<p>Distrust was founded in order to improve the security, privacy and freedom of individuals and organizations and promote principles of Open Source software worldwide. We specialize in helping organizations reduce risk through a holistic first principles approach rather than simply checking boxes according to often outdated "best practices".
</p>
<p>Close collaboration with our clients allows us to attain a deep understanding of technology stacks which we use to help teams refine threat models and ensure that the mitigating controls being used establish a reasonable level of security accordingly. We do this by offering variety of services which are tailored to fit the client needs, ranging across penetration tests, secure code review, threat modelling, system architecture design, supply chain security, infrastructure hardening, and more. One of our specialties is designing secure systems for management of cryptographic material, especially in the context of blockchains.
</p>
<p>Our clients are varied, many of them from high risk areas such as financial institutions, blockchain companies managing large quantities of cryptocurrency and electrical grid operators to name a few. We proudly continue to support such organizations, and use the knowledge we have attained to aid all our clients in achieving a better security posture.</p>
<p>Like most security firms, we often start relationships with full stack audits. We also have enough experience in this industry to admit another firm will find bugs we missed, and vice versa. Our true goal in audits is to understand your threat model and find a path to fundamentally remove entire classes of relevant attack surface.</p>
<p>We tend to start with a consultation where try to help you understand your true attack surface by answering tough questions:</p>
<ul>
<li>Can your Google Authenticator codes be phished?</li>
<li>Can your SMS 2FA solution be SIM Swapped?</li>
<li>Can someone tamper with your Git repos or CI/CD systems?</li>