esDynamic
Manage your attack workflows in a powerful and collaborative platform.
Expertise Modules
Executable catalog of attacks and techniques.
Infrastructure
Integrate your lab equipment and remotely manage your bench.
Lab equipments
Upgrade your lab with the latest hardware technologies.
Side Channel Attacks
Evaluate cryptography algorithms from data acquitition to result visualisation.
Fault Injection Attacks
Laser, Electromagnetic or Glitch to exploit a physical disruption.
Security Failure Analysis
Explore photoemission and thermal laser stimulation techniques.
Evaluation Lab
Our team is ready to provide expert analysis of your hardware.
Starter Kits
Build know-how via built-in use cases developed on modern chips.
Cybersecurity Training
Grow expertise with hands-on training modules guided by a coach.
esReverse
Static, dynamic and stress testing in a powerful and collaborative platform.
Extension: Intel x86, x64
Dynamic analyses for x86/x64 binaries with dedicated emulation frameworks.
Extension: ARM 32, 64
Dynamic analyses for ARM binaries with dedicated emulation frameworks.
Penetration Testing
Identify and exploit system vulnerabilities in a single platform.
Vulnerability Research
Uncover and address security gaps faster and more efficiently.
Malevolent Code Analysis
Effectively detect and neutralise harmful software.
Digital Forensics
Collaboratively analyse data to ensure thorough investigation.
Software Assessment
Our team is ready to provide expert analysis of your binary code.
Cybersecurity training
Grow expertise with hands-on training modules guided by a coach.
Semiconductor
Security Labs
Governmental agencies
Academics
Why eShard?
Our team
Careers
Youtube
Gitlab
Github
We identify vulnerabilities and attack paths in the mobile app that can be exploited to gain access to critical information. The complexity of an attack and resiliency of a mobile app is measured in days which is a key determinator of the actual risk. Another is related to the nature of an attack and the question whether an attack is limited to a single device, e.g. because an attack assumes physical access to the device, or whether it can be mounted remotely.
Attacks with remote access to the device or the mobile app require particular attention, because these attacks can be applied to a large number of devices at a time and entailing the risk of a compromise at scale.
We perform penetration tests and consider the specific threats to mobile apps on iOS or Android platforms, such as:
For that, we use advanced tools and apply state-of-the-art techniques to gain access to the assets, e.g. personal data, banking account and payment data, health data, cryptographic keys, tokens, code etc. Depending on the objectives, we consider solely the mobile app binary (black box) or the binary in combination with its security design (gray box) and/or source code (white box).
A penetration test typically includes Reverse Engineering techniques such as:
to analyze the code and tamper with the mobile app, at rest and at runtime.
Like real attackers, to disable the various security protections and gaining access to the assets, we use an arsenal of tools like Apktool, JADX, JEB, QEMU, Unicorn, Ghidra, Frida, IDA Pro, angr, etc.
To analyze the resilience of a mobile app or a component (SDK or software protection tool) against an advanced attacker, we perform a penetration test in a team: depending on the specific skills required, the pentesters are supported by a team of experts in other subject matters.
We have a proven track record in Security Testing and Reverse Engineering of: