Threat Modeling

We believe that threat modeling is a fundamental component of system and application security, as it helps to identify and prioritize the most relevant and critical threats and countermeasures.

Applied Cryptography Code Reviews

Secure code review is a process of examining the source code of an application to identify and eliminate any security flaws or vulnerabilities that may compromise its functionality, integrity, or confidentiality.

Embedded Security

Embedded security is the process of protecting the embedded components and software on embedded devices

Cloud and Containers Security

Cloud and containers are two technologies that enable faster, more scalable, and more efficient application development and deployment. However, they also introduce new security challenges and risks that need to be addressed.

Penetration Testing

Pentesting, or penetration testing, is a simulated cyberattack on your computer system, network, or application to find and fix security vulnerabilities before hackers can exploit them.

SDLC and DevSecOps

Software development is a complex and dynamic process that requires constant collaboration and innovation. However, security is often overlooked or treated as an afterthought in the software development lifecycle (SDLC).

From our blog

ESP32, Firmware Dump

By David Robert on January 14, 2024

Dumping firmware of in-module ESP32 flash In my previous article, I wrote about secure boot. In this article, I want to demonstrate one way to dump the ESP32 in-module flash memory, which works, even if different security features are set by burning e-fuses on the chip (JTAG, UART, DFU disabled). This article aims to illustrate the need for secure boot and flash encryption. Dumping, and modifying the firmware is important for testing the mitigations for the threats identified in your device’s threat model.

Continue reading

ESP32, Secure Boot (Part 1)

By David Robert on November 26, 2023

Understanding Secure Boot ESP32 series (Part 1) This article is part of a series on the Security Features of the Espressif ESP32 microcontroller series. This includes MCUs based on the Xtensa Instruction Set (e.g. ESP32, ESP32-S3), as well as MCUs based on the RISC-V Instruction Set (e.g. ESP32-C3). This is the first article of the series, which will cover: Secure Boot V1 (AES Based Secure Boot) (this article) Secure Boot V2 (RSA Based Secure Boot) Flash encryption (AES-XTS and legacy) AES, SHA, RSA, DS and HMAC accelerators World Controller to allow isolated execution environments Introduction ESP32 SoCs are very popular System On a Chip (SoC) microcontrollers made by the company Espressif.

Continue reading

Audio IoT

By David Robert on April 11, 2023

Audio-net: an IoT audio device based on ESP32 SoC This is a prototype of an internet and Bluetooth connected music device. The hardware used supports, and has been tested to do the following: Audio inputs can be looped over, recorded to SD card, uploaded to the cloud. Audio input can be a codec input or a Bluetooth A2DP source. Mixing of multiple sound inputs. Wi-Fi connection to stream audio (to the cloud, or from the cloud).

Continue reading