The concept behind Microlab.red is simple: provide only high-level offensive security services, especially on complex infrastructures and custom devices.
Delivering these services requires active research and development to acquire specific knowledge and to find ad-hoc solutions.; this same knowledge is then transferred to the community, by participating as speaker on different security related events.
Behind the scene
I spent the last 14 years working in the IT, starting from the ground and becoming an senior security analyst for some of the biggest companies in Italy. I then decided to follow my passion and started working as a freelancer but I soon moved on and I became owner of my company, Microlab.red S.r.l.s. .
During the years, Microlab.red selected (and has been selected by) some companies as partners. On specific projects, we work together to deliver the best possible service to our customers:
While Microlab.red never shares critical information about its customers and partners, what follows is a list of some anonymized projects completed during the last years:
Security evaluation of the WiFi infrastructure
One of the TOP100 companies in Italy asked Microlab.red to evaluate the security of the WiFi infrastructure, without providing additional information, to better simulate an attacker without previous knowledge of the network.
Web penetration test with additional desktop application
An undisclosed Italian company asked to Microlab.red to evaluate the security posture of a web application it developed. The same evaluation later included also a desktop application, used to communicate with the backend.
Security evaluation of a network product
It has been asked to Microlab.red to evaluate the security of an IT solution employed in complex networks. Even though it significantly increased the complexity of the analysis, due to the number of different technologies embedded in the product, it has been asked to the customer to do not provide any particular information about the product, to better simulate a real attacker.
An undisclosed partner asked Microlab.red to join a red teaming activity for a international company based in Europe, providing on-site reconnaissance, ad-hoc exfiltration infrastructure and support during the most complex and critical actions.
Incident response and Intranet security evaluation
An international customer asked Microlab.red to support an internal investigation after an incident. This activity then evolved into a security evaluation of the Intranet, with support to the IT staff in addressing the major issues.
Security assessment of a critical infrastructure
An undisclosed partner asked Microlab.red to support the security evaluation of an italian critical infrastructure. In this situation, Microlab.red provided support on reversing some embedded systems and to evaluate their physical security.
Security evaluation of an home automation solution
It has been asked to Microlab.red to evaluate the security posture of a luxury home automation solution, composed by multiple embedded devices working together and administered through cloud services. Even though it increased the complexity of the analysis, due to the number of different devices working together, it has been asked to the customer to do not provide any technical detail, to better simulate a real attacker.
Zero-knowledge penetration test
An undisclosed partner asked Microlab.red to evaluate the resilience of the infrastructure of an italian company, without providing any technical information (only the name of the company was given). The goal in this case was to prove the possibility, for an attacker, to infiltrate the Intranet and to became domain administrator.