.jpg)
Midnight Blue is a specialist security consultancy firm engaged in high-end security research with a particular focus on embedded systems in domains ranging from Cyber-Physical Systems (CPS) to communications and security equipment. We provide a wide range of consultancy services to critical infrastructure operators, Fortune 500 firms, government agencies, and startups across industry verticals.
Our researchers regularly speak at top tier conferences, have discovered numerous 0-days, and have conducted security assessments in some of the most challenging and sensitive environments. Drawing upon this experience and a strong industry network, we are able assist our clients in proactively keeping pace with increasingly advanced attackers.
Jos' research has involved reverse-engineering, vulnerability research, and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs.
Carlo's research has included breaking a hardened variant of the Mifare Classic Crypto1 RFID cipher, breaking the security of Self-Encrypting Drives, and compromising default password generators in ISP-deployed consumer routers.
Wouter is known for breaking several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world's fastest public attack against the Hitag2 cipher.
We tailor all our services to our clients’ specific needs, and follow a general approach to bring structure to complex and often opaque projects. Depending on the nature of our clients’ needs, we can follow our usual approach or find a more bespoke fit.
Every project starts off with an intake session during which we explore the client’s problem space, identify goals and obstacles and determine a scope.
Before an actual plan of approach is drafted we prefer to conduct a prestudy in order to truly understand the problem at hand, decompose it and determine pitfalls and come up with a good estimate on the execution timeframe and technical requirements.
The output of the prestudy is a plan of approach. It describes the client’s original problem and decomposes it into manageable and clear goals, obstacles and scoping. In addition, it provides an execution timeframe, technical requirements and a step-by-step walkthrough of the execution process as well as an overview of the deliverables produced by the project.
Execution can be tailored to the clients’ needs and can come in time-boxed or milestone-based forms. Deliverables can either be set at project conclusion or can be set as milestones throughout the execution phase.
Upon completion of execution, QA will take place as per the four eyes principle and deliverables will be handed over to the client. Assessment reports will have prioritized, reproducible findings and associated remediation advice. Technical deliverables will come with documentation and instructive examples.
