Professional Troublecausing

The Xiphos Difference

At Xiphos Research we work with companies who can get the most benefit from cutting-edge security services, our holistic approach is backed with decades of real-world hacking experience and provides hard-hitting insights.

Beyond Compliance

Normally you are required to pay for at least one security test per year to comply with regulations; while Xiphos can check your boxes, real hackers only need one foot-hold - regardless of regulations like GDPR, PCI or ISO. Xiphos specialises in finding and exploiting such entry points.

Full Project Cycle

From A to Z there are points where having security insight can help to assure the quality of the end result. Throughout the lifecycle of your project we continuously test for and identify security critical issues. Ensuring fixes before go live, not exploitation after.

Continuous Assessment

By utilising a secure, proven, and bespoke remote access solution, Xiphos can test both internal and external assets on a pre-agreed cycle, or an ad-hoc basis to fully emulate the actions of a dedicated attacker who has gained access to an estate.

Active Attacks

Xiphos hack like actual hackers. Rather than relying upon automated test suites, we actively exploit vulnerabilities within systems and estates, meaning that we report in plain English on issues that can be exploited rather than speculated about.

Service Features

Contact Us

Request a callback today on 0800 404 5818

or drop us a line on

Security Services

What does Xiphos Research Do?

Xiphos Research offers a range of security services to our clients that allow them to easily understand the threat landscape they face, and take practical counter-measures. We pride ourselves on providing timely and appropriate advice, and are steadfast in our resolve to provide services that deliver a cost effective means of combating current and emerging digital threats.

At Xiphos Research we pride ourselves on being on the cutting edge of security vulnerability research, and this deep knowledge is integrated not only into our product set but forms an essential element of our client services.

Established in 2012, Xiphos Research have decades of combined professional experience in the delivery of technical testing and assessment services. With a true technical depth of knowledge and strategic understanding, Xiphos assist our diverse international customer base in the rapid identification and mitigation of risks they face in an increasingly hostile security landscape.

Xiphos do not test like auditors. We attack like attackers, ensuring that our customer base is protected from real threats rather than suspected ones. With a focus on aggressive, goal focused testing activities tuned towards specific needs rather than a one size fits all approach, our customers can be assured that their digital defences are robust, pronounced, and effective.

Application Security Testing

The security (or otherwise) of enterprise applications has become an increasing concern over the last decade. Ensuring the security posture of external facing and internal applications has become a significant business focus. Many organisations claim to be able to deliver focused, outsourced assessment services, however Xiphos Research are unique in as much as traditionally the security assessment of web application and services security has been one of our core business areas of focus and expertise.

Xiphos Research provides our clients with a proven methodology that is backed up by industry recognised expertise coupled with a passionate and innovative approach to application and services security. Xiphos employ an approach that is focused on ensuring that not only are our clients protected from a range of current attack vectors, but can also continue to guard themselves against emerging digital threats.

Our project approach is attuned individually to suit the unique needs and criteria of our clients. It can be loosely defined as following an assessment cycle that consists of the following distinct stages:

Information Gathering and Enumeration
Vulnerability Identification
Attack, Exploitation and Penetration
Privilege Escalation
Reporting and Documentation
Clean up and Debriefing

Each stage of the application security assessment process is conducted in the strictest confidence and with client confidentiality and safety our highest priority. As well as conducting assessment activities, it is the assertion of Xiphos Research, that results are meaningless unless they are contextual to the needs and requirements of our clients. As part of the reporting cycle we prioritise discovered vulnerabilities and analyse and verify the results. As part of the reporting cycle, Xiphos Research provide our clients with vulnerability descriptions that can be understood by all levels of personnel within client organisations but also contain mitigation strategies that easily allow vulnerabilities to be addressed in a timely and secure manner.

The application security assessment services provided by some companies consist of nothing more that scanning client services and applications with 'off the shelf' software. This is an approach that XRL are fundamentally opposed to. Although automated security applications provide a broad overview of the security of applications and services, they lack the depth that can only be provided by manual testing undertaken by experts. The security assessment activities undertaken by XRL are specifically designed to mirror the attacks and methodologies that would be employed by a knowledgeable and skilled remote attacker, and ensure that our clients are protected against people, and not just software.

Infrastructure Security Testing

Xiphos Research provides a range of specialist infrastructure security assessment services that can be performed either on an individual ah-hoc basis, or as part of a holistic and comprehensive security review. Our service offerings are designed to assist our clients in defining and defending against threats to system integrity and confidentiality, and safeguarding their digital information assets. Our specialist service offerings include:

Workstation Assessment Services - Designed to rapidly assess the security posture of large distributed workstation environments, this service offering also discovers vulnerabilities in Operating System platforms, network connectivity, and legacy system security services

IDS/IPS Assessment Services - A defensive posture is only as strong as its weakest link. This service evaluates both Intrusion Detection Systems and Intrusion Prevention Systems effectiveness at detecting and blocking attack vectors as well as seeking to bypass security mechanisms in place

Firewall Assessment Services - This service offering consists of a detailed study of perimeter firewalls, and seeks to discover any potential vulnerabilities from both a host and policy perspective.

Database Security Assessment Services - Database hosts are often correctly described the most vital assets of an organisation. This offering evaluates the configuration and security of database environments, and assists our clients in their protection

Xiphos Research has proven consistently that our infrastructure Security testing services can be delivered rapidly and consistently to a global customer base, fully addressing specific client needs and requirements.

Source Code Review

The analysis of source code from a security perspective has traditionally been an expensive and time consuming proposition for many enterprises. Xiphos Research believes that secure code review services should be within reach for all enterprise environments, without impacting unrealistically upon either the economic or time demands of modern business.

The code review services we offer provide a cost effective and rapid means to be assured of the security posture of applications (whether developed in house or by third parties). Unlike some of our rivals we do not offer a service solely dedicated to providing our clients with an 'overview' or other 'high level' understanding of the security or otherwise of custom code bases, rather we believe in line analysis by our expert staff, can provide far more value than merely conducting interviews with development staff, and reviewing documentation.

The human analysis of source code by experienced professionals delivers best value to our clients. Although we will be the first to admit that we deploy a variety of off the shelf and custom applications to assist in the code review process (indeed, we are currently developing applications to assist developers in finding security deficits in their code) it is our assertion that senior software engineers and security specialists manually reviewing code can help minimise a variety of security threats, as well as optimising the code base. This is especially pertinent in the case of applications developed in custom language sets, or legacy applications that may not be supported by automated code review tools.

To adequately review enterprise level applications manually, and on a line by line basis within an acceptable time frames and economic limitations is no easy proposition. To deliver best value to our diverse global client base, we have developed a unique and proven three stage approach to conducting secure code reviews, namely:

Consultation: During this phase of an engagement, we seek to leverage any information that may exist to help identify any potential areas of critical security impact, as well as gathering a clear scope of what our client acceptable levels of risk are, and what their project scope is

Mapping: This stage of a project, allows our staff to gain a detailed understanding of the application architecture, components and dependencies, as well as identifying areas of security related functionalities, and potential areas of weaknesses.

Review: Following an initial mapping of the application and supporting architectures, technical specialists conduct a detailed review of the application source code using both manual techniques, as well as proprietary code analysis tools to identify security weaknesses and logical flaws that may impact upon the security and integrity of the application solution.

Wireless Security Testing

Wireless networks are cheap and easy to deploy, and in recent years, wireless LANs have become part of many enterprise environments and networks. The wireless security testing services offered by Xiphos Research can assist your enterprise in understanding the risks that may be introduced by adopting wireless infrastructure and methods for managing and defending against them.

The wireless security testing services offered by Xiphos Research allow our clients to develop a range of strategies for understanding and managing risks and vulnerabilities, increase market and customer confidence, adequately protect their brand image and deliver viable and long term business success. Xiphos Research wireless testing services allow our client base to assess and validate the strength, stability and integrity of wireless infrastructure by utilising our expert penetration testing services. Our depth of knowledge includes wireless networking protocols such as wireless local area networks (802.11), wireless wide area networks (GSM, UMTS, GPRS, etc.) and wireless personal area networks (Bluetooth). In addition to assessing the security of the implemented wireless estate, the wireless testing services offered by Xiphos Research allow our clients to rapidly determine any rogue Access Points in use within their estate.

Physical Security Testing

Many security consulting providers are happy to solely focus upon technical risk. Although this doubtless is an essential element in any organisation improving their security posture, at Xiphos Research we ardently believe that the physical security of facilities and properties is a critical aspect of both business continuity planning and information security. Xiphos Research address this requirement with a skilled and expert team that blend real world experience and expertise to focus upon allowing our client base to develop effective physical security protections.

During a physical security test, Xiphos consultants perform inspections of both facilities and operations. Unlike many of our competitors that offer additional services (at extra cost) for covert assessment, this is included as standard as part of the XRL physical security assessment process. In addition to conducting overt site inspections, policy reviews, and interviews with key personnel to discover deviations from best practice and organisation security policy sets, Xiphos Research offer as standard, covert inspection of premises and protection mechanisms. Our physical security assessment offering encompasses covert techniques such as pretext entry, electronic signal sweeping, long range surveillance, security systems bypass, and other methods. Simply put, we can be as overt or as covert as our clients require at one fixed cost price.

Client-side Security Testing

Typically penetration testing activities focus upon familiar assets (e.g. the external facing IP addresses associated with a client organisations, the DMZ, the firewall instances, etc.) however, XRL strongly believe that this approach fails to provide risk assurance and may be allowing organisations to falsely believe their security posture is greater than it in actuality is. Perimeter protections have becoming increasingly resilient, but internal defences are often still a pronounced security risk.

A number of our competitors offer some client side penetration services, typically however such actions are limited in scope to spear-phishing activities, whereby they seek to manipulate legitimate users via email. Xiphos Research believes that the range of 'testing' should extend beyond sending a few emails however.

The client side security assessment activities offered by XRL include a range of test vectors. In addition to the manipulation of client personnel via malicious emails / distribution of links, Xiphos Research are adept at the creation of targeted malware, and social engineering and data collection activities. In addition to testing the endpoint security of client systems and the identification of linked sensitive systems, we can also test the efficacy of protection mechanisms (such as AV and mail gateways) that may be in place.

Not only do the client side security assessment services that we offer by identify vulnerabilities within endpoint client security and processes, but also within protection mechanisms and linked sensitive systems. In addition to purely technical attacks, we can at client request engage in focused social engineering attacks encompassing physical intrusion and telecommunications manipulation / interception.

Compliance Driven Testing

The requirements mandated by the Data Security Standard (DSS) as issued by the PCI council clearly state that penetration testing activities must be conducted regularly by any organisation processing or storing credit card data. Xiphos Research works closely with a number of reputable QSA companies to facilitate technical penetration testing activities that encompass multiple layer attack scenarios. Many penetration testing providers approach a PCI mandated penetration testing engagement in much the same manner as any other engagement, XRL believe however that the core focus of such testing should always be concerned with the security (or otherwise) of any card holder data stored or processed by the commissioning client.

The penetration testing services provided by Xiphos Research on behalf of our clients encompass both automated and manual testing strategies and approaches. Many of our competitors are happy to provide a low skilled junior operating an automated tool as the basis of their PCI testing regimens. We believe that this approach is fundamentally flawed. Not only does it fail to provide best value to the customer, but in many situations can fail to accurately identify, exploit, and quantify risk.

As part of any ROC (Report on Compliance) we believe that an organisation, or the QSA acting on its behalf, are fully appraised of and aware of any technical weaknesses that may impact upon the security of their networks, applications, processes, and indeed, card holder data. For this reason, the PCI penetration testing services performed by Xiphos Research are always enacted by skilled and experienced professionals whose motivator is to substantiate, demonstrate, and if necessary, replicate the attack vectors included in any reporting documentation produced as part of an engagement. We do not provide sweeping and unproven technical recommendations as part of the reporting cycle, but rather seek to identify (and if possible) exploit vulnerabilities that can then be documented, understood, and addressed as part of the compliance process.

We work closely with a number of reputable international QSA companies and merchant client to provide technical testing and assessment services. Our specialist, goal focused, penetration testing services have helped some of the largest merchant groups in Europe gain compliance with PCI requirements, and truly identify and resolve risks, that automated scanners alone would not have identified.

Continuous Assessment

Xiphos Research is pleased to announce that we now offer an always on solution for penetration testing activities, by way of our continuous assessment services. Traditionally one of the common deficits of penetration testing is that it can only provide a point in time snapshot of a security posture amidst ever changing risks and a seemingly constant flow of critical vulnerabilities. We believe this model is broken, fails to provide adequate risk assurance, and should be addressed by the security industry.

It is common for vendors of vulnerability assessment software solutions to offer on demand solutions for routinely scanning application and network estates; the same however does not hold true for penetration testing services. To address this, Xiphos have developed a bespoke remote access solution that can be used to assess the security of both internal and external assets on a pre-agreed cycle, or an ad-hoc, as needs, basis. This secure and proven mechanism can also be utilised to emulate the actions of a dedicated internal or external attacker with estate access, and provide empirical evidence as to the resilience of an organisation to withstanding exfiltration of sensitive data sets over time.

The continuous assessment solution offered by Xiphos offers a low cost mechanism for ensuring that our clients are protected from attackers operating beyond the time limited testing windows offered by our competitors, and is truly a unique, bespoke, and defining offering.

Are you ready to start a conversation?

Get in touch

Specialist Industries

Financial Services

Various regulatory frameworks now insist upon a regular program of vulnerability assessment and penetration testing. To address this requirement many vendors offer automated vulnerability scanning which is typically conducted on a monthly or quarterly cycle with a regular program of testing at key intervals. Xiphos go beyond this to craft a solution that is truly representative of real world threat.

Legal Services

The Panama Papers data leak in 2015 highlights the importance of a robust security programme to protect your brand, reputation and clients. Xiphos Research has bespoke solutions to mitigate internal and external data-leaks in addition to hacking attacks and malware, we take client confidentiality seriously and focus on real risks.

Emerging Technologies

Unlike many of our competitors, Xiphos attack like attackers would and do, and provide a repeatable mechanism for identifying and resolving risks in new and emerging technologies. Our penetration testing services seek to not only identify vulnerabilities but to actively and aggressively exploit them.

Financial Technology

Knowing the security of your smart-contract and blockchains is a good first step, but ultimately they are the tip of an iceberg; many companies don't spend the same level of attention to the rest of their infrastructure and policies, often leaving them exposed in unknown ways until the worst happens. Xiphos can ensure it does (in a controlled and repeatable manner).

Are you ready to start a conversation?

Get in touch

Our Research

The clue is in the name, when it comes to Xiphos Research. When not engaged in projects for our diverse client base, our team conduct applied attack research, and cause trouble. Our latest findings are below:

Public Exploits


Remote Root Exploit for WePresent WiPG-1000,1500,2000 devices


Joomla 3.7.0 SQL Injection Exploit (CVE-2017-8917)


TR-069 exploit for FreeACS server, disclosed at BSides Edinburgh


Screen 4.05.00 (CVE-2017-5618) Local Privilege Escalation


TR-064 Misimplementations leading to Remote Device Takeover in ZyXEL Routers


Droppler less than v.1.6.5 Authentication Bypass and Remote Code Execution

Exploit Repo

All our publicly released exploits on GitHub

Are you ready to start a conversation?

Get in touch

Our Team

The skills and real world experience of our professional team drive our research, and our services.

Who are we anyway?


Managing Director

View Profile



Senior Researcher

View Profile



Business Intelligence Research

View Profile



Senior Analyst

View Profile



Head of Security

View Profile


Contact Us

We'd really love to hear from you so why not drop us an email and we'll get back to you as soon as we can.

+44 0800 404 5818

UK HQ: 58 Spencer Street, Birmingham, United Kingdom

Back to Top