xen1thLabs conducts vulnerability research, which feeds in the testing and validation activities it conducts across software, hardware and telecommunication. xen1thLabs houses a team of world-class experts dedicated to providing high impact capabilities in cyber security. At xen1thLabs we are committed to uncovering new vulnerabilities that combat tomorrow's threats today.


Software Fuzzing

Closed-source and open-source fuzzing of grammars, file formats, and network protocols to help discover deep vulnerabilities that are undiscoverable by traditional security testing methods.

Reverse Engineering and Binary Analysis

Reverse Engineering and Binary Analysis: Reverse engineering and binary analysis on a wide range of architectures and operating systems. We identify vulnerabilities using cutting-edge binary analysis techniques, including control flow graphs, instrumentation, symbolic and taint analysis.

Source Code Analysis

Combining software security expertise with static and manual analysis of source code to verify the effectiveness of the existing security controls, identify security risks, and software vulnerabilities in any number of programming languages.

Embedded Software Security

Assessment of the design and implementation of firmware and applications to find possible remote code execution, privilege escalation, and information disclosure vulnerabilities. We provide research on embedded systems and binaries to discover new vulnerabilities and improve existing security assessment tools.

Mobile Security

Security assessment of mobile operating systems and applications to identify critical vulnerabilities and provide remediation to protect users.

Hardware Security Assessment

Thorough hands-on assessment on various hardware vulnerabilities, such as exploitation of debug feature, tamper assessment, firmware dumping and analysis, and bus probing.

Hardware Reverse Engineering

Systems analysis and reverse engineering of circuits and components.

Biometrics Security Assessment

Complete range of security assessment methodologies to evaluate a wide variety of biometric systems (e.g. fingerprint, iris, voice, face).

Supply Chain Security

Combining innovative new testing methods with a complete range of process validation activities, ranging from site audits, over manufacturing process and logistics chain review to background checks of key personnel, we raise your assurance against counterfeiting, over-production, and hardware trojans.

Side-Channel Analysis

Deep analysis of weaknesses in hardware using various side-channels, such as timing, power, electromagnetic emanation (EM), and micro-architectural (SPECTRE, MELTDOWN, FORESHADOW).

Fault Injection

Comprehensive assessment of fault tolerance from voltage and clock glitching over EM fault injection and Laser fault injection to remote fault attacks like ROWHAMMER.

IC Invasive Analysis

Using our innovative equipment, we provide assessment of vulnerabilities inside an IC, from IC reverse engineering to micro probing and circuit editing.

Telecommunication Networks (from core to end users)

Comprehensive analysis of emerging threats against cellular networks (RAN and core), fiber and critical infrastructure.

Radio, Audio & Video Security

Advanced practical attack and defense analysis of threats related to jamming, eavesdropping, relaying, replaying, spoofing and deep-faking against all kinds of signals.

Emissions Security and Technical Surveillance Counter Measures

Hardening of systems and secure compartmented information facilities to avoid Compromising Emanations and, conversely, deep monitoring of such environments to detect and protect against intentional interference.

Advanced Signal and Protocols Analysis

Cutting-edge equipment and skills covering all layers from signal processing to application protocols to offer comprehensive security expertise in synergy with the Hardware, Software and Crypto laboratories.

Protocol Verification

Formal verification of cryptographic protocols based on SAT-solvers and symbolic models.

Cryptanalysis of non-standard Algorithms

Checking NIST / FIPS requirements for newly implemented cryptographic primitives and protocols.

Protocol Cryptanalysis

Using different techniques to identify weak S-BOXs, padding problems, differential and linear approximation possibilities.

Design & Architecture Review

Security review of existing systems and infrastructures in accordance with international standards.

Source Code Review

Reviewing implemented cryptographic protocols, pseudo-code and source code comparison.

PRNG Test

Entropy analysis and practical Statistical tests in random number generation.

Kleptography & Backdoors

Identifying hidden backdoors in cryptographic algorithms using unique methodology.

Steganography

Detailed analysis of possible concealment of a file, message, image, or video within another file, message, image, or video.

MITM Attacks

Practical man-in-the-middle attacks and downgrade attacks on modern protocols.

R&D

Researches on modern cryptographic schemes, such as lattice based cryptography, Elliptic curves, homomorphic encryption.

Distributed Ledger Assessment

Comprehensive analysis of the cryptographic strength of various distributed ledger methods, from Blockchain and Hashgraphs to Directed Acyclic Graphs and Holochains

Incident Response

The xen1thLabs incident response team assist organizations to identify, contain, eradicate, and resolve cyber incidents that threaten your environment, intellectual property and ongoing business operations. Purchasing a retainer, organizations have 24x7 access to the xen1thLabs team, we complement our incident response service with digital forensics and malware analysis to better understand the attack and provide sound recommendations that allow you to protect for the future. In addition xen1thLabs also offer cyber incident response readiness planning and capability assessments to arm organizations with the correct tools, visibility and procedures they need before they are breached.

Threat Assessment

We identify the threats others miss, by proactively hunting for threats within networks and systems to identify if attackers are active in your environment or have been in the past, where traditional rule based security solutions have failed to identify the threat.

Continuous Threat Hunting and Response

Threat hunting significantly decreases the time an active threat within your environment can remain undetected. Utilizing the expertise of xen1thLabs professional consulting services, businesses are empowered with holistic detection and response capabilities for a fraction of the cost of building threat hunting, incident response, and forensic teams. We do this by implementing of tools to enhance environmental visibility and facilitate threat detection, combined with an allocation of hours for regular scheduled threat hunts by the xen1thLabs team. In addition, an incident response retainer with 24x7 hotline access is also included, to cover the containment, eradication of the threat, and recovery of your environment.

Digital Forensics

xen1thLabs provide a comprehensive array of digital investigative services following industry standard best practices for investigating the root cause of cyber security incidents. We investigate cases involving all operating systems, including the forensic analysis of iOS and Android based devices. All of our forensic investigators are certified by industry leading certification bodies.

Malware Analysis

A team of reverse engineers can be engaged to perform analysis on files that are suspected to be malicious in nature. The analysis will identify the functionality of a potentially malicious sample, an overall risk assessment that the sample presents to the organisation, and advice on the best way to remediate the threat and identify additional infected hosts.

Network VAPT

Assessment of modern corporate network infrastructure and validation of attack scenarios based on the assume breached model.

Web Application PT

Credential and non-credentialed dynamic testing of Web Application.

Red Teaming

Execution of adversary emulation operations adopting the same Techniques, Techniques, and Procedures (PPTs) employed by modern state-sponsored threat actors.

Social Engineering

Execution of physical and remote Social Engineering attacks aimed to induce victims into executing actions that could impact on the targeted organization’s security.

Exploit Development

Development and customization of exploit code and attack techniques strategies.

Physical Security

Assessment of technologies employed to ensure the physical security of buildings and facilities.

ICS/OT Security

Assessment of the cybersecurity posture of Operational Technologies (OT) environments of Critical Infrastructures.

The APP is a product security program with the objective to provide services to increase assurance over the entire product life-cycle against threats. The following services are offered through within the scope of the Approved Product Program.

The APP Certification Service provides the framework and methodology for the security assessment and certification of IT products to operate and govern the APP. Therefore, an Approved Product List (APL) is provided and maintained to publish and track certified products. For applicable technologies, Test Standards are defined compatible with internationally recognized certification schemes, and testing guidance provided.

Product Supply Chain assessment is performed during the development and manufacturing phases of the product. The objective is to limit the risk of vulnerabilites being introduced into products. The vendors/manufacturer’s secure development and supply chain security practices, processes and procedures are assessed. Supply Chain Security service offers the risk management and compliance checks of suppliers and contractors.

Assessment is the core element of the APP and conducted before a product is purchased and deployed in an organzation. Product security assessment determines compliance, and gives assurance about products’ resistance against threats. A compliance check verifies that the implemented security functionality adheres to current technology standards. Threat Modeling identifies assets and threats to the product and is used to tailor the list of security requirements. Design Reviews and Vulnerability Assessments are executed to analyze and test potential vulnerabilities.

Product Monitoring is done during the operations/maintence phase of products and involves checking the public domain for new threats and vulnerabilities against APL products, review and tracking of vendor patches, and advising APL customers. Product Monitoring involves a pro-active product monitoring and detection service that enables customers of APL to receive security advisories.

Product Forensics is done during the operations phase of products and involves re-active forensic services that are offered to respond to and investigate compromised devices or suspicious behavior of APL products in the field. The goal of computer forensics is to examine artefacts in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts about the digital information.

© Digital14. All rights reserved.