About GreenLock

Experts in Offensive Security and Cyber-Threat Intelligence.

Expertise

Founded in 2015 by senior security experts, GreenLock Advisory is (and will always be) an independent consulting and audit firm. The diversity of our expertises allows us to offer support in the most appropriate way to the needs of our clients.

Values

Cyber-Security is a wide domain, in perpetual transformation and increasingly business impacting. New vulnerabilities and attack scenarios are revealed every day and organizations have to face them. Be rational, relevant and independent are the three pillars that compose our mindset when we intervene. We believe this strategy leads to efficiency, providing actionable and practical results. Because we want to maintain our skills at a very high level, about one-fifth of our time is dedicated to infosec watching, trainings and attending conferences.

Objectives

We are conscious that security recommendations could appear very technical in the first instance to our interlocutors. We are committed to systematically adapting the level of detail of our speech to each one of them. The challenge is to get our messages to the right level of abstraction, without losing essential information, so that they can make the best decision possible.


Latest News

Slides available here: PatrOwl_-_OSSPARIS18_-_20181206.pdf
Slides available here: PatrOwl_-_BSidesLisbon_-_20181130.pdf
PatrOwl is a solution for automating calls to commercial or open source tools that perform checks. To date, around 40 tools or online services are supported. Beyond centralizing the results (vulnerabilities, meta-data, asset states, …) obtained, the PatrOwl analysis engine compares these results with its knowledge base and other third-party services to determine scenarios of attacks (predictive analysis) or to trigger actions. (alerting, program calls, ...). Largely customizable, PatrOwl is suitable for supporting penetration testing, vulnerability audit and compliance, static source audit, threat research (CTI) and security incident response (SOC) activities. / DFIR). Github repos: Patrowl Manager, Patrowl Engines, Patrowl Cortex Analyzers and Patrowl Docs.
Multiple vulnerabilities found with Davy Douhine from Randorisec on Guetebrück IP Cameras and responsibly disclosed (ICS-CERT advisory): Improper Authentication (CVE-2018-7532), SQL Injection (CVE-2018-7528), Cross-Site Request Forgery (CVE-2018-7524), Improper Access Control (CVE-2018-7520), Server-Side Request Forgery (CVE-2018-7516), Cross-site Scripting (CVE-2018-7512).
PatrOwl is an orchestration solution of continuous analysis supporting preventive / Cyber-Threat Intelligence strategies. Public release planned on June 2018. Stay tuned ;)
A Remote Arbitrary Code Execution vulnerability has been found in HPE Smart Storage Administrator version before v2.60.18.0 and responsibly disclosed (CVE-2016-8523) + development of the Metasploit plugin.
Article published in the french magazine MiscMag (MISC-085), focusing on state-of-art attacks during network security testing.
Under long-term contract with a financial institution to perform various preventive security activities: Penetration testing, Red team exercices, Sub-contractors on-site audits, Threat hunting/intelligence, Vulnerability Management Program.
Creation of the company. HQ set up in Paris, France.

Want more ? Visit our Github repo and our blog:


Our Services

Penetration testing, Code Review and Security Audits

Give us an IP, a domain, an URL and, eventually credentials. We will simulate real senarios like attackers do, using same techniques and tools. Every audit is a challenge we are excited to face, always in team.

Threat Intelligence

Cyber-Exposure and risks are continuously growing and fastly changing. We need to focus our efforts on relevant technologies and attack scenario regarding your assets and your business. We help to select and organize Cyber-Threat Intelligence feeds to gain visibility on actual risks.

Vulnerability Management

Regardless your organization size and IT/OT maturity, Vulnerability/Patch Management is a must-have process. We assist you to align your processes and tooling ecosystem with best pratices and you needs.

Governance & Strategy

Take benefit from our past experiences to build an efficient cybersecurity strategy and implement the related processes: Incident detection and response, Patch Management, Crisis resolution, Secure Coding, Internal IT/OT audit, ...

Tooling & Engineering

Automation and security tools offer a solid return on investments. Best practices recommend to continuously scan your organisation’s environment for any vulnerabilities or changes that might indicate a potential threat.

Remediation

Looking for security experts for remediation assistance ? Let's talk about it. Our team is here for help you to select, install, deploy and test security equipments and services.

Company

GreenLock Advisory - SARL au capital de 11.765 euros
SIRET: RCS Paris 813 176 179 00048

Address

10, rue de Penthièvre
75008, Paris, France