We Find The Needles In Your Software Haystack

Security Insight, Tailored To Your Needs.

We are Taszk Security Labs, a research-oriented security consultancy outfit. We provide customized solutions for unique security challenges in the embedded, mobile, automotive, wireless, and telecommunication technology sectors. See how you can enlist TASZK to improve your security ROI:

.

One Step Ahead With Cutting Edge R&D

We work in technology fields where the old adage 'change is the only constant' rings especially true. Continous innovation allows us to meet emerging challenges. Just as importantly, we are proud of our roots as a hacker collective - TASZK has grown out of the !SpamAndHex CTF team - and we continue to honor that legacy of knowledge sharing by contributing to public research. To find out more about original research from TASZK Security Labs, check out our Research page!

A BATTLE TESTED APPROACH TO IT SECURITY

Our approach has been informed by our experiences on both sides of IT security: offense and defense. These are the pillars of our work methodology, inspired by icons of industry, science, and art:

user-thumb-one
Research Oriented
user-thumb-one
Tailored to Fit
user-thumb-one
Attacker Mindset
user-thumb-one
Hackers at Heart
user-thumb-one
Always Be Honest
user-thumb-one
Keep It Simple

Research Oriented

We always look for challenges that require new solutions via applied research. As a boutique outfit, we believe that we can provide the greatest value to our customers when they are looking for new insights, not the application of well-established and generalized processes at a quick-fire pace. Solving hard problems via deep expertise and relentless focus - that’s our bread and butter. At the end of the day, what drives us is our curiosity: a desire to understand complex systems we are fascinated by.

"I just wondered how things were put together."
Claude Shannon

Tailored to Fit

No two systems, codebases, or exploits are the same. We understand well the limitations of COTS solutions when it comes to the unique challenges of the mobile, embedded, automotive fields. From building custom emulators and writing our own debuggers and fuzzers to dealing with proprietary black-box architecture designs in vulnerability development - we know better than to rely on one-size-fits-all scanner tools. For this reason, we don’t compete in the pentesting space where turnaround of assessments is measured in days if not hours. In this sense, our approach to unique problems comes from our respect for the weird and wonderful machines that we take on.

"Machines take me by surprise with great frequency."
Alan Turing

Attacker Mindset

Among cliches of IT security, “think like an attacker” surely takes the cake. And yet, for all the red teaming and threat modelling in the world, offense wins out more often than not. Why is that? We believe that the answer lies in what Spender has dubbed the logical fallacy of cargo cult security: taking things out of their originally useful narrow context and replicating them in different settings hoping for the same result. Instead of mantras like "make attacks harder" and "better than nothing", we are focused on tactical exploitation - how it can be done and how it can be countered. We leverage our real life experiences in both offense and defense to identify solutions that make a real impact: just like your adversaries do.

"Crypto will not be broken, it will by bypassed."
Adi Shamir

Hackers at Heart

Our founding members have met each other in the !SpamAndHex CTF team. TASZK was born when we asked ourselves: “Could we turn this into our day jobs without losing the fun parts?” Enabling our researchers to find that thrill of solving puzzles in everyday work remains our priority. Our prior experiences in organizations huge and small have also taught us about the importance of maintaining a healthy work-life balance and protecting our own from losing themselves in the grind. For these reasons, we cherish the time that we dedicate to our own independent research and we pursue engaging and challenging assignments that allow us to remain what we have always been - hackers at heart.

"Do what you like, and then you will do your best."
Katherine Johnson

Always Be Honest

We couldn’t agree more with the sentiment expressed in the quote from lcamtuf. Our pledge to our clients is this: if you put your trust in us, we will never BS you. We are humble enough to understand the limitations of our own knowledge and resources. We like hard challenges as much as the next guy, but we don’t conflate that with making pie-in-the-sky promises. Underpromise, overdeliver - it may not be the flashiest sales technique, but it is what we believe in. Even if it means passing on a project or two.

“There is nothing more dangerous than a security expert who goes off script (and starts dispensing authoritatively-sounding but bogus advice on a topic they know very little about).”
Michał Zalewski

Keep It Simple

Understanding the difference between stunt hacking and tactical deployment is key to delivering value for our customers. There is a place for “dozen bug exploit chains” and “automated everything” defensive silver bullet pursuits in our industry, but that place is not where you’ll find TASZK Security Labs. We hold that powerful results do not come from eliminating the most labor intensive resource in vulnerability research: manual work and insight. We’ll turn to neural networks or evolutionary fuzzers when we need to, but we won’t overcomplicate proposals just for the sake of it. In the words of Dr. Raid from his hacker song magnum opus Nice Report: “Since when do buzzwords make you elite?”

"I am sick to death of cleverness. Everybody is clever nowadays."
Oscar Wilde

LET'S WORK TOGETHER