Your company is unique -
Why isn't your security?
We are Attack Research (AR), a boutique security firm located in Northern New Mexico that specializes in penetration testing and security consulting engagements. Rather than offering a one size fits all solution, we work with our clients to understand their unique business needs to tailor the best possible solution while our flat organizational structure allows for rapid deployment of resources and small teams to ensure consistent, personalized service.
With a diverse talent pool our teams can quickly gain a deep understanding of our client’s environment and the technologies used within, whether it is off the shelf, esoteric, custom, or proprietary. We then assess those technologies, reverse them, and leverage them to gain control of target systems. While using traditional exploits is part of our repertoire, our team has found that focusing on identifying misconfigurations better facilitates privilege escalation and lateral movement.
Some of Our Services
Feel free to contact us if you have any questions about how we can best meet your needs.
Penetration Testing and Vulnerability Assessments
Whether you are concerned with your external services or prefer to focus on the internal network, AR is here to help. From small, limited tests on a single piece of hardware to full-scope APT simulations, designed to help a good SOC become great, we have a team to fill your testing needs. We can fulfill any audit mandated testing requirements!
Help your people stay up to date on the latest emerging threats or just brush up on secure coding techniques that make any hacker’s life harder. Our previous classes cover topics including:
Exploitation of Windows and Unix
Whether you are ready to release a new application or have concerns about an existing one, we can help your brand avoid tarnish. Our toolbox includes thorough source code review as well as automated and manual testing of user input, authentication, API endpoints, and DoS-style attacks to make sure we catch any issues before your users do.
When your network or hardware is compromised, knowing how is just as important as sealing the breach. On- or off-site, we can perform forensically sound engagements to determine the circumstances of the incident and use all available resources to detect evidence of compromise, contain and remove the threat.
Compliance and Threat Management
Show customers that they can trust you with their data. Through penetration tests and security architecture assessments, we can help you ensure proper handling of credit card information for the Payment Card Industry, show the government that you are securely handling medical data for HIPAA, and so much more.
Security Consulting and Product Design
Want to build a new product, but do not know where to begin with security? We can help. Having designed, built, and tested everything from mobile applications to custom security tools, our team can work with yours from day 1 to ensure that systems are designed and implemented with security built in, saving you money and time.
We work closely with industry partners to provide specialized security consulting and testing.
Since 2009, our team members have worked alongside airlines, OEMs, and their Tier 1 suppliers to remediate security issues before they are put into production. Production configurations are also tested in controlled labs as well as on aircraft.
Through ongoing tests with our customers, the team has developed a more holistic approach to assessing SATCOM environments.
These engagements bring into scope servers, network links, control systems and authentication services. Our team has found that approach, in combination with the more common methodology of testing each component, yields superior results.
We work closely with OEM and Tier 1 suppliers on penetration testing and new product design. Our breadth of experience encompasses ECU, IHU, and the CAN/LIN bus. This includes reverse engineering and attacks against hardware, radio, and network.
Military / Government
Our staff, who carry up to the highest clearances, thrive in the compartmentalized and specialized environments the military demands and have decades of experience in government and military research.
We have developed custom long- and short-term specialized products, provided solutions for unusual scenarios, and researched various depths of potential vulnerabilities within a variety of systems.
With the switch to sports-like, cut-throat competition, many games rely on vast payment systems, networked infrastructure, and anti-cheat. We are instrumental to gaming companies when it comes to penetration testing as well as consultation on infrastructure, payment, and design.
SCADA / IoT
The advent of Industry 4.0 and IOT demands industries to live in an increasingly interconnected world. The integration of the SCADA systems with the back-office, or the collection of data from the IOT edges creates new vectors for attackers to exploit.
The experience matured over the years allows AR to understand the needs of a modern industry and to perform a comprehensive review of the systems.
Oil and Gas
Payment Card Industry (PCI)