We Find The Needles In Your Software Haystack
Security Insight, Tailored To Your Needs.
We are Taszk Security Labs, a research-oriented security consultancy outfit. We provide customized solutions for unique security challenges in the embedded, mobile, automotive, wireless, and telecommunication technology sectors. See how you can enlist TASZK to improve your security ROI:
One Step Ahead With Cutting Edge R&D
We work in technology fields where the old adage 'change is the only constant' rings especially true. Continous innovation allows us to meet emerging challenges. Just as importantly, we are proud of our roots as a hacker collective - TASZK has grown out of the !SpamAndHex CTF team - and we continue to honor that legacy of knowledge sharing by contributing to public research. To find out more about original research from TASZK Security Labs, check out our Research page!
A BATTLE TESTED APPROACH TO IT SECURITY
Our approach has been informed by our experiences on both sides of IT security: offense and defense. These are the pillars of our work methodology, inspired by icons of industry, science, and art:
We always look for challenges that require new solutions via applied research. As a boutique outfit, we believe that we can provide the greatest value to our customers when they are looking for new insights, not the application of well-established and generalized processes at a quick-fire pace. Solving hard problems via deep expertise and relentless focus - that’s our bread and butter. At the end of the day, what drives us is our curiosity: a desire to understand complex systems we are fascinated by.
Tailored to Fit
No two systems, codebases, or exploits are the same. We understand well the limitations of COTS solutions when it comes to the unique challenges of the mobile, embedded, automotive fields. From building custom emulators and writing our own debuggers and fuzzers to dealing with proprietary black-box architecture designs in vulnerability development - we know better than to rely on one-size-fits-all scanner tools. For this reason, we don’t compete in the pentesting space where turnaround of assessments is measured in days if not hours. In this sense, our approach to unique problems comes from our respect for the weird and wonderful machines that we take on.
Among cliches of IT security, “think like an attacker” surely takes the cake. And yet, for all the red teaming and threat modelling in the world, offense wins out more often than not. Why is that? We believe that the answer lies in what Spender has dubbed the logical fallacy of cargo cult security: taking things out of their originally useful narrow context and replicating them in different settings hoping for the same result. Instead of mantras like "make attacks harder" and "better than nothing", we are focused on tactical exploitation - how it can be done and how it can be countered. We leverage our real life experiences in both offense and defense to identify solutions that make a real impact: just like your adversaries do.
Hackers at Heart
Our founding members have met each other in the !SpamAndHex CTF team. TASZK was born when we asked ourselves: “Could we turn this into our day jobs without losing the fun parts?” Enabling our researchers to find that thrill of solving puzzles in everyday work remains our priority. Our prior experiences in organizations huge and small have also taught us about the importance of maintaining a healthy work-life balance and protecting our own from losing themselves in the grind. For these reasons, we cherish the time that we dedicate to our own independent research and we pursue engaging and challenging assignments that allow us to remain what we have always been - hackers at heart.
Always Be Honest
We couldn’t agree more with the sentiment expressed in the quote from lcamtuf. Our pledge to our clients is this: if you put your trust in us, we will never BS you. We are humble enough to understand the limitations of our own knowledge and resources. We like hard challenges as much as the next guy, but we don’t conflate that with making pie-in-the-sky promises. Underpromise, overdeliver - it may not be the flashiest sales technique, but it is what we believe in. Even if it means passing on a project or two.
Keep It Simple
Understanding the difference between stunt hacking and tactical deployment is key to delivering value for our customers. There is a place for “dozen bug exploit chains” and “automated everything” defensive silver bullet pursuits in our industry, but that place is not where you’ll find TASZK Security Labs. We hold that powerful results do not come from eliminating the most labor intensive resource in vulnerability research: manual work and insight. We’ll turn to neural networks or evolutionary fuzzers when we need to, but we won’t overcomplicate proposals just for the sake of it. In the words of Dr. Raid from his hacker song magnum opus Nice Report: “Since when do buzzwords make you elite?”