Unconventional Solutions, Uncommon Results
When all else fails, try something completely different
Unconventional Solutions, Uncommon Results
When all else fails, try something completely different
When all else fails, try something completely different
When all else fails, try something completely different
Blending skills across multiple disciplines including digital forensics, ethical hacking, systems development, and enterprise IT, allows us to use an "outside the box" approach when facing cybersecurity and technical challenges. Using these unconventional tactics, coupled with sound practices and procedures, provides a platform to be successful when other more traditional approaches did not provide the desired outcomes.
This is usually not the first place anyone contacts when looking for a cybersecurity or IT solution, but it is almost always the last. Technology has integrated into our lives at unprecedented levels and into unforeseen areas. This combination has created unique issues in our everyday life that conventional IT practices and procedures are not equipped to handle. It's s time to try the unconventional!
Cybersecurity is about protecting the Confidentiality, Integrity, and Availability of your information and this applies in your personal life just like the business world. Without guaranteed confidentiality all of this would just be academic. To that end, any information collected during the course of the engagement would be stored and accessed at your discretion, protected with encryption throughout the entire life-cycle, and irrecoverably destroyed after the engagement.
Our biggest strength is being able to understand the needs of our clients and align those needs with creative and unconventional problem solving. We do maintain a list of services, but often solutions are tailored as each client's needs can be unique. In the past we have recovered a hijacked cell phone number being used to spam people.. On one occasion we were able to gain access to the laptop of a deceased relative of a client so they could gain access to resources to pay bills, etc. There was one occasion when we were able to identify and eradicate an attacker from a clients server, implement security controls to prevent another compromise, the perform a security analysis to validate the controls effectiveness. What keeps you up at night?
"Just when you think you've seen it all, tomorrow comes."
Surprisingly, this is my most often requested service. This service includes analyzing files(exe, office files, zip files, or pdf), email, or URLs to determine if it is malicious and what happens if the file is run or the url is visited. The process includes executing the payload in a sandbox, review OSINT on the file/url/domain using tools like virustotal, as well as use reversing techniques on the file to determine functionality. Did you get a phishing email with a link or attachment and not sure if it is legitimate, then this service is what you want? If you clicked the link or opened the attachment, then you might need the next level of service, Incident Response
As part of an incident response, the system is reviewed for compromise and if so, incident response procedures are implemented to contain the attack from spreading, eradicate the attacker from your environment, and clean the system for return to production. This process can sometimes lead to a Forensic investigation to determine the extent of the breach, so as part of incident response it is common to collect and protect potential evidence.
Where the goals of incident response are to clean the system, return it to production, and collect and protect potential evidence for analysis, the goals of the forensic investigation are to determine what the attacker did on your system, did they access data, did they access other systems, did they steal data and upload it somewhere, did they change data? These are a few of the questions that the forensic investigation is meant to answer.
The purpose of testing an application using techniques like fuzzing, is to ensure that the application can handle different types and lengths of unexpected input without crashing as well as testing to see if application handles the exceptions properly. If the fuzzing process has identified a crash based on unexpected input, it might be possible to develop an exploit that allows an attacker access to the system or perform some other nefarious activity. An exploit that has not been disclosed publicly but is actively being exploited in the world is known as a 0 day exploit. Having this type of test performed on your applications before release, can go a long way to reducing the risk of an attacker finding it and using it to attack your clients.
The process of not just testing the application itself against vulnerabilities like cross site scripting, cross site request forgery, or sql injection among others, but the entire web application infrastructure including the framework used like Rails or Spring MVC, the server OS (Linux/Windows), the web server software (IIS, Apache, Web Logic), the language used (PHP, ASP.Net), any middle tier applications, and the databases on the back end. A vulnerability scan is generally also part of this type of test.
Deland, Florida, United States
Open today | 09:00 am – 05:00 pm |
Monday - Friday: 9am - 5pm
Saturday - Sunday: Closed
Copyright © 2018 Issassins - All Rights Reserved.
Powered by GoDaddy Website Builder