IITAC Tiger Team
The security testing process is a discrete event test of a dynamic, stochastic system. The target is a system, a collection of interacting and co-dependent processes, which is also influenced by the stochastic environment it exists in. Being stochastic means the behavior of events in a system cannot be determined because the next environmental state can only be partially but not fully determined by the previous state. The system contains a finite, possibly extremely large, number of variables and each change in variable presents an event and a change in state. Since the environment is stochastic, there is an element of randomness and there is no means for predetermining with certainty how all the variables will affect the system state. A discrete test examines these states within the dynamic system at particular time intervals. Monitoring operations in a continuous manner, as opposed to a discrete one, would provide far too much information to analyze. Nor may it even be possible. Even continuous tests however, require tracking each state in reference to time in order to be analyzed correctly.
A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security.
Benefits for the client
Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.
We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.
The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.
More Information?
- Binary Auditing
- Copy Protection
- Digital Rights Management
- IITAC Tiger Team
- Penetration Testing & Network Auditing
- Security Consulting
-
Security Labs Blog
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
- IT Underground XI 2008: 64-bit Imports Rebuilding and Unpacking (by S. Doucet)
- RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
- IITAC - Sponsor of the RECON conference! Free IDA Pro training!
- Microsoft Security Risk Management Guide - Worth a look?
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
-
IDA Pro Training
Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!
Cognitive Debugging™
The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!Scientific Hacking™
Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!
-
Get in touch
-
Get your free copy!
