Context has completed bespoke research projects for clients across a wide range of topics and platforms. Previous customers include global technology vendors, corporate and government organisations. The common factors in most projects are our approach and our skill set: we specialise in agile, short to medium-term projects that require a mix of reverse engineering, protocol analysis, vulnerability research and development skills.
Our team have a real mix of skills and experience, but share a core set of reverse engineering, vulnerability research and software development skills. These skills reflect our collective backgrounds in tech companies, penetration testing, academia, government, law enforcement and the military. In addition, the team members have a range of specialism, from web browsers to RF, mobile to embedded.
How we can help
Research Consultancy is an entirely bespoke service primarily to assist government and commercial organisations with specialist requirements that fall outside the scope of conventional penetration testing. This can be a holistic assessment of a technology or platform or focussed reverse engineering, protocol analysis, vulnerability research or development of a proof of concept.
Consultancy projects are rarely routine – each project is tailored to the task and requirements. We can work with you to determine a suitable scope for your requirements. If you're interested in how we'd approach a task then ask us for a proposal.
Our team has extensive expertise in software, firmware and hardware reverse engineering. This includes OS internals, knowledge of standard security protections like DEP and ASLR, and covers all the major platforms. The team has experience in static and dynamic reverse engineering on ARM (AARCH32 and AARCH64), x86/x64 and MIPS, using industry standard tools such as IDA Pro and WinDbg.
Context has a proven track record in finding vulnerabilities in a wide range of technologies and platforms. This includes the exploitation of different security flaws, and the circumvention of modern defensive techniques. As a guide our experience includes, but is not limited to, Apache, Microsoft .NET, VMWare, Mozilla Firefox, SAP, Citrix, smart light bulbs, wireless printers, fitness trackers, smart thermostats, network appliances, smart TVs, burglar alarms, mobile phones, games consoles and vehicles. For examples of our public research read our blogs.
Context’s research team has significant experience in the analysis of proprietary and standard communication protocols. From parsing serial messages for process control in industrial control systems to intercepting and demodulating frequency hopping RF waveforms, we can work with any bit stream to reassemble the application layer protocol and extract the information contained within.
Context’s team has a range of software, firmware, hardware and networking skills that are used to develop bespoke security tools and techniques. Much of our work results in the development of proofs-of-concept, and other projects have required us to deliver example implants and exploits, fuzzing frameworks, scripts, mobile applications and even custom PCBs and hardware devices.