Adversarial Analysis
How will an adversary view your architecture, product, or platform? What are the most likely avenues they’ll take to achieve their goals? How costly will it be for them to attack you or your customers? I will help you answer these questions. Contact me to get started!
Vulnerability Research
My proven vulnerability research process combines manual audit, fuzzing, and custom analysis tools to uncover critical flaws in target products - whether your own, or a critical 3rd party. You will receive descriptions of each flaw, along with my assessment of severity, my recommendation for addressing, and proof-of-concept exploits for reproduction where applicable and when requested.
Penetration Testing
The term Penetration testing has come to describe several completely disparate activities. From highly skilled professionals examining a target for exploitable flaws and proving their existence and severity by exploitation, to packaged results from automated tools that scan for patterns that might indicate an issue. While I’ve considered adopting a more trendy name to differentiate my approach from the competition, I decided to let my work speak for itself. Let me hack your product or service and see how we put the penetration in pen testing.
Code Audit
With over a decade of experience, I’ve audited millions of lines of code. My hybrid approach combines manual analysis with state of the art program analysis tools to uncover security relevant flaws in your code. Contact me to get started!
Architecture Review
Implementation flaws can usually be addressed with a patch, where logical and architectural flaws often require redesign. I will review your software architecture, building a threat model to document viable threats and currently applied mitigations while recommending actionable mitigations to address remaining gaps. Contact me to get started!