- Organizations Support in risk identification and remediation.
- Increase in the level of maturity and frameworks of Information Security control.
- Forensic Digital Analysis to clarify an event that occurred in a IT equipments and preparation of an expert report.
- Response to incidents (DFIR). Advanced management of security incidents both in OnPremise and Cloud systems.
- Holistic approach.
- Methodologies such as OSSTM, OWASP and frameworks developed internally.
- Analysis of:
- White Software Box and Pentestings.
- Black Box, Grey Box and Footprinting.
- Red Team.
We divide the services into three phases:
- Recognition: Inclusion of search engines, collecting emails, DNS records, social media, metadata, public records.
- Intrusion: Phishing attacks to get credentials and access to network levels.
- Analysis and Reports: Analysis of the information gathered.
Security in applications: Static and Dynamic Analysis
- Static Analysis - Discovering software vulnerabilities by auditing the source code without having to run the application.
- Dynamic Analysis - Analysis of applications, extracting information from its dynamic and design through a controlled execution and without accessing the source code.
Security in Applications: Safe Software Development Life Cycle (SSDLC)
- Safety from the start of the development using static and dynamic Code Analysis and Best Practice tools.
- Compliance with requirements such as OWASP Top 10, OWASP Top 10 Mobile, NIST, PCI DSS and others.
Judicial computer experience
- The objective is to clarify an event occurred in a computer or IT system, with the creation of a Forensics Report that can be presented Out of Court or in Court.
Digital DFIr service forensic and incident response
- Main tasks are broken down into three phases: Collection of information, in-situ and operating procedures generation, both in OnPremise and laaS Cloud environments.
- Multi-disciplinary team made up of different profiles: Ethical hackers, System-Network Administrators and Forensic Analysts, with the most relevant certifications in their field.
- As an IT Emergency Response Team (CERT - CSIRT), we are able to contain threats, analyse malware and perform DDOS data analysis and forensic analysis.
- SLAs and time banks, selected according to the customer's needs.
- Bag of hours in 8x5 or 24x7 mode and SLA, selected according to the needs of the client.
Example of cases: Service Refusal, Malware Analysis, Information Leaks, Ransomware, Compromised Systems, Remediation Of Cloud Attacks, Intellectual Property Vulnerabilities, Regulatory Violations, Internal/External Intruder Test and Data Recovery.