Portfolio

Blue Frost Security places great value on manual performance of all conducted projects.
The majority of tests conducted consist of manual analysis, complemented by the use of carefully selected custom made tools to guarantee a comprehensive approach.
 
The following shows an excerpt of our technical competencies: 
 
Penetration Testing

  • Internal/External Penetration Test
  • Web Application Penetration Test
  • Red Team Engagements
  • IoT Penetration Test
  • PCI-DSS Penetration Test
  • Terminal Server Break Out Penetration Test
  • Cloud Solution Penetration Test
  • Microsoft SharePoint Server Penetration Test
  • Segregation Test (between industrial, SCADA, and office networks)
  • SCADA/ICS Penetration Test
  • Social Engineering Penetration Test and Awareness Training
 
Security Analysis

  • Source Code Audits (C/C++, C#, Java, Objective-C, PHP, .NET, Python, Perl, Ruby/Ruby on Rails, Assembler)
  • Black-Box Security Analysis of Binary Software
  • Identification of vulnerabilities in 3rd party software
  • Analysis and Fuzzing of known or proprietary protocols
  • Security Analysis of Embedded Systems
  • Thin & Thick Client Security Analysis
  • Analysis of Hardware Firmware for vulnerabilities or backdoors
  • Strong knowledge of operating system internals (Windows, Linux, Mac OS X, iOS, Android)
  • Profound knowledge of binary formats (PE, ELF, Mach-O, Java Class files, Flash)
 
Security Research

  • Binary Reverse Engineering (x86, x64, ARM, ARM64, PowerPC and others)
  • Vulnerability Research
  • Exploit Development
  • Analysis of Exploit Mitigations
  • Analysis of Zero-Day Vulnerabilities
  • Malware Analysis (Deobfuscation, Partial Source Code Recovery)
  • Security Tool Development
  • Advanced User Mode and Kernel Debugging (GDB, LLDB, WinDbg, SoftICE, OllyDbg, Immunity Debugger, IDA Pro)
  • Software Instrumentation (Intel Pin, DynamoRIO)
 
Mobile Security

  • MDM Integration Assessment
  • Mobile Application Security Assessment (Android, iOS, Blackberry, Windows mobile)
  • Wireless Penetration Test
  • Source Code / Binary Audits of Mobile Apps (Android, iOS, Blackberry, Windows mobile)
  • VoIP and PBX Audits
 
Configuration & Design Reviews

  • Attack Surface Identification
  • Threat Modeling
  • Workstation and Operating System Hardening (Windows, MacOS, Linux)
  • Server Hardening (Windows, Linux, Unix, BSD, Solaris)
  • Configuration Review (Network devices, Firewalls, IDS, Anti-Virus, Email Spam Filter, Monitoring Solutions)
  • Concept/Design Review (Network Architecture, User Rights & Role Concept, Active Directory Structure, Incident Handling and Management, Forensic Readiness)
 
 

 

Back to "References" overview