About

The concept

The concept behind Microlab.red is simple: provide only high-level offensive security services, especially on complex infrastructures, custom devices, industrial plants and critical infrastructures.

Delivering these services requires active research and development to acquire specific knowledge and to find ad-hoc solutions.; this same knowledge is then transferred to the community, by participating as speaker on different security related events.

Behind the scene

I spent the last 12 years working in the IT, starting from the ground and becoming an senior security analyst for some of the biggest companies in Italy. I then decided to follow my passion and started working as a freelancer but I soon moved on and I became owner of my company, Microlab.red S.r.l.s. .

Partner companies

During the years, Microlab.red selected (and has been selected by) some companies as partners. On specific projects, we work together to deliver the best possible service to our customers:

Success stories

While Microlab.red never shares critical information about its customers and partners, what follows is a list of some anonymized projects completed during the last years:

2019

Security evaluation of a network product

It has been asked to Microlab.red to evaluate the security of an IT solution employed in complex networks. Even though it significantly increased the complexity of the analysis, due to the number of different technologies embedded in the product, it has been asked to the customer to do not provide any particular information about the product, to better simulate a real attacker.

Red teaming

An undisclosed partner asked Microlab.red to join a red teaming activity for a international company based in Europe, providing on-site reconnaissance, ad-hoc exfiltration infrastructure and support during the most complex and critical actions.

Incident response and Intranet security evaluation

An international customer asked Microlab.red to support an internal investigation after an incident. This activity then evolved into a security evaluation of the Intranet, with support to the IT staff in addressing the major issues.

2018

Security assessment of a critical infrastructure

An undisclosed partner asked Microlab.red to support the security evaluation of an italian critical infrastructure. In this situation, Microlab.red provided support on reversing some embedded systems and to evaluate their physical security.

Security evaluation of an home automation solution

It has been asked to Microlab.red to evaluate the security posture of a luxury home automation solution, composed by multiple embedded devices working together and administered through cloud services. Even though it increased the complexity of the analysis, due to the number of different devices working together, it has been asked to the customer to do not provide any technical detail, to better simulate a real attacker.

Zero-knowledge penetration test

An undisclosed partner asked Microlab.red to evaluate the resilience of the infrastructure of an italian company, without providing any technical information (only the name of the company was given). The goal in this case was to prove the possibility, for an attacker, to infiltrate the Intranet and to became domain administrator.

CVEs

CVE-2018-1000841
CVE-2017-13165