1. Lab setup & asset intake
We build a controlled test environment that mirrors device deployment conditions.
Device inventory
Model identification, firmware versioning, and dependency mapping.
Network profiling
Traffic capture, service discovery, and protocol mapping.
Risk scoping
Threat model alignment and definition of test boundaries.
2. Firmware acquisition & analysis
We acquire firmware from supported channels and validate integrity prior to analysis.
- 01Firmware extraction, filesystem inspection, and configuration recovery.
- 02Update path review to verify signing, rollback controls, and integrity checks.
- 03Credential and secret exposure review where appropriate.
Evidence-first approach
We prioritize reproducible steps and verify findings across versions when possible.
3. Reverse engineering
Static and dynamic analysis to understand input handling, authorization, and execution paths.
Ghidra-based analysis
Trace control flow, input validation, and command execution.
Interface mapping
Review web UI endpoints, APIs, and service handlers.
Exploitability assessment
Assess impact, prerequisites, and realistic attack paths.
4. Hardware interface review
We evaluate exposed debug paths and serial access where applicable.
- 01UART/serial console access and boot log analysis.
- 02Debug services and hidden interfaces.
- 03Default configuration and hardening checks.
Safety & containment
All testing is performed in controlled environments to avoid disruption to production systems.
5. Validation & remediation support
We validate fixes, confirm risk reduction, and support coordinated disclosure when required.
Fix verification
Retest to confirm mitigation effectiveness and prevent regression.
Disclosure coordination
Clear timelines, secure channels, and stakeholder communication.
Operational guidance
Recommendations aligned to device constraints and deployment realities.