Beyond Binary helps companies take responsibility for securing their systems and networks in a time when technology moves faster than even the most vigilant businesses can keep pace with. Companies are ultimately responsible for protecting their own data and the personal information of customers, and mismanagement of this critical area can have a crippling impact on business.
Under the direction of OJ Reeves, the team at Beyond Binary combine strong engineering experience with offensive security capabilities to deliver a unique set of attack simulation services. We partner with new and established companies of all sizes and from a diverse array of industries. When talking about security, there are no limits on a company’s scale of operation or maturity. Companies can not assume that being secure at a single point in time implies future security as the interaction of people and technology is unpredictable, and the playing field is always shifting.
Our team have been involved in the delivery of a wide range of security services, including penetration testing, red team engagements and attack simulations. What really differentiates us though is our extensive background in software engineering, the production of large and complex systems, and the maintenance and support of systems after deployment. Our offensive security work leverages this background knowledge to gain deep insights into the architecture and intricacies of systems, and how an attacker might exploit them. In short, we can see things from the perspective of both the builder and the breaker.
For an in depth look at the work we do, please see our service offerings or contact us directly.
Though it isn't widely known, support for Domain Fronting was added to Metasploit and Meterpreter by OJ Reeves in late 2017. Part of the reason that it's not common knowledge is the lack of documentation or discussion around how to use it. As a result, we decided to create this post so that users of Metasploit have a decent guide on how to configure and use Domain Fronting over HTTPS with a legitimate certificate.
During a recent Attack Simulation against a high-profile client, Beyond Binary faced off against Symantec Email Security.cloud (formerly MessageLabs) whilst conducting a variety of phishing campaigns. This was not the first time we had come up against cloud-based email security services, however our usual approaches to bypassing them didn't yield any fruit.
On March 1st 2015 Beyond Binary went public with an advisory that disclosed 0day flaws in Seagate Business Storage 2-Bay NAS devices. Days later, Seagate responded to the advisory through a number of channels: