Platform for Experts 
Mobile & Backend Security Testing 
Our Company 
Blog
Contact us
eShard
/
Vulnerability Research

Vulnerability Research

Modern digital systems are becoming increasingly complex and combining more and more components. It becomes critical to assess potential vulnerabilities in each of these components as well as in the overall system. However, this is a complex task because the attack techniques have an increasingly high level of sophistication. To anticipate the threat, security researchers must be able to understand the core of a system. The unparalleled visibility provided by dynamic analysis makes this possible.
eShard Cybersecurity Solutions

With REVEN®, make powerful dynamic analyses

REVEN’s proven technology is unique by its ability to explore an application or a system relying on an operating system, such as Windows or Linux. The unreached record and replay feature provides an inside view of the running system, such as its memory, the CPU states or all I/O over the execution.

Exploring and analyzing such a system becomes then possible using REVEN's unique features such as Data tainting, Memory history, and the ready-to-use modules provide a catalog of techniques to effectively support researchers in their work. It allows reverse engineers to solve complex but high value problems.

Go beyond the limits

REVEN’s takes any 32 or 64 bits applications or drivers binaries on x86 or x64 architectures, running on Linux or Windows or just those native systems. Then the unrivaled record and replay can be simply done by a researcher through the Project Manager feature or integrated in a vulnerability analysis platform integrated with a fuzzer.

The vulnerability research itself can be done using REVEN UI, scripted or just automated allowing vulnerability discovery in any applications or within the OS kernel.

Seamless integration in analysis framework and knowledge capitalization

REVEN® was designed to integrate within reverse engineering processes and tools. The service and the analysis can be accessed via API, customized, automated and are integrated in tools such as ​​Wireshark, IDA Pro or WinDbg.

In addition, it captures your team knowledge, increasing the effectiveness of your research and facilitating the ramping up of new team members.

Unique capabilities to assess vulnerabilities

Get to the root cause quickly, assess if a vulnerability is exploitable, bypass complex malware protections, and get full visibility of the kernel as well as multi-process software.

Data tainting analysis

Find critical points by following a tainted data through an execution process.

Malware analysis

Understand the root cause of a malicious code.

Close to the machine

The closer, the more accurate.

Testimonials & Success Stories

Open-IC.png

REVEN is the most amazing piece of software I have ever used for system-level analysis. It provides an unprecedented level of detail of the system execution state. It allows me to perform “time travel” debugging of the entire system (both kernel and user mode) with great ease. Its reverse/forward taint analysis engine is also vulnerability analysis.

It is truly a reverse engineer’s dream tool.”

end-reven-1.png

Open-IC.png

“Systems are built on layers of complexity which just add new attack surfaces instead of real protection

REVEN gives you the unique ability to quickly dissect the layer of complexity and discover vulnerabilities otherwise easily obscured from public security.”

end-reven-2.png

Open-IC.png

“It can be very time consuming to determine if a bug is exploitable or not.

This reverse engineering platform allows us to identify the exploitability of the bug quickly.”

end-reven-3.png

Open-IC.png

"REVEN is the dream technology for anyone who wants to understand what a binary does time-wise. It enables to quicly get around the most complex protection mechanisms like packers, crypto, timers or even multi-stage payload. The time saved is invaluable!

The best way to analyze targeted campaigns."

end-reven-4.png

Blog Articles

Chip Security

ALPhANOV & eShard's IC Security Testing Lab

2 min read
Edit by Riviere Lionel Apr 5, 2022
CopyRights eShard 2022.
All rights reserved
Privacy policy | Legal Notice
PLATFORM FOR EXPERTS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability Research
PROFESSIONAL SERVICES