UAS Cyber (Uncrewed Aerial Systems)
Dark Wolf has written the authoritative book on UAS Security Assessments, the Drone Wolf Playbook. Drawing from our deep experience in assessing UAVs, Ground Control Systems, Payloads, and Communications for commercial and government entities, our expertise made us a key player in the drafting of the AUVSI cybersecurity standards for UAS.
Our “Drone Wolf Playbook” is a publicly available resource that details the methods and tools used in UAS Cybersecurity testing and assessments. We provide the opportunity to test those skills through our “Hack Our Drone” workshop, where we have introduced hundreds of UAS and Cybersecurity professionals to UAS Cybersecurity at conferences such as Xponential, Black Hat, and the PX4 Developers Summit.
Performing security assessments of Uncrewed Aerial Systems requires broad knowledge of Windows, Linux, Mobile, IoT, Firmware, RF, and WiFi security configurations and vulnerabilities.
Our test teams have a deep understanding of the flight software, ground control applications, and communications protocols commonly used on UAS and their payloads, including both their weaknesses and their secure configurations. We apply innovative and cutting-edge techniques to each UAS assessment to fortify security posture, even against the most advanced adversaries.
UAS and Counter-UAS are more than just a collection of edge devices; they depend on complex networks including development, production, and cloud environments which hold software code and keys for capabilities that need to be defended from cyber attack.
Drawing on our experience in network assessment and penetration testing, Dark Wolf can find the vulnerabilities and suggest the mitigations to reduce operational risk for both the vendor and the mission operator.
Education and Training
The DWS Drone Playbook is a robust and user-friendly testing framework and methodology. This framework is tailored to aid penetration testers in assessing autonomous systems. Our playbook enables efficient, objective, and accurate testing of unmanned aerial systems.
The Dark Wolf Hack Our Drone workshop provides hands-on training to UAS Cybersecurity to participants through practical lab exercises that address the security of the Ground Control System, the Uncrewed Aerial Vehicle logic board, and Communications subsystems.
Continuous & Fast Track ATO
Dark Wolf are pioneers of Fast Track and Continuous ATO, helping the Department of Defense to write and implement these authorization concepts in their earliest phases. Regardless of the complexity, our experienced teams of engineers, advisors, and assessors can help you reduce accreditation timelines and better align security to modern software development frameworks.
Malware & Network Intrusion Analysis
Dark Wolf is a leading provider of forensics and Incident Response (IR) services to commercial customers and Federal Government agencies. Our team of experienced professionals has a proven track record of successfully investigating and resolving security incidents.
We have extensive experience in inspecting networks and storage devices for signs of infiltration, reverse engineering and detonating malware samples received by clients as email attachments, and conducting forensic investigations against various threats. These include domain takeovers to custom-made malicious files delivered through email phishing campaigns designed to infiltrate and disrupt the company's operations. By thoroughly analyzing the incidents, our team has been able to eradicate threats and implement robust detection rules to prevent their recurrence.
We’ve analyzed a stream of malware sent to us by undisclosed agencies. Malware samples are unpacked, detonated, and examined. Malware is matched to previously known samples and open source information to identify malware families and possible originators.
The number of mobile devices on the planet exceeds the number of people. These devices include not only smartphones and tablets, but also edge devices such as automobiles, UAV ground control systems, home automation systems, televisions, wearables, and many other IoT devices.
Dark Wolf employs a stack of tools to extract firmware and applications from smartphones, tablets, and other IoT devices. Our team performs static, dynamic, and network analysis to uncover any malware lurking on the device and to also enumerate potential vulnerabilities in authorized software.
Effectively responding to network intrusions includes isolating intruders, identifying their techniques and tools, analyzing the attacker’s path into and through the network, and determining what documents and data were compromised.
Dark Wolf is up-to-date on the techniques, tools, and procedures of threat actors targeting commercial and governmental entities. We are able to identify the weak points in the attacker’s kill chain where the defender can deploy countermeasures to break the kill chain and defend against the attacker.
Dark Wolf's team of penetration testers and red teamers specialize in hacking software and hardware to make them more secure. Our team is experienced in emulating sophisticated adversaries against all types of networks, software, hardware and everything in between.
If your organization is growing and wants to better understand its security posture, Dark Wolf can help you with a wide variety ofsecurity assessment services. With a diverse practice of cybersecurity professionals trained in multiple disciplines, Dark Wolf help organizations of all sizes understand their risks and prioritize solutions to reduce their target attack surface.
Dark Wolf has unique experience developing custom hardware and software exploits for both commercial and federal clients. Additionally, we have experience developing zero-day exploits that we can test in our custom-developed vulnerability research test range.
Dark Wolf has extensive experience providing multiple large software factories with strategic guidance and support to build authorization packages according to Security Control Assessor and Authorizing Official specifications. From small teams to Fortune 500 firms, we've helped a wide range of clients align their solutions with NIST's Risk Management Framework.
Our world-class covert entry experts execute a wide range of assessments to identify the physical security and onsite security awareness risks of an organization's cybersecurity program.
Skilled attackers can bypass physical and electronic access controls and personal; leaving hardware, network ports, and more vulnerable to attacks. Understanding an adversary’s methods allows an organization to prepare and ensure their data remains secured and safe from both external and internal threats.
Organizations focus money and resources on logical security controls, often forgetting that physical security plays a major role in information security. What steps have you taken to prevent a data breach via physical access? Can you detect and prevent these types of physical threats?
Using an array of covert, overt and targeted techniques, Dark Wolf will help you determine, measure and address the risk of physical intrusion impacting your organization.
Covert Entry Assessment
A test of physical security risks such as targeted attacks, attempts to enter unauthorized locations, connect to systems, and compromise sensitive information.
Covert also includes social engineering to test security awareness and human risks associated with face-to-face interactions.
The goal is to identify vulnerabilities within an environment’s electronic and physical access controls and security awareness to help prevent unauthorized access and to protect assets.
Physical Security Audit
An escorted, non-covert walk-through to identify and test risks and vulnerabilities against physical and electronic access controls. Policies and procedures are also reviewed, covering topics such as employee security awareness training content, escalation procedures, management of keys and badges, all the way down to how visitors are checked in and escorted.
Security Awareness Training
A presentation with demonstrations of techniques used in both cyber and physical penetration testing scenarios. Allowing for Q&A with Dark Wolf’s world-class covert entry and security experts.
Security Awareness Training can be customized to include evidence of exploitation found within your own company from one of our Covert Entry Assessments or Physical Security Audit.
Demonstrating a real-world vulnerability that the audience personally identifies with is sure to leave a lasting impression for security culture, not just awareness!
Dark Wolf's subject matter experts are comfortable working across many different programming languages and frameworks to solve complex problems. We match each problem with the right technologies and processes to provide elegant, lean, cutting-edge solutions. We provide full stack development services to leading US Air Force Software Factories including Kessel Run, Platform One, and BESPIN.
You can count on us to develop and maintain managed CI/CD pipelines using leading pipeline automation tools including GitlabCI, Jenkins, and CircleCI. We implement test, security, and quality pipeline control gates to meet any compliance enforcement need. Our engineers are experienced in leveraging leading undustry software products, including Anchore, Checkmarx, Fortify, SonarQube, Sonatype Nexus, and Snyk.
Dark Wolf has in-depth cloud expertise and supports a variety of Federal customers providing cloud platform architecture and engineering services. We offer robust cloud-native solutions including OCI-compliant containerized microservice architectures, and Kubernetes container orchestrations platforms. We engineer our solutions using Infrastructure-as-Code (IaC) and Configuration-as-Code (CaC) best practices to maximize automation and repeatability of our environments.
Dark Wolf has a wide breadth of experience helping organizations refactor legacy software and capabilities into modern, microservice enabled applications. Leveraging our experience in web development, cloud services and containerized architecture, we can help break your capabilities down to smaller, more secure, and better managed individual components.
Dark Wolf specializes in greenfield web application development using Agile and DevOps practices. We leverage lean product management methodologies including Scrum, Paired Programming, Test Driven Development, and User Centered Design. We use Continuous Integration and Continuous Delivery (CI/CD) pipelines to automate the testing, security scanning, and quality analysis of our delivered software. We deploy our applications to traditional cloud Infrastructure-as-a-Service (IaaS) environments, and/or Platform-as-a-Service (PaaS) environments such as Pivotal Cloud Foundry, and Kubernetes cloud native platforms.
AI and Machine Learning
Dark Wolf's approach to Machine Learning Ops is supported by our expertise in DevSecOps. We design our solutions on top of Kubernetes security best practices, ensuring that your AI/ML pipeline is secure every step of the way. Our engineers draw from experience in computer vision and natural language processing to build custom pipeline steps that lead to faster model iterations and better models.
Dark Wolf has been helping clients architect, deploy and secure software development pipelines since its inception. With our talented teams of developers, DevOps engineers and cybersecurity experts, we can help ensure that security is baked into every commit you push.
Dark Wolf assesses current Project Management Office (PMO)/enterprise capabilities and corresponding control framework(s), define project goals and objectives, determine delivery and governance models, and facilitate planning, budgeting, change control, stakeholder management, and training to provide end-to-end waterfall or agile project management.
IT Infrastructure and Operations
Dark Wolf assists in the setup, design, configuration, deployment, maintenance, and help desk functions of the IT infrastructure and data that support business services.
Dark Wolf supports the review and evaluation of operational business and intelligence processes, activities, and data for the purpose of making tactical, strategic business and mission-focused decisions.
We couldn't find the information you're looking for. Redirecting...