Breaching the perimeter - PhantomJs Arbitrary file read
By Rajanish Pathak at xen1thlabs
xen1thLabs conducts vulnerability research, which feeds in the testing and validation activities it conducts across software, hardware and telecommunication. xen1thLabs houses a team of world-class experts dedicated to providing high impact capabilities in cyber security. At xen1thLabs we are committed to uncovering new vulnerabilities that combat tomorrow's threats today.
Closed-source and open-source fuzzing of grammars, file formats, and network protocols to help discover deep vulnerabilities that are undiscoverable by traditional security testing methods.
Reverse Engineering and Binary Analysis
Reverse engineering and binary analysis on a wide range of architectures and operating systems. We identify vulnerabilities using cutting-edge binary analysis techniques, including control flow graphs, instrumentation, symbolic execution and taint analysis.
Source Code Analysis
Combining software security expertise with static and manual analysis of source code to verify the effectiveness of the existing security controls, identify security risks, and software vulnerabilities in any number of programming languages.
Embedded Software Security
Assessment of the design and implementation of firmware and applications to find possible remote code execution, privilege escalation, and information disclosure vulnerabilities. We provide research on embedded systems and binaries to discover new vulnerabilities and improve existing security assessment tools.
Security assessment of mobile operating systems and applications to identify critical vulnerabilities and provide remediation to protect users.
Web Application Security
Holistic security reviews of web applications and services, including design and architecture reviews, source code reviews, and dynamic testing. As part of our assessments, we provide proof-of-concept evidence to demonstrate vulnerabilities and provide risk assessments and remediation advice for all identified security issues.
Blockchain and Smart Contracts assessment methodologies that enable the discovery of security flaws corresponding to various attack surfaces.
Telecommunication Networks (from core to end users)
Comprehensive analysis of emerging threats against cellular networks (RAN and core) and GPON/ FTTH.
Wireless Security Assessment
Advanced practical analysis of threats related to jamming, spoofing, relay, replay and eavesdropping attacks against radiofrequency interfaces.
Deep evaluation of electromagnetic noise and environment to protect our clients’ sensitive assets from Electromagnetic Compromising Emanations and Intentional Electromagnetic Interference.
Advanced signal and protocols analysis
Cutting-edge signal processing and protocols reverse engineering capabilities to support the security assessment of communication systems.
Hardware Security Assessment
Thorough hands-on assessment on various hardware vulnerabilities, such as exploitation of debug feature, tamper assessment, firmware dumping and analysis, and bus probing.
Hardware Reverse engineering
Systems analysis and reverse engineering of circuits and components.
Deep analysis of weaknesses in hardware using various side-channels, such as timing, power, electromagnetic emanation (EM), and micro-architectural (SPECTRE, MELTDOWN, FORESHADOW).
Comprehensive assessment of fault tolerance from voltage and clock glitching over EM fault injection and Laser fault injection to remote fault attacks like ROWHAMMER.
IC Invasive Analysis
Using our innovative equipment, we provide assessment of vulnerabilities inside an IC, from IC reverse engineering to micro probing and circuit editing.
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability CVE-2019-1716
By Rajanish Pathak at xen1thlabs