Research

During our research efforts, we investigate in detail security of a target software or technology in order to find weaknesses in its design and implementation.

As true researchers, we investigate each target very thoroughly. This very often involves development of custom reverse engineering or code analysis tools. Without these tools we would not be able to successfully complete most of our projects.

Passion and years of experience in binary analysis allows us to deal even with the most challenging tasks.

Disclosure Policy

It takes us many months of work to research security of a given target, devise attack techniques, develop dedicated tools, write working Proof of Concept codes and prepare technical documentation.

Unfortunately, not all vendors respect the amount of time and dedication taken at our end and aimed at helping them make their products more secure.

As a result of experiencing significant disrespect / problems with various vendors in 2022 and 2023 such as the following:

• communication problems (mails not reaching security team, broken chat service of a security team) - Microsoft
• no responses to inquiries - Microsoft, Canal+
• game plays regarding reported issues impact - Microsoft, Telit
• game plays regarding reported issues addressing - Microsoft
• no interest in the results of the research - Canal+
• no addressing of the reported weaknesses - Canal+
• no prior notification / uncoordinated fixes - Telit
• fixes without disclosing their security nature (silent fixes) - Telit
• refusal to inform about the root cause of the issues that might affect 3rd party companies - Telit

starting from Apr 24, 2023, Security Explorations stops informing vendors about its security findings. By default, any such findings (results of Security Explorations' research) are to be disclosed to the public without prior notification.