update service offering details

_layouts/default.html

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="{{ page.lang | default: site.lang | default: "en" }}">
+<html lang="{{ page.lang | default: site.lang | default: " en" }}">
 
 {%- include head.html -%}
 

_sass/base.scss

@@ -132,7 +132,7 @@ section {
 }
 
 .companies a img {
-   height: 40px;
+   height: 30px;
 }
 
 .companies a:hover {

index.md

@@ -14,8 +14,8 @@ We believe security compromises to your systems and personnel are *inevitable*.
 ---
 
 <section>
-  <h3>Some of the companies we have provided security services for include...</h3>
+  <h4>Some of the companies we have provided security services for include...</h4>
-  <br/>
+  <br />
   <div class="flex-container companies">
     <div>
       <a href="https://bitgo.com">
@@ -32,17 +32,17 @@ We believe security compromises to your systems and personnel are *inevitable*.
         <img src="assets/base/companies/bishop-fox-dark.png" />
       </a>
     </div>
-</div>
-<br>
-<div class="flex-container companies">
     <div>
       <a href="http://www.ledn.io/">
         <img src="assets/base/companies/ledn-white.svg" />
       </a>
     </div>
-   <div>
+  </div>
-      <a href="http://www.falconx.io/">
+  <br>
-        <img src="assets/base/companies/falconx-white.svg" />
+  <div class="flex-container companies">
+    <div>
+      <a href="http://www.turnkey.io/">
+        <img src="assets/base/companies/turnkey-black.svg" />
       </a>
     </div>
     <div>
@@ -50,10 +50,7 @@ We believe security compromises to your systems and personnel are *inevitable*.
         <img src="assets/base/companies/exodus-white.svg" />
       </a>
     </div>
-  </div>
+    <div>
-  <br/>
-  <div class="flex-container companies">
-      <div>
       <a href="https://siderolabs.com">
         <img src="assets/base/companies/sidero-labs-white.png" />
       </a>
@@ -63,45 +60,40 @@ We believe security compromises to your systems and personnel are *inevitable*.
         <img src="assets/base/companies/zoom.webp" />
       </a>
     </div>
+  </div>
+  <br />
+  <div class="flex-container companies">
     <div>
       <a href="https://mystenlabs.com">
         <img src="assets/base/companies/mysten-labs-white.svg" />
       </a>
     </div>
-  </div>
-    <br/>
-  <div class="flex-container companies">
-    <div>
-      <a href="http://www.hashicorp.io/">
-        <img src="assets/base/companies/hashicorp-white.png" />
-      </a>
-    </div>
-    <div>
-      <a href="http://www.primetrust.com/">
-        <img src="assets/base/companies/prime-trust-white.svg" />
-      </a>
-    </div>
     <div>
       <a href="http://www.distributedglobal.com/">
         <img src="assets/base/companies/distributed-global.jpeg" />
       </a>
     </div>
+    <div>
+      <a href="http://www.hashicorp.io/">
+        <img src="assets/base/companies/hashicorp-white.png" />
+      </a>
+    </div>
     <div>
       <a href="http://www.b1.com/">
         <img src="assets/base/companies/block-one-dark.svg" />
       </a>
     </div>
-        <div>
+    <div>
       <a href="https://fitbit.com">
         <img src="assets/base/companies/fitbit-white.png" />
       </a>
     </div>
   </div>
-      <br/>
+  <br />
   <div class="flex-container companies">
     <div>
-      <a href="http://www.turnkey.io/">
+      <a href="http://www.falconx.io/">
-        <img src="assets/base/companies/turnkey-black.svg" />
+        <img src="assets/base/companies/falconx-white.svg" />
       </a>
     </div>
     <div>
@@ -119,39 +111,34 @@ We believe security compromises to your systems and personnel are *inevitable*.
         <img src="assets/base/companies/ankr.png" />
       </a>
     </div>
-    <div>
-      <a href="http://www.investvoyager.com/">
-        <img src="assets/base/companies/voyager-white.png" />
-      </a>
-    </div>
   </div>
-  <br/>
+  <br />
-  <br/>
+  <br />
 </section>
 
 ---
 
 <section>
   <h1>Services</h1>
-  <p>Distrust offers a wide range of services which are tailored to your organization. Whether you need a complete security assessment, building a security program from scratch, or want to focus on a specific aspect of your organization or system - we are here to help. Our experienced staff will work closely with you to understand your unique needs and create a tailor made solution that works for you.</p>
+  <p>Distrust offers a wide range of services which are tailored to your organization. Whether you need a complete security assessment, need help building a security program from scratch, or want to focus on a specific aspect of your organization or system - we are here to help. Our experienced staff will work closely with you to understand your unique needs and create a tailor made solution that works for you.</p>
   <div class="flex-container">
     <div class="sub-container">
-      <h3>CISO / Head of Security / Security Engineer on Demand</h3>
+      <h3>Security Assessment</h3>
-     <p>Leverage Distrust's team of experts as needed to assist you in building and maintaining all aspects of your security programs.</p>
+     <p>Holistic assessments of systems tailored to your needs. We leverage our in house expertise to analyze your system, thinking from first principles, in order to ensure its design, implementation and deployment all work coherently to establish a strong security posture.</p>
     </div>
     <div class="sub-container">
-         <h3>Penetration Testing and Security Assessment</h3>
+      <h3>Security Engineering</h3>
-         <p>Distrust has a long and successful track record of helping companies find security weaknesses and ensure that they can release software confidently.</p>
+      <p>Our team consists of engineers who are experts in a wide range of areas ranging across applied cryptography, HSMs, secure coding using languages such as rust and golang, quorum authentication, kernel hardening, CI/CD hardening and more. Leverage our experience to ensure your systems are secure by design, and use the best available architecture patterns.</p>
     </div>
   </div>
   <div class="flex-container">
     <div class="sub-container">
-      <h3>Cryptographic System Design, Escrow and Consulting</h3>
+      <h3>Retained Security Support</h3>
-      <p>Distrust specializes in building highly reliable and secure systems, via applied cryptography, for managing sensitive cryptographic material such as blockchain private keys. To achieve this our team uses a novel approach which leverages attestation, custom software, PKI, MPC and other methods.</p>
+      <p>If you need additional security support, you can hire our team on retainer to have us available when you need us most. Our varied expertise allows us to assist you with a wide variety of security related challenges and activities.</p>
     </div>
     <div class="sub-container">
-      <h3>System Hardening</h3>
+      <h3>Research & Development</h3>
-      <p>Reducing the surface area for attacks is the most effective way to reduce the likelihood of system compromise. By hardening the entire technology stack used, the attackers are left with nothing to grasp at.</p>
+      <p>Our team is active in both open source development in security research. We strive to build the tools that we feel will have the most impact on overall security and privacy of internet users.</p>
     </div>
   </div>
   <div class="button-container">

services.md

@@ -9,47 +9,49 @@ Distrust offers a wide range of services which are tailored to your organization
 
 ---
 
-### CISO / Head of Security / Security Engineer on Demand
+### Security Assessment
-Leverage Distrust's team of experts as needed to assist you in building and maintaining all aspects of your security programs.
+Holistic assessments of systems tailored to your needs. We leverage our in house expertise to analyze your system, thinking from first principles, in order to ensure its design, implementation and deployment all work coherently to establish a strong security posture. The methodoligies we leverage vary based on the context but some things an engagement may consist of but are not limited to are:  
-* Network Architecture
+* Penetration Testing
-* Access Permissions
+* Secure Code Review
-* Security Hiring Advisory
+* Cloud Configuration Review
-* Business Continuity
-* Secure Software Development Lifecycle
-* Physical Security
-* ... and more
-
 
 ---
 
-### Penetration Testing and Security Assessment
+### Security Engineering
-Distrust has a long and successful track record of helping companies find security weaknesses and ensure that they can release software confidently.
+Our team consists of engineers who are experts in a wide range of areas ranging across applied cryptography, HSMs, secure coding using languages such as rust and golang, quorum authentication, kernel hardening, CI/CD hardening and more. Leverage our experience to ensure your systems are secure by design, and use the best available architecture patterns. Some examples of what clients rely on us to assist in:
-* Web Application Penetration Testing
+* Secure Code Development
-* Mobile Application Penetration Testing
+* Cryptocurrency Custodial Solution Design, Architecture, and Review
-* Software Supply Chain Integrity
-* Cloud Infrastructure Security
-* ... and more
-
-
----
-
-### Cryptographic System Design, Escrow and Consulting
-Distrust specializes in building highly reliable and secure systems, via applied cryptography, for managing sensitive cryptographic material such as blockchain private keys. To achieve this our team uses a novel approach which leverages attestation, custom software, asymmetric cryptography, MPC and other methods.
-    
-* Private Key Lifecycle Management (Generating, Storing, Sharing, Backup etc.)
-* Secure Enclaves
-* HSMs
 * Quorum Authentication Design
-... and more
-
----
-
-### System Hardening
-Reducing the surface area for attacks is the most effective way to reduce the likelihood of system compromise. By hardening the entire technology stack used, the attackers are left with nothing to grasp at.
-
-* OS Hardening and Custom Kernel Advisory
-* Production Engineering Practice
-* Reproducible / Deterministic Build Pipelines (CI/CD)
 * Immutable Infrastructure
-* Quorum Authentication Design
+* Cryptographic Key Escrow / Signer 
-* ... and more
+* Reproducible / Deterministic Builds
+* Production Engineering Practices
+
+---
+
+### Retained Security Support
+If you need additional security support, you can hire our team on retainer to have us available when you need us most. Our varied expertise allows us to assist you with a wide variety of security related challenges and activities. We aid our clients in a variety of security related areas such as, but not limited to:
+* Security Program Development
+* General Security Consulting
+* Assistance With Hiring Security Talent
+* Business Continuity Planning: Black Swan Events
+* Physical Security
+
+---
+
+### Research & Development
+Our team is active in both open source development in security research. We strive to build the tools that we feel will have the most impact on overall security and privacy of internet users.
+
+#### Development
+* [keyfork](https://git.distrust.co/public/keyfork)
+* [ocirep](https://git.distrust.co/public/ocirep)
+* [airgap](https://git.distrust.co/public/airgap)
+* [gitsig](https://git.distrust.co/public/git-sig)
+
+#### Research
+* CVE-2023-39910: Weak entropy in Libbitcoin Explorer 3.0.0 through 3.6.0
+    * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910)
+    * [https://milksad.info](https://milksad.info)
+* [CVE-2018-9234 - GnuPG: Able to certify public keys without a certify key present when using smartcard](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234)
+* [CVE-2018-9057 - Terraform: Weak password generator for AWS IAM roles](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057)
+* [Japanese Robot Hotel](https://www.vice.com/en/article/3kxy4k/high-tech-japanese-hotel-service-robots-easily-hackable)