At Xiphos Research we work with companies who can get the most benefit from cutting-edge security services, our holistic approach is backed with decades of real-world hacking experience and provides hard-hitting insights.
Normally you are required to pay for at least one security test per year to comply with regulations; while Xiphos can check your boxes, real hackers only need one foot-hold - regardless of regulations like GDPR, PCI or ISO. Xiphos specialises in finding and exploiting such entry points.
From A to Z there are points where having security insight can help to assure the quality of the end result. Throughout the lifecycle of your project we continuously test for and identify security critical issues. Ensuring fixes before go live, not exploitation after.
By utilising a secure, proven, and bespoke remote access solution, Xiphos can test both internal and external assets on a pre-agreed cycle, or an ad-hoc basis to fully emulate the actions of a dedicated attacker who has gained access to an estate.
Xiphos hack like actual hackers. Rather than relying upon automated test suites, we actively exploit vulnerabilities within systems and estates, meaning that we report in plain English on issues that can be exploited rather than speculated about.
What does Xiphos Research Do?
Xiphos Research offers a range of security services to our clients that allow them to easily understand the threat landscape they face, and take practical counter-measures. We pride ourselves on providing timely and appropriate advice, and are steadfast in our resolve to provide services that deliver a cost effective means of combating current and emerging digital threats.
At Xiphos Research we pride ourselves on being on the cutting edge of security vulnerability research, and this deep knowledge is integrated not only into our product set but forms an essential element of our client services.
Established in 2012, Xiphos Research have decades of combined professional experience in the delivery of technical testing and assessment services. With a true technical depth of knowledge and strategic understanding, Xiphos assist our diverse international customer base in the rapid identification and mitigation of risks they face in an increasingly hostile security landscape.
Xiphos do not test like auditors. We attack like attackers, ensuring that our customer base is protected from real threats rather than suspected ones. With a focus on aggressive, goal focused testing activities tuned towards specific needs rather than a one size fits all approach, our customers can be assured that their digital defences are robust, pronounced, and effective.
The security (or otherwise) of enterprise applications has become an increasing concern over the last decade. Ensuring the security posture of external facing and internal applications has become a significant business focus. Many organisations claim to be able to deliver focused, outsourced assessment services, however Xiphos Research are unique in as much as traditionally the security assessment of web application and services security has been one of our core business areas of focus and expertise.
Xiphos Research provides our clients with a proven methodology that is backed up by industry recognised expertise coupled with a passionate and innovative approach to application and services security. Xiphos employ an approach that is focused on ensuring that not only are our clients protected from a range of current attack vectors, but can also continue to guard themselves against emerging digital threats.
Our project approach is attuned individually to suit the unique needs and criteria of our clients. It can be loosely defined as following an assessment cycle that consists of the following distinct stages:
Information Gathering and Enumeration
Attack, Exploitation and Penetration
Reporting and Documentation
Clean up and Debriefing
Each stage of the application security assessment process is conducted in the strictest confidence and with client confidentiality and safety our highest priority. As well as conducting assessment activities, it is the assertion of Xiphos Research, that results are meaningless unless they are contextual to the needs and requirements of our clients. As part of the reporting cycle we prioritise discovered vulnerabilities and analyse and verify the results. As part of the reporting cycle, Xiphos Research provide our clients with vulnerability descriptions that can be understood by all levels of personnel within client organisations but also contain mitigation strategies that easily allow vulnerabilities to be addressed in a timely and secure manner.
The application security assessment services provided by some companies consist of nothing more that scanning client services and applications with 'off the shelf' software. This is an approach that XRL are fundamentally opposed to. Although automated security applications provide a broad overview of the security of applications and services, they lack the depth that can only be provided by manual testing undertaken by experts. The security assessment activities undertaken by XRL are specifically designed to mirror the attacks and methodologies that would be employed by a knowledgeable and skilled remote attacker, and ensure that our clients are protected against people, and not just software.
Xiphos Research provides a range of specialist infrastructure security assessment services that can be performed either on an individual ah-hoc basis, or as part of a holistic and comprehensive security review. Our service offerings are designed to assist our clients in defining and defending against threats to system integrity and confidentiality, and safeguarding their digital information assets. Our specialist service offerings include:
Workstation Assessment Services - Designed to rapidly assess the security posture of large distributed workstation environments, this service offering also discovers vulnerabilities in Operating System platforms, network connectivity, and legacy system security services
IDS/IPS Assessment Services - A defensive posture is only as strong as its weakest link. This service evaluates both Intrusion Detection Systems and Intrusion Prevention Systems effectiveness at detecting and blocking attack vectors as well as seeking to bypass security mechanisms in place
Firewall Assessment Services - This service offering consists of a detailed study of perimeter firewalls, and seeks to discover any potential vulnerabilities from both a host and policy perspective.
Database Security Assessment Services - Database hosts are often correctly described the most vital assets of an organisation. This offering evaluates the configuration and security of database environments, and assists our clients in their protection
Xiphos Research has proven consistently that our infrastructure Security testing services can be delivered rapidly and consistently to a global customer base, fully addressing specific client needs and requirements.
The analysis of source code from a security perspective has traditionally been an expensive and time consuming proposition for many enterprises. Xiphos Research believes that secure code review services should be within reach for all enterprise environments, without impacting unrealistically upon either the economic or time demands of modern business.
The code review services we offer provide a cost effective and rapid means to be assured of the security posture of applications (whether developed in house or by third parties). Unlike some of our rivals we do not offer a service solely dedicated to providing our clients with an 'overview' or other 'high level' understanding of the security or otherwise of custom code bases, rather we believe in line analysis by our expert staff, can provide far more value than merely conducting interviews with development staff, and reviewing documentation.
The human analysis of source code by experienced professionals delivers best value to our clients. Although we will be the first to admit that we deploy a variety of off the shelf and custom applications to assist in the code review process (indeed, we are currently developing applications to assist developers in finding security deficits in their code) it is our assertion that senior software engineers and security specialists manually reviewing code can help minimise a variety of security threats, as well as optimising the code base. This is especially pertinent in the case of applications developed in custom language sets, or legacy applications that may not be supported by automated code review tools.
To adequately review enterprise level applications manually, and on a line by line basis within an acceptable time frames and economic limitations is no easy proposition. To deliver best value to our diverse global client base, we have developed a unique and proven three stage approach to conducting secure code reviews, namely:
Consultation: During this phase of an engagement, we seek to leverage any information that may exist to help identify any potential areas of critical security impact, as well as gathering a clear scope of what our client acceptable levels of risk are, and what their project scope is
Mapping: This stage of a project, allows our staff to gain a detailed understanding of the application architecture, components and dependencies, as well as identifying areas of security related functionalities, and potential areas of weaknesses.
Review: Following an initial mapping of the application and supporting architectures, technical specialists conduct a detailed review of the application source code using both manual techniques, as well as proprietary code analysis tools to identify security weaknesses and logical flaws that may impact upon the security and integrity of the application solution.
Wireless networks are cheap and easy to deploy, and in recent years, wireless LANs have become part of many enterprise environments and networks. The wireless security testing services offered by Xiphos Research can assist your enterprise in understanding the risks that may be introduced by adopting wireless infrastructure and methods for managing and defending against them.
The wireless security testing services offered by Xiphos Research allow our clients to develop a range of strategies for understanding and managing risks and vulnerabilities, increase market and customer confidence, adequately protect their brand image and deliver viable and long term business success. Xiphos Research wireless testing services allow our client base to assess and validate the strength, stability and integrity of wireless infrastructure by utilising our expert penetration testing services. Our depth of knowledge includes wireless networking protocols such as wireless local area networks (802.11), wireless wide area networks (GSM, UMTS, GPRS, etc.) and wireless personal area networks (Bluetooth). In addition to assessing the security of the implemented wireless estate, the wireless testing services offered by Xiphos Research allow our clients to rapidly determine any rogue Access Points in use within their estate.
Many security consulting providers are happy to solely focus upon technical risk. Although this doubtless is an essential element in any organisation improving their security posture, at Xiphos Research we ardently believe that the physical security of facilities and properties is a critical aspect of both business continuity planning and information security. Xiphos Research address this requirement with a skilled and expert team that blend real world experience and expertise to focus upon allowing our client base to develop effective physical security protections.
During a physical security test, Xiphos consultants perform inspections of both facilities and operations. Unlike many of our competitors that offer additional services (at extra cost) for covert assessment, this is included as standard as part of the XRL physical security assessment process. In addition to conducting overt site inspections, policy reviews, and interviews with key personnel to discover deviations from best practice and organisation security policy sets, Xiphos Research offer as standard, covert inspection of premises and protection mechanisms. Our physical security assessment offering encompasses covert techniques such as pretext entry, electronic signal sweeping, long range surveillance, security systems bypass, and other methods. Simply put, we can be as overt or as covert as our clients require at one fixed cost price.
Typically penetration testing activities focus upon familiar assets (e.g. the external facing IP addresses associated with a client organisations, the DMZ, the firewall instances, etc.) however, XRL strongly believe that this approach fails to provide risk assurance and may be allowing organisations to falsely believe their security posture is greater than it in actuality is. Perimeter protections have becoming increasingly resilient, but internal defences are often still a pronounced security risk.
A number of our competitors offer some client side penetration services, typically however such actions are limited in scope to spear-phishing activities, whereby they seek to manipulate legitimate users via email. Xiphos Research believes that the range of 'testing' should extend beyond sending a few emails however.
The client side security assessment activities offered by XRL include a range of test vectors. In addition to the manipulation of client personnel via malicious emails / distribution of links, Xiphos Research are adept at the creation of targeted malware, and social engineering and data collection activities. In addition to testing the endpoint security of client systems and the identification of linked sensitive systems, we can also test the efficacy of protection mechanisms (such as AV and mail gateways) that may be in place.
Not only do the client side security assessment services that we offer by identify vulnerabilities within endpoint client security and processes, but also within protection mechanisms and linked sensitive systems. In addition to purely technical attacks, we can at client request engage in focused social engineering attacks encompassing physical intrusion and telecommunications manipulation / interception.
The requirements mandated by the Data Security Standard (DSS) as issued by the PCI council clearly state that penetration testing activities must be conducted regularly by any organisation processing or storing credit card data. Xiphos Research works closely with a number of reputable QSA companies to facilitate technical penetration testing activities that encompass multiple layer attack scenarios. Many penetration testing providers approach a PCI mandated penetration testing engagement in much the same manner as any other engagement, XRL believe however that the core focus of such testing should always be concerned with the security (or otherwise) of any card holder data stored or processed by the commissioning client.
The penetration testing services provided by Xiphos Research on behalf of our clients encompass both automated and manual testing strategies and approaches. Many of our competitors are happy to provide a low skilled junior operating an automated tool as the basis of their PCI testing regimens. We believe that this approach is fundamentally flawed. Not only does it fail to provide best value to the customer, but in many situations can fail to accurately identify, exploit, and quantify risk.
As part of any ROC (Report on Compliance) we believe that an organisation, or the QSA acting on its behalf, are fully appraised of and aware of any technical weaknesses that may impact upon the security of their networks, applications, processes, and indeed, card holder data. For this reason, the PCI penetration testing services performed by Xiphos Research are always enacted by skilled and experienced professionals whose motivator is to substantiate, demonstrate, and if necessary, replicate the attack vectors included in any reporting documentation produced as part of an engagement. We do not provide sweeping and unproven technical recommendations as part of the reporting cycle, but rather seek to identify (and if possible) exploit vulnerabilities that can then be documented, understood, and addressed as part of the compliance process.
We work closely with a number of reputable international QSA companies and merchant client to provide technical testing and assessment services. Our specialist, goal focused, penetration testing services have helped some of the largest merchant groups in Europe gain compliance with PCI requirements, and truly identify and resolve risks, that automated scanners alone would not have identified.
Xiphos Research is pleased to announce that we now offer an always on solution for penetration testing activities, by way of our continuous assessment services. Traditionally one of the common deficits of penetration testing is that it can only provide a point in time snapshot of a security posture amidst ever changing risks and a seemingly constant flow of critical vulnerabilities. We believe this model is broken, fails to provide adequate risk assurance, and should be addressed by the security industry.
It is common for vendors of vulnerability assessment software solutions to offer on demand solutions for routinely scanning application and network estates; the same however does not hold true for penetration testing services. To address this, Xiphos have developed a bespoke remote access solution that can be used to assess the security of both internal and external assets on a pre-agreed cycle, or an ad-hoc, as needs, basis. This secure and proven mechanism can also be utilised to emulate the actions of a dedicated internal or external attacker with estate access, and provide empirical evidence as to the resilience of an organisation to withstanding exfiltration of sensitive data sets over time.
The continuous assessment solution offered by Xiphos offers a low cost mechanism for ensuring that our clients are protected from attackers operating beyond the time limited testing windows offered by our competitors, and is truly a unique, bespoke, and defining offering.
Various regulatory frameworks now insist upon a regular program of vulnerability assessment and penetration testing. To address this requirement many vendors offer automated vulnerability scanning which is typically conducted on a monthly or quarterly cycle with a regular program of testing at key intervals. Xiphos go beyond this to craft a solution that is truly representative of real world threat.
The Panama Papers data leak in 2015 highlights the importance of a robust security programme to protect your brand, reputation and clients. Xiphos Research has bespoke solutions to mitigate internal and external data-leaks in addition to hacking attacks and malware, we take client confidentiality seriously and focus on real risks.
Unlike many of our competitors, Xiphos attack like attackers would and do, and provide a repeatable mechanism for identifying and resolving risks in new and emerging technologies. Our penetration testing services seek to not only identify vulnerabilities but to actively and aggressively exploit them.
Knowing the security of your smart-contract and blockchains is a good first step, but ultimately they are the tip of an iceberg; many companies don't spend the same level of attention to the rest of their infrastructure and policies, often leaving them exposed in unknown ways until the worst happens. Xiphos can ensure it does (in a controlled and repeatable manner).
The clue is in the name, when it comes to Xiphos Research. When not engaged in projects for our diverse client base, our team conduct applied attack research, and cause trouble. Our latest findings are below:
Remote Root Exploit for WePresent WiPG-1000,1500,2000 devices
Joomla 3.7.0 SQL Injection Exploit (CVE-2017-8917)
TR-069 exploit for FreeACS server, disclosed at BSides Edinburgh
Screen 4.05.00 (CVE-2017-5618) Local Privilege Escalation
TR-064 Misimplementations leading to Remote Device Takeover in ZyXEL Routers
Droppler less than v.1.6.5 Authentication Bypass and Remote Code Execution
All our publicly released exploits on GitHub
The skills and real world experience of our professional team drive our research, and our services.
Mike is responsible for the day to day operations at Xiphos Research and acts as Managing Director / CEO.
Prior to launching Xiphos, Mike has worked for IT security consulting companies both large and small and has over 15 years of practical experience behind him. Mike has spoken at numerous international IT security conferences, has been published widely, and has been a guest lecturer at Leeds Beckett University. Today Mike spends the majority of his time feeling somewhat like Zarathustra, shouting out warnings about the tawdry and ineffective state of much of the IT security industry at clouds, whilst attempting to shape Xiphos into something wonderful and herd cats.
Darren heads up the applied threat research arm of Xiphos Research.
Variously describing himself as a threat choreographer and full stack arsonist, Darren oversees practical research methods and attack vectors that can be utilised during client exploitation phases of penetration testing. Prior to joining Xiphos, Darren studied Forensic Science in Galway, and made some very foolish teenage mistakes. Darren has been widely cited by industry peers and journalists, frequently speaks at international symposiums and conferences, and has been a visiting lecturer at Sheffield Hallam University.
Gavin is responsible for business and threat intelligence research on behalf of Xiphos.
When not conducting applied research into emerging threat vectors and actors, Gavin also helps to define strategy for new service-lines or expanding into new geographies, and refines our business methodologies and processes. Prior to joining Xiphos, Gavin has worked for both large and small security consulting companies internationally, and currently is responsible for managing the growth of our service divisions.
Harry is responsible for shaping the strategic direction of the security analysis and delivery of security projects for Xiphos Research and our international clients.
With a heavy focus on penetration testing of all technology stacks including web applications, network infrastructures, mobile applications and devices, Harry ensures all projects are delivered to the highest possible standards. Prior to joining Xiphos, Harry has been engaged as a lead software developer and security tester across a variety of industries and has over ten years’ practical experience in IT security.
Max is responsible for the physical security of our office environment.
When not alert to the dangers posed by external threat actors, Max can also be found licking himself. Unlike everyone else in the office, he can get away with it. Max is also a strong team player, and will happily assume responsibility for strange odours which are not his fault.
We'd really love to hear from you so why not drop us an email and we'll get back to you as soon as we can.