Offensive Security Services

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved. We use real attack techniques, tactics, and procedures certified by MITRE ATT&CK. We're the only ones in Latin America who develop their own attack framework. We're not just running some third-party tools, we're building them.

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

Services offered include:

• Digital Payments training programs.
• NFC and EMV Security Assessments.

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

• BASE24 Secure Code Review: We developed the first guide of safe code and scanner for bug detection.
• PCI Validation: We check for possible violations of PCI DSS standards.
• ACI Fixed Gap Analysis: We identify the critical safety fixes that your organization should have installed.
• Fixes Implementation: Our team of experts in TAL, will give you the ideal fix recommendation, develop it, and implement it.

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Services offered include:

• ATM attack simulation and security controls gap analysis.
• Forensic analysis.
• ATM cybersecurity training.
• We create custom ATM malware to replicate techniques of Ploutus, Ripper, Tyupkin, etc making as realistic a test as you can get.

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify vulnerabilities at:

• Hardware: Dumping sensitive content like Flash memory, Boot loader, etc via JTAG, SPI or I2C interfaces. USB Attacks to get unauthorized access during firmware/music updates, as well as shell protection bypass from UART interfaces.
• Firmware: Finding bugs by doing reverse engineering of the binaries or assessing the protection of sensitive data like encryption keys, cardholder data, Personally Identifiable information (PII) stored in the device.
  
• Software: Secure Code Review assessment to spot vulnerabilities at the application layer that could help an attacker to compromise the device.
  
• Signal: Over-the-Air type evaluation to identify vulnerabilities in different network stacks
  

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.
Our specialized practice combines technology and people to offer the following services:

• Architecture Review: evaluate your existing security program.
• Managed Threat Hunting: augment your staff with our ICS expert analysts.
• ICS/OT Training: intensive hands-on learning.
• Incident Response: rapid on- and offsite support.