> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
> Mobile App Security
Know the threats and risks of your Mobile App.
> DevSecOps
Integrate the security protections verification in your CI/CD pipeline.
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
> Events
> Meet our experts
> Open positions
Join our team!
Youtube
Github
Gitlab
When facing a new target for vulnerability research or an unknown markware, reverse engineering capabilities are central for these analyses. Analysts must combine years of expertise with the best reverse engineering tools to solve the puzzle they face.
Different sets of tools exist, each focusing on different aspects of the problem. All tools and techniques must be combined together since any piece of information counts. However, while static tools turn out to be quite numerous and mature, the scope of dynamic tools may appear more limited and is often limited to debuggers. In addition, those tools don’t provide any solution to capture the path followed by the expert, to empower new hires with the team’s accumulated expertise and to reduce the complexity required to solve the deepest problems.
eShard has built a solution, esReven, combining a unique technology with a knowledge center. It empowers organizations and their analysts to develop and aggregate more expertise while pushing the boundaries of reverse engineering.
With our unique technology for dynamic analyses, named Full System Timeless Analysis, get visibility of a full system execution (CPU, Memory, Hardware Events, network activities, …) during a slice of time combined with the most advanced techniques to analyze any event occurring in that period.
Simultaneously examine and monitor all your systems, applications, and processes: Getting beyond the usual application level enables analyzing Windows and Linux kernel vulnerabilities, getting into applications that span multiple processes and use interprocess communications. The full system is a requirement when applying advanced algorithms like data tainting.
The Timeless Analysis provides a full system analysis environment with the ability to move at any point of time of its execution, backward or forward, in a click. Identify points of interest, follow the trail crossing processes or kernel boundaries, apply advanced techniques and algorithms. Combined with the full system visibility, getting to root causes becomes possible even for the most complex problems.
With esReven, record the runtime execution you are interested in. It captures the full system and get all corresponding internal data at any point of time. This can be achieved via a dedicated GUI, but also via API that you can call from a Jupyter Lab notebook. Why? Simply because you may be willing to seal your analysis in time and make sure that you or another person can understand the logic of your analysis and replay it.
The esReven record is central to the knowledge building process because it creates a permanent repository of use cases to maintain and spread expertise among team members. On the contrary, other tools, such as debuggers, do not have a lasting effect on the organization.
Key uses-cases:
How to go beyond a tool? Vulnerability or malware analysis is a matter of expertise. Expertise is more than tool capabilities. It is also about reconciling knowledge and tools. Our philosophy is to empower an expert team with a know-how platform.
By leveraging Jupyterlab notebooks, it is possible to build internal knowledge by calling the tool via API or built-in widgets. It becomes possible to retain or share your expertise. Ramp-up new experts and de-risk people movement. Collaboration becomes effective
eShard developed high value notebook libraries benefiting from years of R&D in dynamic analyses and good practices. This is a source of technical material, ready to use and easily applicable to your specific use case.
esReven captures a time slice of a full system execution to provide the total visibility of the system under analysis.
Move forwards and backwards through the recorded process.
Follow the data and highlight connections that are otherwise very hard to discover with other reverse engineering tools.
The analysis features are available through APIs and are combined to build powerful analysis techniques.