Services
- Distrust offers a wide range of services which are tailored to your organization. Whether you need a complete security assessment, building a security program from scratch, or want to focus on a specific aspect of your organization or system - we are here to help. Our experienced staff will work closely with you to understand your unique needs and create a tailor made solution that works for you.
+ Distrust offers a wide range of services which are tailored to your organization. Whether you need a complete security assessment, need help building a security program from scratch, or want to focus on a specific aspect of your organization or system - we are here to help. Our experienced staff will work closely with you to understand your unique needs and create a tailor made solution that works for you.
-
CISO / Head of Security / Security Engineer on Demand
-
Leverage Distrust's team of experts as needed to assist you in building and maintaining all aspects of your security programs.
+
Security Assessment
+
Holistic assessments of systems tailored to your needs. We leverage our in house expertise to analyze your system, thinking from first principles, in order to ensure its design, implementation and deployment all work coherently to establish a strong security posture.
-
Penetration Testing and Security Assessment
-
Distrust has a long and successful track record of helping companies find security weaknesses and ensure that they can release software confidently.
+
Security Engineering
+
Our team consists of engineers who are experts in a wide range of areas ranging across applied cryptography, HSMs, secure coding using languages such as rust and golang, quorum authentication, kernel hardening, CI/CD hardening and more. Leverage our experience to ensure your systems are secure by design, and use the best available architecture patterns.
-
Cryptographic System Design, Escrow and Consulting
-
Distrust specializes in building highly reliable and secure systems, via applied cryptography, for managing sensitive cryptographic material such as blockchain private keys. To achieve this our team uses a novel approach which leverages attestation, custom software, PKI, MPC and other methods.
+
Retained Security Support
+
If you need additional security support, you can hire our team on retainer to have us available when you need us most. Our varied expertise allows us to assist you with a wide variety of security related challenges and activities.
-
System Hardening
-
Reducing the surface area for attacks is the most effective way to reduce the likelihood of system compromise. By hardening the entire technology stack used, the attackers are left with nothing to grasp at.
+
Research & Development
+
Our team is active in both open source development in security research. We strive to build the tools that we feel will have the most impact on overall security and privacy of internet users.
diff --git a/services.md b/services.md
index a521523..3c18742 100644
--- a/services.md
+++ b/services.md
@@ -9,47 +9,49 @@ Distrust offers a wide range of services which are tailored to your organization
---
-### CISO / Head of Security / Security Engineer on Demand
-Leverage Distrust's team of experts as needed to assist you in building and maintaining all aspects of your security programs.
-* Network Architecture
-* Access Permissions
-* Security Hiring Advisory
-* Business Continuity
-* Secure Software Development Lifecycle
-* Physical Security
-* ... and more
-
+### Security Assessment
+Holistic assessments of systems tailored to your needs. We leverage our in house expertise to analyze your system, thinking from first principles, in order to ensure its design, implementation and deployment all work coherently to establish a strong security posture. The methodoligies we leverage vary based on the context but some things an engagement may consist of but are not limited to are:
+* Penetration Testing
+* Secure Code Review
+* Cloud Configuration Review
---
-### Penetration Testing and Security Assessment
-Distrust has a long and successful track record of helping companies find security weaknesses and ensure that they can release software confidently.
-* Web Application Penetration Testing
-* Mobile Application Penetration Testing
-* Software Supply Chain Integrity
-* Cloud Infrastructure Security
-* ... and more
-
-
----
-
-### Cryptographic System Design, Escrow and Consulting
-Distrust specializes in building highly reliable and secure systems, via applied cryptography, for managing sensitive cryptographic material such as blockchain private keys. To achieve this our team uses a novel approach which leverages attestation, custom software, asymmetric cryptography, MPC and other methods.
-
-* Private Key Lifecycle Management (Generating, Storing, Sharing, Backup etc.)
-* Secure Enclaves
-* HSMs
+### Security Engineering
+Our team consists of engineers who are experts in a wide range of areas ranging across applied cryptography, HSMs, secure coding using languages such as rust and golang, quorum authentication, kernel hardening, CI/CD hardening and more. Leverage our experience to ensure your systems are secure by design, and use the best available architecture patterns. Some examples of what clients rely on us to assist in:
+* Secure Code Development
+* Cryptocurrency Custodial Solution Design, Architecture, and Review
* Quorum Authentication Design
-... and more
-
----
-
-### System Hardening
-Reducing the surface area for attacks is the most effective way to reduce the likelihood of system compromise. By hardening the entire technology stack used, the attackers are left with nothing to grasp at.
-
-* OS Hardening and Custom Kernel Advisory
-* Production Engineering Practice
-* Reproducible / Deterministic Build Pipelines (CI/CD)
* Immutable Infrastructure
-* Quorum Authentication Design
-* ... and more
\ No newline at end of file
+* Cryptographic Key Escrow / Signer
+* Reproducible / Deterministic Builds
+* Production Engineering Practices
+
+---
+
+### Retained Security Support
+If you need additional security support, you can hire our team on retainer to have us available when you need us most. Our varied expertise allows us to assist you with a wide variety of security related challenges and activities. We aid our clients in a variety of security related areas such as, but not limited to:
+* Security Program Development
+* General Security Consulting
+* Assistance With Hiring Security Talent
+* Business Continuity Planning: Black Swan Events
+* Physical Security
+
+---
+
+### Research & Development
+Our team is active in both open source development in security research. We strive to build the tools that we feel will have the most impact on overall security and privacy of internet users.
+
+#### Development
+* [keyfork](https://git.distrust.co/public/keyfork)
+* [ocirep](https://git.distrust.co/public/ocirep)
+* [airgap](https://git.distrust.co/public/airgap)
+* [gitsig](https://git.distrust.co/public/git-sig)
+
+#### Research
+* CVE-2023-39910: Weak entropy in Libbitcoin Explorer 3.0.0 through 3.6.0
+ * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910)
+ * [https://milksad.info](https://milksad.info)
+* [CVE-2018-9234 - GnuPG: Able to certify public keys without a certify key present when using smartcard](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234)
+* [CVE-2018-9057 - Terraform: Weak password generator for AWS IAM roles](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057)
+* [Japanese Robot Hotel](https://www.vice.com/en/article/3kxy4k/high-tech-japanese-hotel-service-robots-easily-hackable)
\ No newline at end of file
+ 
@@ -63,45 +60,40 @@ We believe security compromises to your systems and personnel are *inevitable*.
-
- 
-
- 
-
-