IT Services
Obscurity Lab’s efforts are always geared towards improving the security quality of the
software products developed by us and our clients. We prefer to take a holistic view
and look at the whole Secure Development Lifecycle (SDL).
Infrastructure & Systems Engineering
Obscurity Labs Engineers are experienced in architecting, designing, and building complex KVM, AWS, and on-prem solutions. Our engineers focus on authentication, authorization, security, big data, auditing, defense-in-depth, high availability, and contingency planning.
- AWS
- VMware/ESXI
- KVM/QEMU/Docker/LXC
Secure Software Development
Obscurity Labs Developers are experienced in many programming and scripting languages. Our team has extensive experience in DevOps, orchestration, and ability to develop in low-level languages. We integrate into any SDLC. Our team is experienced in:
- VC/CI/Code Coverage
- Python/Javascript/Java
- C/C++/C#
Cybersecurity Services
We collaborate with public and private sector clients to solve their most difficult security challenges.
Advanced Threat Emulation
Our team is experienced at performing all the phases of a red team operation to mimic the capabilities and mindset of today’s dynamic, advanced persistent threat (APT).
- Capability Development
- Tailored Solutions
- Open Source Tooling
Penetration Testing
Penetration testing is performed in many different capacities depending on the scope and requirements. Our flexible testing services quickly uncovers and confirms critical vulnerabilities.
- Advanced Advisory Team
- Years of Experience
- Remote Capability
Application Security Engagement
Integrating security testing directly into SDLC.
- Advance Advisory Team
- Professional Consulting
- Distracted by the readable
Security Research & Development (SRD)
We use the latest tactics, techniques, and procedures (TTPs) to develop custom tooling for offensive engagements within our internal team and we contribute to open source tools within the security industry. Our R&D division can tackle the toughest challenges in the offensive and defensive space.
- Capability development
- Tailored Solutions
- Open Source Tooling
Security Assessments ISO & PCI
Obscurity Labs can help overcome the challenges of payment card industries (PCI) compliance assessments. We enable our customers to meet these goals for ISO standardization & PCI certifications.
- ISO standardization
- PCI certifications
- SOC Compliance
Cybersecurity Training
Train your cybersecurity team to secure and defend your enterprise. Train your cybersecurity team to secure and defend your enterprise. Our SOC Immersion Training (SIT) embeds our offensive operators inside a virtual lab environment alongside your SOC analysts to enhance your team’s operational skills and improve their ability to prevent, detect, and respond to specific threat actor TTPs.
- Advance Advisory Team
- Professional Consulting
- Distracted by the readable
Cybersecurity is our passion
At Obscurity Labs, we pride ourselves in our unique ability to integrate
comprehensive strategy and cutting-edge security into any information
environment. Within the ever-evolving world of information
technology, your organization must take a proactive and holistic
approach to information security operations.
With Obscurity Labs on your team, your organization will be equipped with comprehensive experience in implementing an infrastructure and technology-agnostic approach that integrates real-world attacker tradecraft, security assessments, and training.
- Service-Disabled Veteran-Owned Small Business
- 100% [Cyber] Veteran Owned
- Small Business
Infrastructure Engineering Is NO Longer Simple.
Global cloud adoption has risen to the top of how continuous integration, DevOps, and software is built today. Obscurity Labs is focusing on becoming subject matter experts for this growing space.
AWS
Azure
Google Cloud
IBM
Cloud Providers
Backend
Front End
Our Customers Get Results
Obscurity Labs has had the privilege to work with leading organizations in a variety of industries.
Recent Blog
I always tell my team the caliber of their reporting lies within every step of engagement, not the end. The actuality is reporting is the only thing our clients and fellow security teams receive as a final product.
We have found good success using Ubuntu and have moved the recent LTS 18.04.
Fuzzing is an art of its own, and finding perfection is rough. It takes applicable targets, time and more time.
Both the Windows and OSX Versions of Viscosity include scripting support, which can execute commands upon three different triggers.
Recently I got an itch to revisit some necessary sandbox and anti-reversing techniques. While these often are overlooked for Red Teamers, they can play a valuable part in what you code branches too in the event of a debugger or VM.
Package and ship your CobaltStrike & Empire Instances with Docker.
Cross-Site Scripting is a type of injection attack that allows an attacker to manipulate user input that dynamically is displayed on the page in order to write and have the browser render malicious HTML tags.
TL;DR: InfoPath is a fantastic way to run custom C# code, and we missed it as an attack vector sadly. At the moment it has been deprecated, but don't fret it's still everywhere!
As we all know EsteemAudit(EA) was one of the many tools released by the shadowbrokers. It targets the RDP service on XP and Server 2003 systems. This is done by exploiting the gpkcsp.dll of the Windows Smart Card.
At this point of the post, I assume you have set up a full environment from Part [2] post here and operational implant. Today we will be covering using FuzzBunch (FB) for exploitation, and launching a PeddleCheap implant on the target host.