Our core mission is to drive long-lasting best security practices for companies around the world, stop intrusions, and kill some awesome bugs along the way.


Services

Architecture Reviews

Get an overarching assessment of your behaviors and technology and defend against current and future threats by ensuring best security practices.

Security Assessments

We specialise in security design & reviews, code audits, and blackbox security testing.

Red Teaming

Test your team's incident response readiness and the effectiveness of your security tools before a real attack ever happens with a realistic attack simulation.

Security Training

We offer Secure Development courses, Offensive Security training, Incident Response Readiness teaching, and more.

Capture The Flag

Want to run a hacking competition? We can build and host it with uniquely crafted challenges tailored to your niche and your players.

Research & Development

Whether you're building cutting edge security technology or looking for advanced reverse engineering skills, we're ready to hear more about your tough engineering challenges.

Our Blog

02-03-2021

VDSO can be used as a KASLR oracle with Speculative Sidechannels

A Samsung RKP Compendium

01-04-2021

A deep dive into Samsung's RKP security technology, covering a bonus bug that would allow EL1->EL2 privilege escalation which was patched.

Exploiting a Single Instruction Race Condition in Binder (CVE-2020-0423)

12-20-2020

In this post, we discuss how to exploit an Android Linux Kernel LPE in the binder subsystem.

Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets August 18 2017

While reviewing attack surfaces on iOS for potential sandbox escapes, we uncovered a critical flaw in a custom Off-The-Record implementation relied upon by iCloud Keychain Sync in addition to a memory trespass error (CVE-2017–2451). The flaws were reported and addressed in one of Apple’s latest security updates. We are currently not aware of any additional uses of the custom OTR implementation.

Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery Jun 8 2017

About two years ago, Eduardo Vela pointed out that the Navigator Beacon API can be used to exploit "accidentally-CSRF safe" websites. Philip Olausson and I recently noticed Chrome 59, which just shipped, addressed this behavior and we investigated a Flash bypass.

Linux & Cloud Security Operations Training Apr 18 2017

At Longterm Security, we provide training for organizations looking to build up or improve their in-house Security Operations capabilities. Our other trainings include offensive security training which focuses on reverse engineering, vulnerability discovery, and bypassing exploit mitigations.We also have defensive security training for security design reviews, secure coding and testing methodology.

G Suite Security Tips — That One Weird Multifactor Trick to Stop Phishing & Account Takeovers on Your Domain Apr 18 2017

Over the years there have been numerous high-profile attacks that have compromised accounts hosted on Google Mail or the G Suite. There are some highly effective measures that can be taken to help prevent these scenarios. And the most important tip is probably…

Contact us today about working together

Social Media
Twitter
Call Us

U.S. +1 (914) 623 8471

Social Media
Twitter

© 2020 Longterm Security, Inc.