DarkCell

In engagements more  known as red-teaming, we will attempt to compromise your systems  and gain access to sensitive assets, by any and all means necessary. You will learn how your company and network withstands against our attempts  and responds to real-world threat actors. We use cutting-edge research and advanced tools and capabilities on par with real threat-actors to get the job done.  

One of the most effective ways to learn about potential vulnerabilities in your systems.  Let our team carefully and thoroughly audit your source codes using static and dynamic analysis approaches to uncover potential vulnerabilities that might compromise your data or systems. Where necessary, we develop custom queries for variant analysis, or assess your exposure to potential supply chain attacks and vulnerabilities through external dependencies in your code.

Whether you have developed your mission critical application  in-house or inherited and customized a third-party or commercial solution, we will tear it apart and look under the hood to uncover and exploit potential vulnerabilities in it. This can be desktop, mobile or web application, and with or without access to the source code. We combine the latest tools and technologies with two decades of manual and hands-on experience, to get the most out of often limited engagement times. 

Have you developed a new SaaS, product or about to acquire one from a third-party and need to go through due diligence and assess its security posture? We will look at your product, with or without source code (meeting your limitations), from the viewpoint of a security researcher or threat-actor  that wants to find and exploit bugs in it, helping you resolve potential issues before shipping your product. Our team members have previously audited and uncovered security issues in some of the most well-known vendors and SaaS products.

Whether exposed over the internet or part of a corporate network, wireless or segmented, air-gapped or tightly firewalled, our team can help you assess the security and attack surface of your network. This is basically a penetration test against any and all exposed services and applications within the network. 

Considering potential risks, attack vectors and their impacts on a software, service or product should be part of the development process and a parallel effort, rather than a finishing touch. Our team can help you evaluate potential threats, attack scenarios and their practical and theoretical impact against the system and your business, as part of our Threat Modeling service. 

Tap into our pool of experience through our training services. We provide training services in forms of seminars, classes or workshops on topics ranging from offensive security, security assessment and auditing to security awareness. Whether you want to help your employees to learn about potential security threats,  your developer become familiar with common attack vectors and bug classes or you want to expand the expertise of yourself and your team as security professionals, we might have something to offer you.

Does your company require occasional or recurring security consultation, but not to an extent that would justify hiring full-time security staff or independent contractors for larger projects? Our On-Demand consultation service allows you to have a principal level consultant on retainer. You will be billed based on flexible plans and the fixed number of days per week or month you require. This is often notably cheaper than hiring full-time, as you will not be paying for PTO, bench time or other (often expensive) employment benefits for a full-time employee.