iRangers is a business technology advisory firm providing analysis, research, planning and professional IT services to enterprise organizations in ...Read more
Backed by a team of experienced professionals, our strategic services meet the needs of all types and sizes of clients - from small startups to large firms - and deliver lasting changes with measurable growth. Please get in touch with us today to learn how Gunbrig Security can help your future success
Gunbrig Security is a company focused on Enterprise infrastructure, application and blockchain cybersecurity. It was founded in 2019 and is headquartered in Winnipeg. It was founded by a team with more than two hundred years (combined) of experience and knowledge of network security attack-defence practices, and all team members have a long track of record in world-class projects. Gunbrig Security is a top international blockchain security company. It supported many global well-known projects through integrated security solutions with threat discovery and threat defence while tailored to local requirements. Many Enterprise customers are distributed in more than a dozen major countries and regions – Canada, United States, Europe and the Middle East. Our company has been honoured to be a trusted advisor to global leaders, delivering the world’s broadest portfolio of cybersecurity services. We’ve helped companies across a wide range of verticals secure their information and operational assets and stay compliant, ensuring that they achieve their business goals.
DeepDive Technology Group (DDTG) was formed on the principle of providing customers with the most advanced solutions to meet their business needs, all while ensuring technical complexity does not stifle innovation. Gunbrig Security is a partner of DeepDive Technology Group (DDTG). DDTG is a consortium of the top tier, best of breed professional services firms that specialize in custom blockchain development, security, infrastructure, and cloud technologies. DDTG has provided its services to the top enterprises and blockchain firms in the world and we welcome the opportunity to help transform your business.
A senior enterprise IT architect with 20+ years of experience in cybersecurity technologies, infrastructure analysis, implementing innovative and leading technologies for International companies worldwide in the public and private sectors.
A passionate leader with experience across Business, Consulting, and Technical evangelism. My commitment to asking the tough questions and giving honest answers makes clients feel good about hearing the truth no matter where they sit on the technology maturity curve.
Over the years, I was able to develop both powerful management skills and exceptional technical and engineering skills. I have a winning track record in building and bringing organizations to be secured with robust procedures.
To achieve consistent results for our clients, we retain world-class professionals who have established careers with a long track of records.
As a result, our customers’ security and compliance operations grow more efficient and impactful over time, as Gunbrig professionals learn about clients’ specific needs and begin to anticipate them.
Dima Zodek
CEO & Co-Founder
Secure Software Code Professionals
Red Team Professionals
Certified Ethical Hackers
Secure Cloud Architects
Time to Start the Conversation. Please share with us a brief description of your needs, and we will be in touch with next steps.
Phone
+1(855)-DDTGROUP
Canada: 93 Lombard Ave, Suite 200, Winnipeg, MB, R3B 3B1
Services
Blockchain Security
Open Source Intelligence Gathering
• Whois information collection
• Real IP discovery
• Subdomain detection
• Mail service detection
• Certificate information collection
• Web services component fingerprint collection
• Port service component fingerprint collection
• Segment C service acquisition
• Personnel structure collection
• GitHub source code leak locating
• Google Hack detection
• Discovery of the privacy leaked
App Security Audit
• App environment testing audit
• Code de-compilation detection
• File storage security detection
• Communication encryption detection
• Permissions detection
• Interface security test
• Business security test
• Webkit security test
• App cache security detection
• App WebView DOM security test
• SQLite storage security audit
Server Security Configuration Audit
• CDN service detection
• Network infrastructure configuration test
• Application platform configuration management test
• File extension resolution test
• Backup, unlinked file test
• Enumerate management interface test
• HTTP method test
• HTTP strict transmission test
• Web front-end cross-domain policy test
• Web security response head test
• Weak password and default password detection
• Management background discovery
Input Security Audit
• Cross-Site Scripting (XSS) test
• Template injection test
• Third-party component vulnerability test
• HTTP parameter pollution test
• SQL injection test
• XXE entity injection test
• Deserialization vulnerability test
• SSRF vulnerability test
• Code injection test
• Local file contains test
• Remote file contains test
• Command execution injection test
• Buffer overflow test
• Formatted string test
Node Security Audit
• Node configuration security detection
• Node data synchronization security detection
• Node transaction security audit
• Node communication security detection
• Node open-source code security audit
Identity Management Audit
• Role definition test
• User registration process test
• Account rights change test
• Account enumeration test
• Weak username strategy testing
Certification and Authorization Audit
• Password information encrypted transmission test
• Default password test
• Account lockout mechanism test
• Certification bypass test
• Password memory function test
• Browser cache test
• Password strategy test
• Security quiz test
• Password reset test
• OAuth authentication model test
• Privilege escalation test
• Authorization bypass test
• Two-factor authentication bypass test
• Hash robustness test
Business Logic Audit
• Interface security test
• Request forgery test
• Integrity test
• Overtime detection
• Interface frequency limit test
• Workflow bypass test
• Application misuse protection test
• Unexpected file type upload test
• Malicious file upload test
Cryptographic Security Audit
• Weak SSL/TLS encryption, insecure transport layer protection test
• SSL pinning security deployment test
• Non-encrypted channel transmission of sensitive data test
Blockchain Security
Open Source Intelligence Gathering
• Whois information collection
• Real IP discovery
• Subdomain detection
• Mail service detection
• Certificate information collection
• Web services component fingerprint collection
• Port service component fingerprint collection
• Segment C service acquisition
• Personnel structure collection
• GitHub source code leak locating
• Google Hack detection
• Discovery of the privacy leaked
App Security Audit
• App environment testing audit
• Code decompilation detection
• File storage security detection
• Communication encryption detection
• Permissions detection
• Interface security test
• Business security test
• WebKit security test
• App cache security detection
• App Webview DOM security test
• SQLite storage security audit
Server Security Configuration Audit
• CDN service detection
• Network infrastructure configuration test
• Application platform configuration management test
• File extension resolution test
• Backup, unlinked file test
• Enumerate management interface test
• HTTP method test
• HTTP strict transmission test
• Web front-end cross-domain policy test
• Web security response head test
• Weak password and default password detection
• Management background discovery
Node Security Audit
• Node configuration security detection
• Node data synchronization security detection
• Node transaction security audit
• Node communication security detection
• Node open source code security audit
Identity Management Audit
• Role definition test
• User registration process test
• Account rights change test
• Account enumeration test
• Weak username strategy testing
Certification and Authorization Audit
• Password information encrypted transmission test
• Default password test
• Account lockout mechanism test
• Certification bypass test
• Password memory function test
• Browser cache test
• Password strategy test
• Security quiz test
• Password reset test
• OAuth authentication model test
• Privilege escalation test
• Authorization bypass test
• Two-factor authentication bypass test
• Hash robustness test
Session Management Audit
• Session management bypass test
• Cookies property test
• Session fixation test
• Session token leak test
• Cross Site Request Forgery (CSRF) test
• Logout function test
• Session timeout test
• Session token overload test
Cryptographic Security Audit
• Weak SSL/TLS encryption, insecure transport layer protection test
• SSL pinning security deployment test
• Non-encrypted channel transmission of sensitive data test
Input Security Audit
• Cross Site Scripting (XSS) test
• Template injection test
• Third-party component vulnerability test
• HTTP parameter pollution test
• SQL injection test
• XXE entity injection test
• Deserialization vulnerability test
• SSRF vulnerability test
• Code injection test
• Local file contains test
• Remote file contains test
• Command execution injection test
• Buffer overflow test
• Formatted string test
Business Logic Audit
• Interface security test
• Request forgery test
• Integrity test
• Overtime detection
• Interface frequency limit test
• Workflow bypass test
• Application misuse protection test
• Unexpected file type upload test
• Malicious file upload test
Blockchain Security
Static Security Examining
• Built-in Function Security
• Standard Library Security Audit
• Third-party Libraries Security Audit
• Injection Audit
• Serialization Algorithm Audit
• Memory-leak Detection
• Arithmetic Operation Audit
• Resource Consumption Audit
• Exception Handing Audit
• Log Security Audit
P2P Security
• Number of Node Connections Audit
• Node Performance Audit
• Message Format Validation
• Communication Encryption Audit
• Alien Attack Audit
RPC Security
• RPC Permission Audit
• Malformed Data Request Audit
• Communication Encryption Audit
• CORS Policy Audit
Encryption & Signature Security
• Random Number Generation Algorithm Audit
• Keystore Audit
• Cryptographic Component Call Audit
• Hash Strength Audit
• Length Extension Attack Audit
• Crypto Fuzzing Test
Consensus Security
• Staking Logic Audit
• Block Verification Audit
• Merkle-Tree Audit
Code Compliance Audit
• Code Forking Audit
• Code Patch Audit
• Roadmap Audit
• Top-up Program Audit
Account and Transaction Model Security
• Authority Verification Audit
• Replay Attack Audit
• “False Top-up” Audit
Services
Offensive Security
Gunbrig’s highly skilled DDoS team has expertise in conducting the controlled simulation while guiding you by evaluating risks and their potential solutions. Before the simulation, Gunbrig’s DDoS attack team conducts extensive research on your applications and infrastructure to collect valuable intelligence. Based on the information gathered, Gunbrig’s attack team will create different types across multiple attack scenarios which simulate real-world DDoS attacks, as follows:
Offensive Security
A Red Team Exercise is an all-out attempt to gain access to a system by any means necessary. Usually, it includes cyber penetration testing, physical breach, testing all phone lines for modem access, testing all wireless and RF systems present for potential wireless access, and testing employees through several scripted social engineering and phishing tests. These are real-life exercises carried out by an elite small team of trained professionals that are hired to test the physical, cybersecurity, and social defences of a particular system
Our industrial clients are typically not in control of all aspects of the security of their systems. In many cases, they have outsourced the physical security to one outsourced organization, the cybersecurity monitoring to another entity. They may also use contractors and outside firms for securing the IT systems. Since all it takes is the weakest link for a security breach, it is essential to test all security program facets to determine where the breaking points exist. For this reason, we advocate using a Red Team Exercise to mimic the same process that a motivated attacker would follow to map out an organization’s infrastructure, perform reconnaissance at key physical installations, and then test the physical, cyber, and social defences all at once through a staged exercise.
We have performed over a dozen of these exercises on both corporate office and industrial plant locations. We have the resources, methodology, and experience to perform these tests safely that does not impose any operational risk to our clients.
Offensive Security
Phishing – is attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using a bulk email that tries to evade spam filters.
Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
Security Consultance
Web applications could be the lifeline of your business, so they must be resilient to vulnerabilities. However, most organizations don’t have the right resources to discover and address vulnerabilities, which can endanger application data alongside other network assets.
With the number of possible threats continuing to grow and become more complex, only the most mature methodologies will achieve a thorough security test. Get started with Gunbrig’s web application security test to:
Security Consultance
On average, software developers will create three vulnerabilities for every 10,000 lines of code written. For large codebases, this could easily result in 15-300 vulnerabilities in the final product. Conducting a full code review can save your business from hidden code issues, plus:
Security Consultance
Unlike code reviews and architecture reviews, the Gunbrig Security Review helps pinpoint weaknesses in the application design at the start of development. Even if your development team is fully trained in writing secure code, there may still be vulnerabilities in the application design itself.
Working with Gunbrig Security, industry-wide expertise, you will:
Security Consultance
Prevent your network architecture from vulnerabilities with an in-depth audit and review conducted by gold-standard industry experts
In today’s competitive environment, any downtime or network breach due to security flaws can cost your business thousands of dollars in lost revenue. Work with Gunbrig’s team of experienced professionals and take preventative measures now to:
Security Consultance
Many development teams and system owners are experts at what they do, but they don’t always understand which of their assets represents the most significant threat. Gunbrig’s team works across many industries around the world to become the best-in-class at threat modelling. With our help, you will:
Security Consultance
Each year, thousands of new security vulnerabilities are discovered spanning software, systems, and IT infrastructure. These gaps are increasingly being exposed by malicious attackers hoping to ransom for money, seek political power, destroy competition, or cause harm. No matter the reason, an attack can cost your business dearly. Therefore, it’s essential to work with the best security experts to ensure you will:
Security Consultance
Today’s mobile applications contain tremendous business value alongside sensitive data. Their popularity has seen them become increasingly targeted by malicious attacks. Vulnerabilities can be exposed to cause damages, data loss, reputational slander, business continuity issues, and costly resolution. Simultaneously, data privacy and regulations are becoming more strict to protect consumer data. Working with Gunbrig’s certified experts, you will:
Security Consultance
Most businesses employ a cloud-based platform for public or private use due to cost-effective and flexible advantages over on-premise solutions. However, both in storage and in motion, online data are susceptible to cyberattacks that could cost your business thousands of dollars in damages, reputational harm, and regulatory consequences.
Cloud environments come with their own set of unique security features and environment complexities. That’s why Gunbrig has a dedicated team of cloud security experts who specialize in many industries and technologies and can help you to:
Security Consultance
Modern businesses contain many technological complexities, each of which carries risks for being exposed or attacked. Gunbrig’s deeply experienced hardening experts ensure that every component of your systems is secure, including applications, networks, infrastructures, firmware, access permissions, ports, and more. With Gunbrig’s mix of standardized and business-specific hardening procedures, you can:
Security Consultance
Ensure that best practices in security hardening protect your systems. Most software applications are designed to be implemented quickly and easily, rather than with comprehensive security measures. Gunbrig’s hardening procedure experts have conducted thousands of projects and continue to follow the most recent attack vectors to:
Security Consultance
Open banking does come with its risks. Imagine a customer who banks with a financial institution that has an open banking relationship with a third party offering other services. As a result, the third party has access to some customer details. If the third party experiences a breach, the customer’s details could become available to criminal organizations.
That possibility illustrates some of the biggest concerns with open banking: privacy breaches, data security, cybercrime and fraud.
What do we offer:
Security Consultance
While enabling remote work has kept employees safe and productive, however, it also presents new cybersecurity challenges for enterprise IT.
What we can offer:
Services
Advisory & Managed Services
When a security breach occurs, the consequences can be severe. From stalled revenues to damaging reputation, data loss, and compliance issues, every minute spent compromised can escalate further complications. That’s why your business must get back on track as soon as possible by employing Gunbrig’s dedicated incident response team, who will help you:
Advisory & Managed Services
Most businesses don’t have the resources to employ a full-time Chief Information Security Officer (CISO) and often don’t know exactly how to articulate the needs and responsibilities a CISO would undertake. In other cases, businesses may have an existing CISO who needs a senior expert’s guidance to improve their security or compliance. By working with a Gunbrig CISO, you can:
Advisory & Managed Services
The world of cybersecurity is complex and ever-changing. With new security solutions being promoted from security giants to small and innovative startups, deciding which solutions to implement can be daunting – especially when the consequences of poor decisions can be severe.
Gunbrig’s team has spent over 20 years evaluating security solutions to help clients make their business’s best decisions. Our experts provide a completely objective and professional evaluation of solutions for your business, which can:
Advisory & Managed Services
When software development is a core revenue-producing activity, it makes sense to deploy products as soon as possible to the market. However, rushing to production and skipping security measures can result in severe consequences. Many businesses attempt to recreate SSDLC processes by following online guides or in-house recommendations but often fall short. Gunbrig’s dedicated team of SSDLC experts have vast software development experience with specialization in secure development processes and can ensure your business bakes in best-practice security to:
Advisory & Managed Services
The complexity of modern applications can include more than 1000 types of vulnerabilities, according to the CWE (Common Weakness Enumeration). This is exasperated because most software developers are not trained fully in security measures as part of their education. That’s why Gunbrig has dedicated experts to help your business produce secure code:
Advisory & Managed Services
You may be prepared for a cybersecurity incident through technical solutions and security controls, but you considered your ability to react quickly with strategic decisions?
Incident management experience is crucial to enhancing your business’s readiness for cyber-attacks. Thankfully, Gunbrig has conducted real table top simulations with clients worldwide to find and mitigate risks in their incident management.
Partners
iRangers is a business technology advisory firm providing analysis, research, planning and professional IT services to enterprise organizations in the financial, healthcare, government, commercial and education sectors.
iRangers is made up of highly skilled and experienced professionals with a mission to help clients leverage technology to make real improvements in their organization’s performance. Our proven track record and methodology, deep technical expertise and breadth of geographical reach allow us to help our clients address impossible problems, by impossible deadlines that most cannot.
iRangers IT Research & Strategy advisors help organizations align their IT to the outcomes. iRangers does this by analyzing the business structure, processes, workflows and goals and then builds the IT structure roadmap that fully reflects the business goals. Our ultimate goal is to make IT as efficient as possible by establishing a solid bridge between the organization and IT. We are able to achieve this by employing modern and innovative IT strategies leveraging Cloud where it fits purpose and the latest technology and business trends.
Partners
DeepDive.Tech is a specialized Security and Blockchain development firm that has earned the reputation as the “go to” company to partner with to solve highly complex cryptographic problems and develop innovative Blockchain solutions.
DeepDive.Tech – Blockchain as a Service provider, which offers an Intelligent, AI & ML-driven Blockchain ecosystem deployed on a Dedicated, Private, Secure, Worldwide Layer 2 Network.
Our team maintains an effective mix of IT experts, Security professionals, development experience and seasoned leadership in order to provide innovative strategies and solutions required to meet the needs of our international client base.
The current members of our blockchain team come from different scientific disciplines, but our common faith in blockchain technology has brought us together. We are all strong believers in the future of blockchain and we love being part of this growing community!