, Win32, Native API).

We provide expertise in socket programming and communication protocols, mobile development, and multi-threaded programming. We have developed capabilities for ARM, MIPS, PowerPC, x64, and x86 architectures. We also bring a strong understanding of exploitation and security techniques to include building ROP chains, defeating ASLR, etc.

Infrastructure & Network Engineering

We provide experience ranging from system administration through network/infrastructure engineering and DevOps. We provide expertise in maintaining operations of a multi-user computer systems, virtual computer systems, and COTS software products. We have experience with products that are leveraged for a virtualized networking infrastructure, and have knowledge of advanced networking concepts and networking design best practices.

Our engineers have experience with system administration, such as provisioning and managing servers, deploying databases, security monitoring, system patching, and managing internal and external network connectivity. We design and develop both the physical and wireless networks, troubleshoot network problems, perform analysis of cyber security vulnerabilities and provide remediation plans for these vulnerabilities. We also provide knowledge of on-premise physical infrastructure and Virtualization technologies including VMWare and VMWare Horizon, as well as knowledge of infrastructure orchestration tools and provide custom orchestration solutions. We have a strong understanding of Infrastructure as Code (IaC), and how to model system infrastructure in the cloud with tools such as Amazon Web Services (AWS), AWS CloudFormation, or Terraform.

Network Analysis & Penetration Testing

We have experience performing network and SIGINT analysis using open source and proprietary tools and databases on both small scale and large scale network components. We provide expertise in fingerprinting and passive collection of configuration attributes from remote devices, as well as characterizing logical and physical networks while analyzing various protocols, metadata, and applications.

We utilize multiple techniques to perform analysis such as penetration testing, including passive/active reconnaissance, enumeration, scanning, sniffing, and reverse engineering to discover vulnerabilities. We perform analysis of networks to identify and assess vulnerabilities, and are experienced with triage and analysis of malware to identify capabilities, persistence and propagation techniques.

Software Testing

We are experienced with automated testing, managing requirements, generating documentation, usability analysis, and manual testing. We are also experienced with methodologies such as scrum, agile, and waterfall.

Our experience with software testing is much more than just requirements verification and quality assurance. Our testers learn to configure test networks to mimic real world environments, to include all supporting software and network hardware: bridges, switches, routers, gateways, servers, and endpoints. They become the end user, and learn the ins and outs of every product/capability that they test. We conduct integration, component and system level testing, and are experienced with source code triage. Our software testers have (or will have the opportunities to learn) the ability to read source code and identify the modules where any issues may exists.