Services

The typical engagement begins with a penetration test in order to assess the capabilities of the development and/or operations programs.  This is then followed up with an onsite consultation to work with managers and developers to fill in the gaps of their security practices.  We then provide consulting to improve and streamline the Software Development Lifecycle. We will also work closely with your staff to improve its long term operational and development practices, to ensure sound security practices are effectively integrated into the daily routine of an organization.

 

Executive Instruments has worked with clients both large and small to provide a variety of technical services.  Past work includes:

  • Developing a custom system to automate the creation of over 8,000 active directory enabled smart card based access control key cards in less than 72 hours enabling a client meet their location moving deadlines saving them over 18 million in fees.
  • Optimizing the Systems Development Life Cycle for clients by teaching their developers how to spot software bugs and write exploits through the creative use of games and peer review, noticeably lowering the cost of the entire development program.
  • Performing security research for a consortium of banking institutions in order to identify new and evolving techniques employed by malware authors to steal online banking credentials and other identity related information.
  • Performing computer network intrusion postmortem incident response and forensics leading to the conviction of the intruder.
  • Working with law enforcement and private industry to track computer criminals leading to the recovery of stolen intellectual property.
  • Performing a wide variety of extensive penetration tests against networks, applications, embedded systems, human processes, and operating systems using a combination of black box, white box, and gray box techniques.

 

­­­­Software Assessments
Executive Instruments offers cutting edge software assessment services designed to help your organization secure its core operations. We offer both black and white box testing capabilities and can easily integrate it into your existing software development cycle.

Executive Instruments offers source code level software analysis where we inspect the source code of custom applications searching for security vulnerabilities, bad development practices, potential scalability issues, business logic holes, potential backdoors.  Executive Instruments prides itself on not simply dropping off a report of our findings but being able to work with developers to educate and train them to not only fix the issues but to also avoid similar mistakes in the future.  Through teaching defensive coding styles, developers can be taught to avoid entire vulnerability classes as well as to recognize mistakes in their peer’s codes.

Our consulting services will help your organization analyze and streamline its Software Development Lifecycle (SDL).  This includes analyzing deficiencies in development design, processes, testing, and bodies of knowledge.  Executive Instruments promotes integrating security into the design, development, and testing processes through the use of early and often code reviews, fuzzing, unit testing, and security domain knowledge bases.

Executive Instruments also offers assessments of closed source and COTS products to allow an organization to assess their associated risk in software that they may not necessarily maintain or have access to source code.  Executive Instruments makes extensive use of reverse engineering, fuzzing, and debugging to gage the proficiency in security of 3rd party products.

Incident Response
Executive Instruments offers around the clock incident response and post intrusion analysis.  We specialize in memory forensics and are capable of analyzing known or new species of malware to document the capabilities and sophistication of an attacker.  We can also do disk and network level forensics as well as extensive log analysis and datamining.

Penetration Testing

Executive Instruments offers a highly skilled penetration testing team that is capable of steal system penetration.  We have discovered many zero day vulnerabilities in custom and COTS applications, as well as breakdowns in human trust and policy or training weaknesses through the use of clever social engineering attacks.  We can test the physical and digital defenses of your organization and provide top notch consulting on how to improve weaknesses in your organization’s security posture.

Executive Instruments also offers a less intrusive network risk assessment process in which no vulnerabilities are actually compromised. However, we believe this is a less definitive approach than a complete penetration test

Security Information Event Management

Executive Instruments employs some of the world’s foremost experts in designing, customizing, modeling, deploying, extending, testing, and operating security information event management systems.