In a Nutshell

SRT is a public-facing research unit that works on relevant challenges within information security (infosec), we specialize in vulnerability research, malware analysis, threat intelligence, and technical evaluation. Our team's been doing this kind of work for years. We're passionate about it on both a professional and a personal level, and we're excited to do research that helps our customers and the larger community.

What we do (more specifically).

Penetration Testing. Penetration Testing Services team will simulate a real-world attack on your networks, applications, devices, and/or people to demonstrate the security level of your key systems and infrastructure and show you what it will take to strengthen it. Knowing your vulnerabilities—and the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program.

Red Team. Penetration tests and security assessments are essential to understand your organization's exposure to cybersecurity risks. However, they do not always prepare your employees, executives and Incident Responders against real threats. Red Team Operations aim to improve your asset's and personnel's readiness through a realistic security incident drill that can target your organization's cyber, physical, and human information security elements.

Vulnerability Research. We discover and responsibly report vulnerabilities to vendors, and we work with them to ensure their patches are effective. We develop tools that support vulnerability research and reverse engineering. We monitor relevant public trends, and we prototype new exploits for publicly disclosed vulnerabilities. We participate in capture-the-flag events, and we reverse engineer patches for greater insight into their efficacy and urgency. And we run on-going audits of software and hardware for vulnerabilities we derive from a prioritized research list.

We perform deep-dive vulnerability research into their areas of concern or scenarios of interest. We do penetration testing, and we bring to it our advanced vulnerability-research tool development and distinctive tactical expertise. We support incident response for anyone who needs infosec experts in their corner to help them get through dark days following a data breach or cyber attack.

Vulnerability Assessment. Vulnerability assessment is used to identify, quantify, and analyze security vulnerabilities in the IT infrastructure and applications. Vulnerability assessment combines automated scanning with human intelligence and manual testing.

Malware Analysis. We monitor the public malware space for novel techniques and toolkits, and we contribute samples, bugs, and feature requests to CyberPoint's DarkPoint development staff. We obtain and analyze malware of interest, and we maintain a repository of that malware in DarkPoint. We develop prototype tools that support malware analysis and reverse engineering.

We perform deep-dive analysis of samples or scenarios they provide or inquire about. We repurpose interesting components of malware for the purpose of evaluating defense solutions.

Threat Intelligence. We develop and deploy unique sensors to keep abreast of the evolving hostile Internet landscape. We aggregate multiple sources and feeds of data into a central repository to enable analytic processing of the dynamic data. We develop open-source intelligence (OSINT) and tools to identify trends relevant to modern threats.

Forensics. Uncovering fraud, addressing economic and financial crime, managing disputes and crises, and helping get projects back on track. The SRT team determines facts quickly and accurately, and navigates and effectively manages crises.

Incident Response. We are seasoned incident responders using industry standard response techniques enriched with years of cyber-attack and threat group data to help you respond to and mitigate cyber incidents efficiently and effectively.

Contact SRT

For our customers, we support incident response with repository querying and analysis. We also respond to customer inquiries about a wide array of infosec topics.

If your organization needs immediate assistance with a suspected or confirmed cyber incident, contact us.

Contact SRT