Your system isn’t simple, and the attacks that threaten won’t be either.

If you’re like most commercial businesses or government organizations, you have a complex and dynamic system that might be comprised of devices that are networked, stand alone, embedded, or some combination of the three. From Wall Street to the Department of Defense, systems are growing more complex daily—offering new opportunities for asset exposure, vulnerabilities and threats.

Siege takes the typical approaches, methodologies and tools for system testing, and pushes them beyond current standards. By combining over 85 years of engineering and scientific experience with proprietary tools and technology like custom hypervisors, symbolic and taint analysis, and more, Siege is able to provide you with a wide range of red team testing activities.

From providing remote and trusted insider network and system attack penetration testing for Fortune 500 companies to supporting the Defense Department to reverse engineering and grey-box testing of both software and embedded systems, Siege Technologies’ advanced system and vulnerability analysis capabilities include:

System Vulnerability Analysis

1. Commercial, proprietary, and embedded OS/HW analysis
  • Reverse engineer commercial embedded network products
  • Document proprietary communication protocols
  • Fuzzing and black box vulnerability testing
  • Local and remote debugging of both user and kernel space to determine exploitability of fuzzing provoked crashes of target systems
  • Implementation (images, network traffic, etc.)
2. Algorithm analysis
  • Theory (channel capacity, channel optimization, etc.)
  • Steganography detection (steganalysis)

Wireless and Wired Protocol Exploitation

1. MITM, covert interception, covert modification
2. Wireless frame injection and encryption cracking

Cryptography

1. Successful cryptanalysis of custom and standard protocols
  • Broke A5/2 for real time streaming
  • Broke various proprietary LFSR and permutation ciphers
2. Implementation of existing encryption protocols
  • MD5, 3DES, AES, elliptical curve

Penetration Testing

1. Remote uninformed network footprint testing
  • Reconnaissance to internal system compromise
2. Local uninformed un-trusted insider testing
  • Identify vulnerabilities available to a common employee
3. Intrusion Detection Evasion and Avoidance Testing
  • Type I and Type II error testing and analysis

Proof-of-concept Exploit Development

1. Custom vulnerability demonstration shellcode
2. Design custom root kits for targeted embedded systems to demonstrate capabilities
3. Target modern system protections
  • ASLR, NX-DEP, stack canaries, Safe SEH, HIM, pointer encoding

Optimization of Protections and Attacks

For more information on how Siege Technologies’ experienced team can help you determine the effectiveness of your security in a real world, real human cyber attack scenario via penetration testing, contact us today.

About Siege Technologies

Cyber security company, Siege Technologies, was founded in 2009 as an advanced research and development firm. Siege focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.

Free Cyber Security Proposal

Contact us today to receive a free, no obligation offensive-based cyber security proposal.

48

Cyber Security Compromises

2015 alone saw a reported jump of 48 percent in compromises that were reported.

Need More Information? Get in TouchContact Us