Services
Overview
Millions of lines of code, hundreds of processors: the systems that make up the very fabric of the world around us grow ever more complex and ever more interconnected. With that complexity and inter-connectivity comes a simultaneous increase in vulnerability exposure and decrease in control & visibility.
Midnight Blue’s systems & vulnerability analysis services enable manufacturers, system integrators, secure procurement facilitators and end users to understand how complex systems work and where they are vulnerable to attack. From brand new, highly integrated embedded systems that fit in the palm of your hand to large, geographically dispersed cyber-physical systems running on legacy technology, we’ve got you covered.
Whether offense or defense, one always needs to know the lay of the land before anything else. Threat modeling allows us to transform opaque attack surfaces into manageable areas of interest with well-defined weaknesses, threats and risks. This provides you with a prioritized and scoped knowledge base enabling you to perform effective resource triage for maximum return on investment.
We have experience with threat modeling anything from black box embedded devices to the massive systems-of-systems underpinning critical infrastructure as part of SDLC, vulnerability assessment and red teaming efforts. This experience enables us to rapidly understand complex and obscure systems and see their fault lines where others might miss the forest for the trees.
Our white and black box security assessments exhaustively test a system from all angles in order to proactively identify and understand its vulnerabilities, their root causes, their potential impacts and the adequate remediation. In addition to code & architecture reviews, we utilize a mix of manual and automated analysis approaches involving fuzzing, side-channel attacks and cryptanalysis in order to thoroughly evaluate a target system.
We have discovered numerous 0-day vulnerabilities affecting hundreds of thousands of critical systems and developed proof-of-concept exploits to validate them. This experience allows us to accurately determine the exploitability and potential impact of bugs in an industry where many vulnerability reports rest on a flawed understanding of root causes and a lack of real-world exploit development experience.
Whether you seek to understand the threat posed by hackers and competitors, require analysis of malicious implants, require interoperability with proprietary technologies or seek to deeply understand third-party hardware or software as part of a secure procurement process: reverse engineering allows you to truly understand a system in detail.
Our reverse-engineering services are full-stack: from PCB analysis, ICE, chip-off and bus sniffing to firmware and protocol analysis and everything in between. Due to our deep experience in the embedded, industrial and automotive domains we have developed unique in-house capabilities that are able to deliver where out-of-the-box commercial reverse engineering tooling would fall short.
All items