11062b_02f3dbceab3f4181a0ea4767efbf280d.jpg
AR_Original_Logo_White_dropshadow.png
AR_Word_Logo_Artboard 2_dropshadow.png

Your company is unique -

Why isn't your security?

About Us

We are Attack Research (AR), a boutique security firm located in Northern New Mexico that specializes in penetration testing and security consulting engagements. Rather than offering a one size fits all solution, we work with our clients to understand their unique business needs to tailor the best possible solution while our flat organizational structure allows for rapid deployment of resources and small teams to ensure consistent, personalized service. 

​ 

With a diverse talent pool our teams can quickly gain a deep understanding of our client’s environment and the technologies used within, whether it is off the shelf, esoteric, custom, or proprietary. We then assess those technologies, reverse them, and leverage them to gain control of target systems. While using traditional exploits is part of our repertoire, our team has found that focusing on identifying misconfigurations better facilitates privilege escalation and lateral movement. 

 
zan-wGqz5YSqsfk-unsplash2
kumpan-electric-sNQ4EnbT980-unsplash2
robin-glauser-zP7X_B86xOg-unsplash2
christina-wocintechchat-com-tYVkjjMYFBo-unsplash2
alex-azabache-Wpq8c_gqPT0-unsplash2
jefferson-santos-9SoCnyQmkzI-unsplash2
vlcsnap-2022-08-25-13h25m58s2532
a00e7791c7984675a5c2439fdf4a37c62
zan-wGqz5YSqsfk-unsplash2
kumpan-electric-sNQ4EnbT980-unsplash
11062b_02f3dbceab3f4181a0ea4767efbf280d

Some of Our Services

Feel free to contact us if you have any questions about how we can best meet your needs.

vlcsnap-2022-08-25-13h31m07s9342.jpg

Penetration Testing and Vulnerability Assessments

Whether you are concerned with your external services or prefer to focus on the internal network, AR is here to help. From small, limited tests on a single piece of hardware to full-scope APT simulations, designed to help a good SOC become great, we have a team to fill your testing needs. We can fulfill any audit mandated testing requirements!  

vlcsnap-2022-08-25-13h25m58s2532.jpg

Custom Training

Help your people stay up to date on the latest emerging threats or just brush up on secure coding techniques that make any hacker’s life harder. Our previous classes cover topics including: 

  • Exploitation of Windows and Unix 

  • Malware Development 

  • Secure Coding 

  • Incident Response 

balazs-ketyi-L0nipfx-Ry4-unsplash2.jpg

Application Assessment

Whether you are ready to release a new application or have concerns about an existing one, we can help your brand avoid tarnish. Our toolbox includes thorough source code review as well as automated and manual testing of user input, authentication, API endpoints, and DoS-style attacks to make sure we catch any issues before your users do. 

Screenshot from GL1-0042.jpg

Incident Response

When your network or hardware is compromised, knowing how is just as important as sealing the breach. On- or off-site, we can perform forensically sound engagements to determine the circumstances of the incident and use all available resources to detect evidence of compromise, contain and remove the threat. 

cardmapr-nl-9fByQORuvqM-unsplash2.jpg

Compliance and Threat Management

Show customers that they can trust you with their data. Through penetration tests and security architecture assessments, we can help you ensure proper handling of credit card information for the Payment Card Industry, show the government that you are securely handling medical data for HIPAA, and so much more. 

jefferson-santos-9SoCnyQmkzI-unsplash2.jpg

Security Consulting and Product Design 

Want to build a new product, but do not know where to begin with security? We can help. Having designed, built, and tested everything from mobile applications to custom security tools, our team can work with yours from day 1 to ensure that systems are designed and implemented with security built in, saving you money and time.  

Industries

We work closely with industry partners to provide specialized security consulting and testing. 
 

andrew-ruiz--ajZ_Xzeqe4-unsplash2.jpg

Avionics

Since 2009, our team members have worked alongside airlines, OEMs, and their Tier 1 suppliers to remediate security issues before they are put sent into production. Production configurations are also tested in controlled labs as well as on aircraft.

spacex-VBNb52J8Trk-unsplash2.jpg

SATCOM

Through ongoing tests with our customers, the team has developed a more holistic approach to assessing SATCOM environments.  
 
These engagements bring into scope servers, network links, control systems and authentication services. Our team has found that approach, in combination with the more common methodology of testing each component, yields superior results. 

chuttersnap-gts_Eh4g1lk-unsplash2.jpg

Automotive

We work closely with OEM and Tier 1 suppliers on penetration testing and new product design. Our breadth of experience encompasses ECU, IHU, and the CAN/LIN bus. This includes reverse engineering and attacks against hardware, radio, and network.

israel-palacio-IprD0z0zqss-unsplash2.jpg

Military / Government

Our staff, who carry up to the highest clearances, thrive in the compartmentalized and specialized environments the military demands and have decades of experience in government and military research.

We have developed custom long- and short-term specialized products, provided solutions for unusual scenarios, and researched various depths of potential vulnerabilities within a variety of systems.

fredrick-tendong-6ou8gWpS9ns-unsplash2.jpg

Gaming

With the switch to sports-like, cut-throat competition, many games rely on vast payment systems, networked infrastructure, and anti-cheat. We are instrumental to gaming companies when it comes to penetration testing as well as consultation on infrastructure, payment, and design.

robin-glauser-zP7X_B86xOg-unsplash2.jpg

SCADA / IoT

The advent of Industry 4.0 and IOT demands industries to live in an increasingly interconnected world.  The integration of the SCADA systems with the back-office, or the collection of data from the IOT edges creates new vectors for attackers to exploit.

​The experience matured over the years allows AR to understand the needs of a modern industry and to perform a comprehensive review of the systems.

Other Industries

  • Oil and Gas

  • Payment Card Industry (PCI)

  • Hedge Funds

  • Social Media

  • Entertainement

  • Intelligence

  • State Government

  • Manufacturing

  • Medical

Contact Us

30 Bonnie View Drive, White Rock, NM, USA

Phone/Fax: +1 505-672-6416

Contact our team today to discuss how we can help you fulfill your unique security needs.