Research Consultancy

Research Consultancy

Our Research team has extensive experience in corporate cyber security, as well as military, government and law enforcement sectors.

Context has completed bespoke research projects for clients across a wide range of topics and platforms. Previous customers include global technology vendors, corporate and government organisations. The common factors in most projects are our approach and our skill set: we specialise in agile, short to medium-term projects that require a mix of reverse engineering, protocol analysis, vulnerability research and development skills.

Our team have a real mix of skills and experience, but share a core set of reverse engineering, vulnerability research and software development skills. These skills reflect our collective backgrounds in tech companies, penetration testing, academia, government, law enforcement and the military. In addition, the team members have a range of specialism, from web browsers to RF, mobile to embedded.

How we can help

Research Consultancy is an entirely bespoke service primarily to assist government and commercial organisations with specialist requirements that fall outside the scope of conventional penetration testing. This can be a holistic assessment of a technology or platform or focussed reverse engineering, protocol analysis, vulnerability research or development of a proof of concept.

Consultancy projects are rarely routine – each project is tailored to the task and requirements. We can work with you to determine a suitable scope for your requirements. If you're interested in how we'd approach a task then ask us for a proposal.

Our skills

Reverse Engineering

Our team has extensive expertise in software, firmware and hardware reverse engineering. This includes OS internals, knowledge of standard security protections like DEP and ASLR, and covers all the major platforms. The team has experience in static and dynamic reverse engineering on ARM (AARCH32 and AARCH64), x86/x64 and MIPS, using industry standard tools such as IDA Pro and WinDbg.

Vulnerability Research

Context has a proven track record in finding vulnerabilities in a wide range of technologies and platforms. This includes the exploitation of different security flaws, and the circumvention of modern defensive techniques. As a guide our experience includes, but is not limited to, Apache, Microsoft .NET, VMWare, Mozilla Firefox, SAP, Citrix, smart light bulbs, wireless printers, fitness trackers, smart thermostats, network appliances, smart TVs, burglar alarms, mobile phones, games consoles and vehicles. For examples of our public research read our blogs.

Protocol Analysis

Context’s research team has significant experience in the analysis of proprietary and standard communication protocols. From parsing serial messages for process control in industrial control systems to intercepting and demodulating frequency hopping RF waveforms, we can work with any bit stream to reassemble the application layer protocol and extract the information contained within.

Bespoke development

Context’s team has a range of software, firmware, hardware and networking skills that are used to develop bespoke security tools and techniques. Much of our work results in the development of proofs-of-concept, and other projects have required us to deliver example implants and exploits, fuzzing frameworks, scripts, mobile applications and even custom PCBs and hardware devices.

Contact us

Get in touch to see how we can help.

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA