Who We Are

ABDSEC is a privately held company, located in Bursa - TURKEY, specialized in offensive information security services such as [vulnerability research], [exploit development] to offer most up-to-date protection for corporations and governments.

With our core team, as well as collecting information about publicly disclosed vulnerabilities, we also provide Proof-of-Concept codes to increase your cybersecurity capabilities.

For the customers subscribed to Protection Plan [Pro], we provide technical information about in-house discovered zero day bugs, protective measures and security recommendations.

Research

For almost two decades, security researchers have discovered different kind of software flaws from low impact to high impact which leads target systems to be fully compromised by attackers.

By using different techniques, such as fuzzing, most of the mentioned flaws might be detected prior to any targeted attack. Due to the increasing attack surface day-by-day, proactive steps should be taken for all kind of critical systems.

All the windows are supposed to be closed, meanwhile one open window is enough for the thief!

Anonymous

Development

Defensive security is based on the applied protections and the mitigations with the hope of the possible highest success rate. However a simple write-what-where kind of vulnerability may easily bypass all the measurements taken. During the research period, when a new flaw is spotted, then the development cycle starts:

  • Find the execution path
  • Check the exploitability
  • Prepare PoC code
  • Bypass the mitigations
  • Prepare semi or fully functional exploit

Services

Source Code Audit

We inspect the source code of your new or existing application for security flaws. As well as manually inspecting the code, we also recompile the code with security-oriented compiler plugins, such as size overflow plugin to detect ALL kind of flaws. We specialized in high level languages such as "C", "C++" and "Java".

Contact us for a sample report

Please note that web security is OUT of our scope. We recommend you our partners for such projects!

Reverse Engineering

Unless the source code is available, we reverse engineer the existing applications no matter the target architecture is "x86", "x86-64", "ARM" or "MIPS". As well as GNU/GPL licensed debuggers, we also use commercial debuggers + decompilers for the best results.

Contact us for a sample report

Pentest

Classic penetration testing is done with the free and commercial tools, such as Nessus, Metasploit, Nmap scripts, ...

With all these publicly available tools, vulnerabilities are tested against the target system which is ONLY better than nothing.

Advanced Pentest

Besides classical pentesting, R&D companies with in-house vulnerability research capabilities offer much better penetration testing services, which is not a secret at all.

Quotation is based on the numbers of servers & clients used + devices to be tested + social engineering requested or not and many other details.

Contact us for detailed quotation

Hands-On Training

We offer hands-on training in [Bursa - TURKEY] or remote [available only to GCC countries] at your location for the subjects we specialized in. All the lectures [remote] are given in English, and the current trainings are:

  • Reverse Engineering Basics - x86
  • Linux App. Security - Exploitation
  • Linux Kernel Security - Exploitation
Contact us for training schedules/details

Malware Analysis

We perform static and dynamic malware analysis targeting linux kernel based OSes and devices [also Android apps] as to support your CSIRT.

During an exploit development process, we surprisingly discovered a malware, containing a lot of anti-debugging tricks, targeting network routers with default passwords never changed, making them a part of DDoS attacks.

Click here for the report

CryptoCurrency

As cryptocurrencies' popularity increases continuously, we offer consultancy about the technologies used in cryptocurrencies no matter the algorithm is SHA256D (Bitcoin) or Scrypt (Litecoin or Dogecoin) to help you with:

  • Technical background [blockchain]
  • Setup and Maintenance of Miners
  • Miner and Wallet Security
Click here for the conference talk [Turkish]