H-X Technologies

and give corresponding priorities to your data integrity or confidentiality, your business continuity, identification of the attackers or their prosecution.

We provide detailed forensic examination and analysis of computers, hard drives, mobile devices and digital media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis and other methods.

Last few years, we have witnessed the increase of computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving usual evidences. To identify, respond, examine, analyze and report on the computer security incidents, computer forensics and digital investigation methods are constantly evolving.

Our skills include but not limited to:

• Acquiring Data and Evidence
• Live Incident Response and Volatile Evidence Collection
• Advanced Forensic Evidence Acquisition and Imaging
• File System Timeline Analysis
• Advanced File & Registry Analysis including Unallocated Metadata and File Content Types
• Discovering Malware on a Host
• Recovering Files
• Application Footprinting and Software Forensics
• Data Preservation
• System Media and Artifact Analysis
• Database Forensic
• Mobile Forensic

official certification.

Our certifications (CISSP, ISO 27001 Lead Auditor, CISA, OSCP, CEH, etc.) allow us to cover both formal and practical aspects of security compliance and security management.

When building an ISMS or security controls, we rely not only on ISO 27001/27002 or PCI DSS, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISF SoGP (Information Security Forum Standard of Good Practice for Information Security), COBIT (Control Objectives for Information & Associated Technologies), VDA ISA (Verband der Automobilindustrie - Association of the Automotive Industry - Information Security Assessment), TISAX (Trusted Information Security Assessment Exchange), ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Privacy Regulation), and so on.

Our approach to implementation begins with simple steps in order to give you the first value for free, to introduce you to the process and to allow you to understand clearly the essence of the implementation works and your role in them.

control

Arithmetic overflow operations (integer overflow and underflow)

Reentrancy attacks, code injection attacks, and Denial of Service attacks

Exceeded limits on bytecode and gas usage

Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)

Race conditions, other known attacks and access control violations

METHODS AND TOOLS

Our audits of smart contracts comply with the following requirements:

1. The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities.
2. The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation.
3. The smart contract audit includes the following stages:
4. The tests are conducted by a team of specialists with more than 17 years experience in different IT security domains; CISSP, OSCP, CISA and CEH certification holders.
5. In general, the code review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.

The tools we use: Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Geth, Ganache, Mist, Metamask, solhint, mythx, etc.

 

Assessment) contains strictly structured information security assessment criteria, KPIs and additional optional modules:

• Connection to 3rd parties
• Data protection
• Prototype protection

TISAX (Trusted Information Security Assessment Exchange) is a framework for VDA ISA which allows independent vendors to share their certification and assessment results with their customers (usually from the automotive industry).

When building an Information Security Management System (ISMS) and security controls, we rely not only on ISO 27001/27002, VDA ISA and TISAX requirements, but also actively use other standards and frameworks, when this is appropriate or explicitly required by our customers or their partners. For example, ISO/TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination), GDPR (General Data Privacy Regulation), and so on.

Our approach to implementation begins with simple steps so that you receive the first results for free. That would also introduce you to the process and help you understand how the implementation works and your role in it.

vulnerability scan, but mostly manual work. Depending on your preferences, the pentest may include interaction with your staff (social engineering).

We have a wide, deep and unique experience and competence in IT and corporate security. Both in GRC (Governance, Risk management and Compliance), and in technical security. Both in Defensive Security and Offensive Security.

We are highly qualified, flexible and reliable:

• Experience in information security
• International security certificates
• Absolute legitimacy and confidentiality
• Highest customization and flexibility
• Highest quality

Our pentests are at the highest level: reverse engineering, 0-day vulnerability research, Red Team, etc.

• We participate in and win CTF and bug bounty.
• We effectively do security analysis of source code and find vulnerabilities and problems that even commercial static security scanners cannot find.
• We have rare competencies, such as the auditing of smart contracts.
• We teach software architects, developers and testers how to program securely.
• We have decades of experience in large international corporations.

The experience in industrial automation and software of ATE's staff begins in 1995, and they have completed more than 120 projects. Since 2005, they have completed more than 80 projects with an average capacity of 500 man-hours each.

Our international certifications in industrial IT/OT security are ISA CFS and CRS. Our international certifications in general information security are ISC2 CISSP and SSCP, ISACA CISA, Offensive Security OSCP, EC-Council CEH, ISO 27001 Audit/Implementation and others.

To show the level of our competence and erudition, the methods and tools that we use in everyday work are listed below.

For audits, consultations and implementations in the field of security of technological processes, operations, equipment and software of industrial IT/OT, we use the following standards, frameworks and methodologies:

• ISO/IEC 27001, VDA/TISAX
• ISA99, ISA/IEC 62443
• North American Electric Reliability Corporation (NERC) Reliability and Security Guidelines
• NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security, NIST Framework for Improving Critical Infrastructure Cybersecurity
• DHS guidelines for critical infrastructure protection and the Critical Infrastructure Protection framework

In the field of assessment and implementation of OT security, we work at the level of specific vendors. For example, we work with Siemens PLCs using Step7 and TIA Portal, with Schneider Electric equipment using Concept, UnityPro and SoMachine, with Mitsubishi using GX Works, with Omron using CXOne, with Carel using 1tool and with Wago using CoDeSys.

In urgent cases, when it comes to preventing great material damage from a security incident, we are able to reverse engineer not only industrial software code, but also proprietary industrial protocols.

We assess the security of SCADA computers and switches using common automatic and semi-automatic tools (vulnerability databases and scanners, exploits, IDS, IPS, EDR, SIEM, SOAR, etc.) with special configurations, and we also do manual analysis of SCADA scripts and other source code in white box mode.

Security or Security Assessment services.

Check out our business cases of security analysis of source code.

The objective of this analysis is security assessment of the source code of your systems or applications: checking integrity and consistency of your code, secure coding principles, finding unsafe or deprecated functions, hidden logical bombs and traps, backdoors, undocumented features, non-optimal coding practices and OWASP top 10 vulnerabilities.

We support the following languages:

• .Net/ASP.Net
• Java EE (JBoss, Tomcat, etc.)
• Java Android
• Objective-C/Swift iOS/MacOS
• PHP
• Javascript
• Python
• C/C++/Assembler
• Solidity
• Golang
• Lua
• your language or platform.

To achieve the objectives, the auditors use two methods:

• SAST (Static Application Security Testing), which allows analyzing source code for known vulnerabilities using automated tools.
• Manual source code review and analysis, in order to reveal unsafe and non-optimal coding practices, hidden logical bombs and traps, backdoors and undocumented features.