CTD’s approach to IoT, Smart Devices pentest includes Hardware, Software and Server assessment
Reverse engineering firmware binaries
Binary exploitation
Encryption analysis
Bypass obfuscation techniques in use
Debugging binaries to gain sensitive info
Android, Cloud and Web vulnerability testing
Input Validation: SQL Injection, Malicious Input acceptance, Command Injection
Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering
Data storage vulnerabilities
Identify potential for denial of service (DOS) attacks
Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation
API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypas like skipping payments, API missconfigurations
Radio communication reversing for proprietary protocols
Exfiltration of Sensitive data from memory: applications store username, tokens, passwords, encryption keys, unscripted sensitive data.
UART, JTAG, SWD ports exploitation
Flash memory chips to detect a possibility to dump firmware.
Logic bugs sniffing and bus tampering
External peripheral devices: headphones, antennas etc.
Call us or write us an email with your requirements
Establish what needs to be tested and the right approach
We attack your devices to discover vulnerabilities
We will present all the findings and solutions to fix them
Contact our offensive security experts today to discuss your requirements