With a combined total of over 85 years of experience our engineers and scientists have had extensive exposure to the tools and techniques used to compromise networked, stand alone, and embedded systems. Siege Technologies personnel have a broad background in various types of red team testing activities ranging from Commercial to Defense Department applications. The commercial experience they bring with them includes providing remote and trusted insider network and system attack penetration testing for several Fortune 500 companies including a large Wall Street commodities exchange, an automobile manufacturer, and several state and national lotteries. Red team services supporting the Defense Department have taken on a much narrower focus to include the reverse engineering and grey-box testing of both software and embedded systems. Working with one of our partners, Siege is helping to reverse engineer and modify embedded proprietary OEM systems to identify system weaknesses.
Our specific experience supporting customers in this space include:
- System vulnerability analysis
- Commercial, proprietary, and embedded OS/HW analysis
- Reverse engineer commercial embedded network products
- Document proprietary communication protocols
- Fuzzing and black box vulnerability testing
- Local and remote debugging of both user and kernel space to determine exploitability of fuzzing provoked crashes of target systems
- Implementation (images, network traffic, etc.)
- Algorithm analysis
- Theory (channel capacity, channel optimization, etc.)
- Steganography detection (steganalysis)
- Commercial, proprietary, and embedded OS/HW analysis
- Penetration testing
- Remote uninformed network footprint testing
- Reconnaissance to internal system compromise
- Local uninformed un-trusted insider testing
- Identify vulnerabilities available to a common employee
- Intrusion Detection Evasion and Avoidance Testing
- Type I and Type II error testing and analysis
- Wireless and wired protocol exploitation
- MITM, covert interception, covert modification
- Wireless frame injection and encryption cracking
- Remote uninformed network footprint testing
- Proof-of-concept exploit development
- Custom vulnerability demonstration shellcode
- Design custom root kits for targeted embedded systems to demonstrate capabilities
- Target modern system protections
- ASLR, NX-DEP, stack canaries, Safe SEH, HIM, pointer encoding
- Cryptography
- Successful cryptanalysis of custom and standard protocols
- Broke A5/2 for real time streaming
- Broke various proprietary LFSR and permutation ciphers
- Implementation of existing encryption protocols
- MD5, 3DES, AES, elliptical curve
- Optimization of protections and attacks
- Successful cryptanalysis of custom and standard protocols
Our specific experience includes but has not been limited to the following technologies:
- Fuzzing Frameworks: Peach, SPIKE, Sully, custom
- Debuggers: IDA Pro, OllyDbg, Windbg, gdb/ddd, PaiMei (RE framework)
- Target Protocols: Ethernet, TCP/IP, 802.11 abg, DNP3, GSM(GPRS/Edge/3G), ATM, HIPPI, HPNS, Firewire, ST, Modbus, Serial, various CDMA/TDMA, various proprietary
- Network/System Audit: Metasploit, CANVAS, Burp, Nessus, HPing2, nmap, Retina, John, Aircrack, L0phtcrack, Core Impact, ISS Scanner, Yersinia, Shavlik NetChk, Foundstone/McAfee
