Nettitude has a dedicated and focused team of vulnerability researchers that work with our partners to identify security vulnerabilities in hardware and software devices.
We regularly identify vulnerabilities in applications, embedded devices and IOT technology. We have identified many unique zero-day vulnerabilities in a range of technology applications and platforms, and our team of researchers have been assigned many unique CVE numbers for their work. We work proactively with our clients to deliver focused research on a range of applications and systems with areas of speciality that include.
- Web applications
- Mobile application
- Embedded technology and IoT
- Connected vehicles
- ICS and SCADA environments
- Personal security products
- Blockchain, cryptocurrency
Our team consists of experienced professionals with deep understanding of fuzzing, reverse engineering and cryptography. Whether it is as a point in time activity, or as part of an ongoing security program, Nettitude’s security researchers are able to help.
Vulnerability research methodology:Are there any security weaknesses within your product?
1. Vulnerability researchProactively test and research weaknesses within the product from a white box perspective.
- Fuzzing and Reverse Engineering
- Network & Protocol Analysis
- Web Applications, API’s and Mobile Apps
- Hardware Analysis
2. Exploit DevelopmentDevelop usable exploit code targeting found vulnerabilities.
Our internal program is focused around 6 core areas:
- Virtualisation and endpoint security products
- ATMs and financial payment products
- Hardware Products (Firewalls, Routers, etc)
- Internet of Things (IoT) inc phones, TV’s, home connected devices, etc
- Vehicles and transport systems (inc cars, etc)
- Web applications, APIs and mobile apps
Nettitude have also created many in house tools, including implant malware/C2 frameworks for simulating sophisticated attacks in financial organisations and custom data loss intelligence tools. Nettitude break vulnerability research into a number of further steps as shown below:
1. Vulnerability Research:
- Fuzzing, reverse engineering and in-depth security assessment
- Monitoring and debugging
- Cryptography research
- Hardware teardown
- Web applications
2. Recommendations & Reporting:
- Management report, debrief and recommendations around best practice.
- Technical reports, vulnerability disclosure, debriefs and recommendations.
For any vulnerabilities found, exploit code will be created to both demonstrate the vulnerabilities found and show the potential impact.
The Nettitude Approach
Nettitude has developed a working methodology called PIE FARM to help you maximise the benefits of our engagement and ensure all deliverables support your corporate goals and objectives. This seven-stage approach is applied to all the solutions offered by the Governance, Risk and Compliance (GRC) team and directly relates to the requirement and needs within everyone’s approach to compliance or governance.
The following diagram shows the seven stages of PIE FARM and where each Base Activity falls within the methodology:
Choosing Your Base Activities
Nettitude are ready to assist at all stages and have compiled the following table providing a number of scenarios and suggested Base Activities we can provide: