website/services.md

58 lines
3.3 KiB
Markdown

---
title: /services
layout: home
permalink: /services.html
---
## Services
Distrust offers a wide range of services which are tailored to your organization. Whether you need a complete security assessment, building a security program from scratch, or want to focus on a specific aspect of your organization or system - we are here to help. Our experienced staff will work closely with you to understand your unique needs and create a tailor made solution that works for you.
---
### Security Assessment
Holistic assessments of systems tailored to your needs. We leverage our in house expertise to analyze your system, thinking from first principles, in order to ensure its design, implementation and deployment all work coherently to establish a strong security posture. The methodoligies we leverage vary based on the context but some things an engagement may consist of but are not limited to are:
* Penetration Testing
* Secure Code Review
* Cloud Configuration Review
* Threat Modeling
---
### Security Engineering
Our team consists of engineers who are experts in a wide range of areas ranging across applied cryptography, HSMs, secure coding using languages such as rust and golang, quorum authentication, kernel hardening, CI/CD hardening and more. Leverage our experience to ensure your systems are secure by design, and use the best available architecture patterns. Some examples of what clients rely on us to assist with:
* Secure Code Development
* Cryptocurrency Custodial Solution Design, Architecture, and Review
* Quorum Authentication Design
* Immutable Infrastructure
* Cryptographic Key Escrow / Signer
* Reproducible / Deterministic Builds
* Production Engineering Practices
---
### Retained Security Support
If you need additional security support, you can hire our team on retainer to have us available when you need us most. Our varied expertise allows us to assist you with a wide variety of security related challenges and activities. We aid our clients in a variety of security related areas such as, but not limited to:
* Security Program Development
* General Security Consulting
* Assistance With Hiring Security Talent
* Business Continuity Planning: Black Swan Events
* Physical Security
---
### Research & Development
Our team is active in both open source development and security research. We strive to build the tools that we feel will have the most impact on overall security and privacy of internet users.
#### Development
* [keyfork](https://git.distrust.co/public/keyfork)
* [ocirep](https://git.distrust.co/public/ocirep)
* [airgap](https://git.distrust.co/public/airgap)
* [gitsig](https://git.distrust.co/public/git-sig)
#### Research
* CVE-2023-39910: Weak entropy in Libbitcoin Explorer 3.0.0 through 3.6.0
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39910)
* [https://milksad.info](https://milksad.info)
* [CVE-2018-9234 - GnuPG: Able to certify public keys without a certify key present when using smartcard](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234)
* [CVE-2018-9057 - Terraform: Weak password generator for AWS IAM roles](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057)
* [Japanese Robot Hotel](https://www.vice.com/en/article/3kxy4k/high-tech-japanese-hotel-service-robots-easily-hackable)