SYN CUBES, INC.

Please describe your company and your position there.

I am a partner and director of professional services at Blaze Information Security, a cybersecurity consulting firm based in Europe and Latin America.

For what projects/services did your company hire Binary Brotherhood?

Blaze has a issue tracking/vulnerability management platform that had been subjected to internal security reviews in the past. However, due to an onboarding process with an important customer, it was their requirement that the platform had to be reviewed by an independent party. We wanted not only the compliance to be onboarded, but also a fresh look at our systems using a company with a strong technical background and Binary Brotherhood impressed us with their knowledge in the scoping call.

What were your goals for this project?

We wanted to be onboarded with a customer that required a set of third party cybersecurity validations. Even though we are a cybersecurity company ourselves, this service had to be done with an independent party and we chose Binary Brotherhood for that.

How did you select Binary Brotherhood?

My team searched for a handful of reputable security consultancies and Binary Brotherhood was referred to by someone we knew, that worked with them in the past. The reference put on a good word for them and we decided to invite them for a meeting to have our own impressions about the company. As I mentioned earlier, they impressed us with asking the right questions during the scoping call and convinced us they would be a good fit for this project.

Describe the project in detail.

Once we selected the vendor, we had only a single kick-off meeting that was very productive, to provide them with the right environment suitable for testing. After providing them with all the information they needed, they started the project in the next day. We had agreed on a time frame of 5 days, which seemed to be more than enough for them. The team was always communicating their results in real time via Slack and a vulnerability reporting platform they use for delivering penetration testing projects. Binary Brotherhood discovered serious security vulnerabilities that even our own internal team after multiple audits overlooked, and gave us an advance heads up on that so our team could fix it quickly. The report was very easy to understand and translated all technical issues into business risks. The final customer that asked us for the third party audit approved the report and onboarded Blaze successfully.

What was the team composition?

We were assigned two security engineers - one senior and one lead, that served as the main technical point of contact for the assessment. There were no further complications with sales people, account managers, etc. communication was very fluid. Speaking of communication with the team, it was real time via Slack, where they were very responsive to our queries and took great care in always informing us about the status of the project, the findings and presenting them in a clear form. This gave our development team an upper hand in fixing the issues quickly.

Can you share any outcomes from the project that demonstrate progress or success?

The report was very easy to understand and translated all technical issues into business risks. The final customer that asked us for the third party audit approved the report and onboarded Blaze successfully.

How effective was the workflow between your team and theirs?

The lead consultant we were assigned to was easy to understand and very responsive in Slack. Communication was seamless and flawless, couldn't be better.

What did you find most impressive about this company?

I was impressed at how they managed to find high severity issues in our platform. This had been subjected to many other audits in the past by our own internal team of penetration testers. The technical knowledge of the consultants assigned to the pentest by Binary Brotherhood was impressive.

Are there any areas for improvement?

Reporting could be slightly better looking, but I believe this is the limitation of the platform they use. Definitely not a deal breaker here.

Please describe your company and your position there.

I am the CEO of www.pima.app. Pima is used by companies looking to automate the process of sharing non-disclosure agreements and confidential documents such as Pentest results, SOC 2 reports, security policies etc

For what projects/services did your company hire Binary Brotherhood?

The Binary Brotherhood was hired to perform our 2021 Penetration Test on our web application.

What were your goals for this project?

The goal for this project was to identify any potential vulnerabilities that could put our customer data at Risk.

How did you select Binary Brotherhood?

We selected the Binary Brotherhood after they reached out to us. We have customers in a similar space and before sending out referrals to their customers, they wanted to make sure that our application was safe and secure.

Describe the project in detail.

The vendor ran a Pentest against our web application, including OWASP Top 10 and other vulnerabilities. They worked on this project for a couple of weeks and provided constant communication over Slack and emails.

What was the team composition?

There was a project lead and 2 security researchers working full time on the project.

Can you share any outcomes from the project that demonstrate progress or success?

The team was constantly communicating about the tests they were performing, the results of their findings, and produced a detailed security report explaining the tests and research that was performed.

How effective was the workflow between your team and theirs?

The team is very communicative and available. It's very easy to know what is going on at any given point.

What did you find most impressive about this company?

Their availability was great. They started very shortly after we agreed to get things started. Their feedback and constant communication were also a great benefit. They made it very easy for us to connect on Slack.

Are there any areas for improvement?

Not really. We are very satisfied with the work provided!

Please describe your company and your position there.

I am the Director and Lead Advisor of Medical IT Advisors based in Auckland, New Zealand. We are an agile advisory and managed service provider in health information governance, risk and compliance, information security testing, digital transformation and emerging technologies.

For what projects/services did your company hire Binary Brotherhood?

Our customers and us have websites and online services that require regular pen-testing and security assessments. Binary Brotherhood helped us with a couple of engagements, providing vulnerability assessments, black-, gray- and white box pen-testing services, source code review, threat modelling and security assessments.

What were your goals for this project?

Identifying vulnerabilities, threat modeling, source code review, risk review, providing recommendations and best practices on how to mitigate risks, working with us and our customers to advance the cybersecurity maturity and lower business risks.

How did you select Binary Brotherhood?

I knew Dragos from previous engagements and when we discussed our challenges we decided to engage with Binary Brotherhood to extend our team capacity and especially very specialized capability their team is bringing to us and our customers.

Describe the project in detail.

Standard pen-testing engagement following NIST, OWASP and ISACA standards, covering black-box, gray-box pentesting, source code review, threat modeling and security assessment of the infrastructure and cloud hosting. Specific details are confidential.

What was the team composition?

Project Manager and various pen-testers, depending on our application and engagement requirements. I liked working with Binary Brotherhood since they have a wide range of expertise and resources and they can select the right resource for the job.

Can you share any outcomes from the project that demonstrate progress or success?

We discovered and mitigated risks that we were not aware of, we learned new ways to mitigate vulnerabilities and develop better apps.

How effective was the workflow between your team and theirs?

Spot on, no fluff, straight-forward communication, always flexible to our requests

What did you find most impressive about this company?

We were very satisfied with our partnership with Binary Brotherhood that delivered high-quality pen-tests. They collaborating with us to meet our customer’s needs, focusing on exploitable weaknesses with zero fluff and maximum bang for the buck!

Are there any areas for improvement?

Not really, Binary Brotherhood experience to date was very satisfactory, especially during the challenging pandemic situation. We look forward to more collaboration in the future.

Please describe your company and your position there.

I am the IT Security Manager of Stepstone Group, a Germany-based employment company.

For what projects/services did your company hire Binary Brotherhood?

our company runs multiple web platforms and applications that manage a considerable amount of PII DATA. we hired BB to perform a threat modeling of out platform, identify the attack vectors and exploit them to validate the security of our platforms.

What were your goals for this project?

we were using for a long time a single pentest provider and during the course of years we evaluated more providers but I was not happy with the results.

One day I decided to perform a shadow pentest of the same application with both companies, one had 2 weeks and BinaryBrotherhood had 1 week, and the difference between the the results was suprising. BB had discovered concerning vulnerabilities in our platform that our long term provider didn't.

How did you select Binary Brotherhood?

I gave them the opportunity to show their added value as part of my due diligence activities to validate that i get the added value for my investment in pentesting.

Describe the project in detail.

the scope of the project to asses and highlight the security vulnerabilities within one of the platforms we run.

What was the team composition?

team was formed by 3 security researchers.

Can you share any outcomes from the project that demonstrate progress or success?

BinaryBrotherhood showed the added value of working with them and their security researchers. they discovered in half of the time more vulnerabilities in our platform than the other provider.

How effective was the workflow between your team and theirs?

communication with them and continuous cooperation via messaging applications like slack or teams greatly increased our speed to identify the vulnerabilities and allowed us to address them even before the end of the pentest.

What did you find most impressive about this company?

their commitment and added value for my investment in security. they confirmed my concerns and allowed me to react faster in addressing the risks.

Are there any areas for improvement?

none