Research & Development
Founded as a research & development boutique firm, Subreption has always had an almost exclusive focus on research, developing novel technologies in the fields of information assurance and secure communications.
We have pioneered techniques to abuse software vulnerabilities in multiple operating systems and computing platforms, from Linux to Microsoft™ Windows and embedded real-time operating systems. Our strong background in vulnerability assessment, combined with our experience in developing red-teaming tools, has allowed us to produce highly regarded research among industry peers. We can provide tailored development of toolkits and capabilities, refactoring of existent tools, documentation efforts and training.
- Our in-house computer lab allows to test our work with consumer devices, enterprise hardware and also exotic architectures
- Our equipment is 100% privately owned, not leased or remotely managed at third-party locations
- We can simulate networks from SOHO level to multi-vendor large scale setups
- We enforce strict ethics in vetting customers and engaging in offensive security projects. Our responsibility to society and the general public comes first.
- Unlike consulting and so-called vulnerability clearing houses, we produce our own work
Our defensive security background predates everything else we have done. Subreption staff has been involved with the development of security technologies used in billions of Linux-powered devices, including the US National Security Agency project Security Enhanced Linux. The company has been granted government funding from prestigious organizations such as US DARPA, through the Cyber Fast Track program, to develop proactive defense technologies solving some of the most complex problems affecting modern operating systems today. Our innovations have even been partially adopted with varying degrees of success by third-parties in the mobile security market.
- We pioneereed zeroday dynamic memory allocator protections under US DARPA funding.
- We have developed modifications to prevent zeroday attacks for Linux, BSD and Microsoft™ Windows systems.
- Our experience and knowledge of Linux and BSD security internals is among the best in the industry.
- We are the sole owners of our defensive security intellectual property.
- Our defensive security research always revolves around defense-in-depth, meticulously identifying weaknesses in our own work and technical limitations so that they can be addressed within the parameters of performance and usability required in each case.
Electronics and Radio Communications
We are also available for research and development of solutions requiring electronics and radiofrequency engineering. Our experience includes developing appliances and tools using COTS components, reducing costs and allowing easier manufacturing in the process. We can also integrate and adapt existent systems, even without extensive documentation (although this needs to be evaluated on a case-by-case basis).
- RF components and communication modules and gateways.
- Terrestrial and satellite links.
- Physical security appliances and intrusion detection/prevention systems.
- Custom mobile computing platforms and hardening of devices.