> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
> Mobile App Security
Onboard your Team into your Security Challenges.
> DevSecOps
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
> Events
> Meet our experts
> Open positions
Join our team!
Youtube
Github
Gitlab
When facing a new target for vulnerability research or an unknown markware, reverse engineering capabilities are central for these analyses. Analysts must combine years of expertise with the best reverse engineering tools to solve the puzzle they face.
Different sets of tools exist, each focusing on different aspects of the problem. All tools and techniques must be combined together since any piece of information counts. However, while static tools turn out to be quite numerous and mature, the scope of dynamic tools may appear more limited and is often limited to debuggers. In addition, those tools don’t provide any solution to capture the path followed by the expert, to empower new hires with the team’s accumulated expertise and to reduce the complexity required to solve the deepest problems.
eShard has built a solution, esReven, combining a unique technology with a knowledge center. It empowers organizations and their analysts to develop and aggregate more expertise while pushing the boundaries of reverse engineering.
With our unique technology for dynamic analyses, named Full System Timeless Analysis, get visibility of a full system execution (CPU, Memory, Hardware Events, network activities, …) during a slice of time combined with the most advanced techniques to analyze any event occurring in that period.
Simultaneously examine and monitor all your systems, applications, and processes: Getting beyond the usual application level enables analyzing Windows and Linux kernel vulnerabilities, getting into applications that span multiple processes and use interprocess communications. The full system is a requirement when applying advanced algorithms like data tainting.
The Timeless Analysis provides a full system analysis environment with the ability to move at any point of time of its execution, backward or forward, in a click. Identify points of interest, follow the trail crossing processes or kernel boundaries, apply advanced techniques and algorithms. Combined with the full system visibility, getting to root causes becomes possible even for the most complex problems.
With esReven, record the runtime execution you are interested in. It captures the full system and get all corresponding internal data at any point of time. This can be achieved via a dedicated GUI, but also via API that you can call from a Jupyter Lab notebook. Why? Simply because you may be willing to seal your analysis in time and make sure that you or another person can understand the logic of your analysis and replay it.
The esReven record is central to the knowledge building process because it creates a permanent repository of use cases to maintain and spread expertise among team members. On the contrary, other tools, such as debuggers, do not have a lasting effect on the organization.
Key uses-cases:
How to go beyond a tool? Vulnerability or malware analysis is a matter of expertise. Expertise is more than tool capabilities. It is also about reconciling knowledge and tools. Our philosophy is to empower an expert team with a know-how platform.
By leveraging Jupyterlab notebooks, it is possible to build internal knowledge by calling the tool via API or built-in widgets. It becomes possible to retain or share your expertise. Ramp-up new experts and de-risk people movement. Collaboration becomes effective
eShard developed high value notebook libraries benefiting from years of R&D in dynamic analyses and good practices. This is a source of technical material, ready to use and easily applicable to your specific use case.
esReven captures a time slice of a full system execution to provide the total visibility of the system under analysis.
Move forwards and backwards through the recorded process.
Follow the data and highlight connections that are otherwise very hard to discover with other reverse engineering tools.
The analysis features are available through APIs and are combined to build powerful analysis techniques.
“esReven is the most amazing piece of software I have ever used for system-level analysis. It provides an unprecedented level of detail of the system execution state. It allows me to perform “time travel” debugging of the entire system (both kernel and user mode) with great ease. Its reverse/forward taint analysis engine is also vulnerability analysis.
It is truly a reverse engineer’s dream tool.”
“Systems are built on layers of complexity which just add new attack surfaces instead of real protection
esReven gives you the unique ability to quickly dissect the layer of complexity and discover vulnerabilities otherwise easily obscured from public security.”
“It can be very time consuming to determine if a bug is exploitable or not.
This reverse engineering platform allows us to identify the exploitability of the bug quickly.”
"esReven is the dream technology for anyone who wants to understand what a binary does time-wise. It enables to quicly get around the most complex protection mechanisms like packers, crypto, timers or even multi-stage payload. The time saved is invaluable!
The best way to analyze targeted campaigns."