World-Class Research

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved. We use real attack techniques, tactics, and procedures certified by MITRE ATT&CK. We're the only ones in Latin America who develop their own attack framework. We're not just running some third-party tools, we're building them.

Our offering includes

• Spear Phishing + Social Engineering: Dridex, Emotet, etc
• Ransomware-as-a-Service: Ryuk, Darkside, Revil, etc
• Lateral Movement Techniques: WMI, Powershell, Pass-the-token, DLL/DICOM, etc
• Data Exfiltration Techniques: DNS, TCP, LOLBINS, ICMP, HTTP, etc

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

Services offered include:

• Digital Payments training programs.
• NFC and EMV Security Assessments.

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

• BASE24 Secure Code Review: We developed the first guide of safe code and scanner for bug detection.
• PCI Validation: We check for possible violations of PCI DSS standards.
• ACI Fixed Gap Analysis: We identify the critical safety fixes that your organization should have installed.
• Fixes Implementation: Our team of experts in TAL, will give you the ideal fix recommendation, develop it, and implement it.

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Services offered include:

• ATM attack simulation and security controls gap analysis.
• Forensic analysis.
• ATM cybersecurity training.
• We create custom ATM malware to replicate techniques of Ploutus, Ripper, Tyupkin, etc making as realistic a test as you can get.

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify vulnerabilities at:

• Hardware: Anti-tamper, USB stack, JTAG/UART/SPI/I2C, Firmware dumping, Bootloader attacks
• Mobile Client (Android/iOS: In-depth PoS SDK analysis to interact/attack PoS Firmware: Remote Reboot, Shutdown, Bricking, Memory leaks, Firmware updates, etc.
  
• Bluetooth/BLE: HCI, L2cap, SPP, ACL level attacks, MiTM to alter payments at realtime
  
• NFC: Relay, Replay, Protocol-level (APDU, etc) attacks, Transaction limit bypass, Payway (VISA), PayPass (Mastercard), ExpressPay (AMEX) attacks
  
• PoS Firmware: Reverse Enginering third-party libraries, Secure Code Review of vendor’s code.
  

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.
Our specialized practice combines technology and people to offer the following services:

• Architecture Review: evaluate your existing security program.
• Managed Threat Hunting: augment your staff with our ICS expert analysts.
• ICS/OT Training: intensive hands-on learning.
• Incident Response: rapid on- and offsite support.