Security Research

Vulnerability Research, Exploit Development, Reverse Engineering, Advanced Security Training

Specific need? Let us build a tailored engagement for you.

Get started

icon

VerSprite's Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies. Our customers rely on VerSprite's unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors. We offer multiple offerings that assist our customers in breaking down walls and solving their most complex technical challenges. From advanced technical security training to our research for hire B.O.S.S offering, VS-Labs provides a complete set of capabilities.

VS-Labs full range of services extend across the following:

Zero Day Vulnerability Research

Maintaining awareness regarding unknown threats to your products, technologies, and enterprise networks are key. Customers that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. This subscription-based capability provides the customer immediate access to zero-day vulnerabilities affecting their products, and software used throughout their organization.

B.O.S.S (Back of Store Security) Research

Essentially a research for hire for client specific goals and objectives. VerSprite's Research and Development division prides itself on being able to solve technical challenges for its customers. VerSprite's BOSS offering allows our clients to utilize these capabilities and dive into the security internals of their products.

Advanced Security Training

VerSprite's advanced technical security training is created from VerSprite's Research and Development division. VerSprite's training offerings provide unique and original content that targets the advanced user and allows them to up their game in a technical discipline.

Latest Security Advisories & Publications

Frida Engage Part Three | You Down With XPC?

28 March 2018

Overview In the final installment of the Frida Engage blog series, we will demonstrate how to use Frida for hooking and inspecting Apple's NSXPC API using the CleanMyMac 3 application as our guinea pig. NSXPC XPC is one flavor of the Inter-Process Communication technologies provided by Apple. "The XPC Services API, part of libSystem, provides a lightweight mechanism for basic interprocess communication integrated with Grand Central Dispatch (GCD) and launchd. The XPC Services API allows you to create lightweight helper…

Read more

arrow right
avatart

posted by Benjamin Watson

Oh the POSsibilities – A Case Study in Point-Of-Sale Insecurity

26 March 2018

Introduction The use of Point-Of-Sale systems can be seen in industries such as retail, hospitality, food service, apparel, grocery, automotive, etc. Any time you swipe a card to make a purchase or utilize a self-checkout kiosk, a Point-Of-Sale system is responsible for handling the intricacies of your transaction in the background. Given the delicate nature of Point-of-Sale, security standards have been created to protect consumers from malicious actors. The Payment Card Industry Data Security Standard (PCI-DSS) is an information security…

Read more

arrow right
avatart

posted by rabid

EXPLOITING VYPRVPN FOR MACOS

24 January 2018

Overview In 2017, VerSprite released an advisory for a privilege escalation vulnerabiliy in the VyprVPN macOS application. In this blog post, we'll dive into the process of finding this vulnerability and writing a simple exploit for it. Auditing When performing attack surface enumeration for any macOS application, I typically search for XPC (Cross Process Communication) API usage. I've found that rarely do I see XPC services in third-party applications being secured, so it tends to always be a focal point for my bug hunting…

Read more

arrow right
avatart

posted by Benjamin Watson

Specific need? Let us build a tailored engagement for you.

Get started

icon

We are an international squad of professionals working as one.

logos