lostrabbitlabs

Services & Product Descriptions


Penetration Testing
Penetration Testing is needed to help ensure that your existing security controls are providing adequate protections from known, and emerging threats targeting your brand, people, and data. Lost Rabbit Labs offers a broad range of Penetration Testing services ranging from Adversarial to Collaborative, Covert to Overt, and all Teaming options in-between. Traditional Network Testing (Internal, External, & TOR) is available, along with Web & Mobile Application, API, Wireless & Radio, Hardware & IoT testing and analysis offerings. All engagements include a full, detailed report of findings, along with remediation assistance and re-testing options.

Network Penetration Testing

The network is the foundation of your organization (containing your digital assets, resources, employee and customer information) and periodic penetration testing is necessary to ensure its integrity and security. Lost Rabbit Labs penetration testing methodologies go beyond the standard Best-Practices vulnerability scanning and analysis processes, using our decades of combined security experience and in-house tools. We assist in identifying vulnerabilities, exploiting them, and documenting them for your team to resolve.

  • Internal Network
  • External Network
  • Cloud Infrastructure
  • ToR/I2P/Darknet


Web Application and API Testing

Web applications run the Internet and the amount of public facing services is ever-increasing, due to rapid development cycles and 3rd-party software easing development challenges. It is essential to identify flaws and weaknesses within your application using proper fuzzing strategies, static and dynamic analysis of APIs and endpoints, and rigorous validation of service container configurations.

  • Internal/External Web Apps
  • Proprietary Applications
  • Micro Services
  • API/Endpoint


Mobile Application Testing

Businesses and other organizations have been using mobile apps for internal communication as well as interacting with their customer base, which begs the question; is your app secure? Lost Rabbit Labs manually inspects your source code and performs dynamic analysis in order to detect vulnerabilities and anomalies.  We provide a full testing methodology that inspects and fuzzes code, back-end services, and API endpoints.

  • iOS/Apple
  • Google/Android
  • WindowsOS
  • Blackberry


Wireless / RFID / Bluetooth Testing​

Companies using wireless technologies are constantly and continuously receiving unwanted visitors trying to listen in or join their network. If not segmented and secured correctly, this can pose a serious threat for your business and network resources. Wireless testing ensures the existence of proper security controls and safety of your wireless perimeter.

  • Wireless (802.11a-n)
  • RFID
  • Bluetooth
  • Radio Communications


Hardware and IoT Testing

Protecting your private information, data, and communications is often handled at the hardware layer and many times overlooked during Penetration Testing and Security Assessments. Trusting your hardware and 3rd-party technology is not always an option, and further analysis may be needed to ensure that no rogue components or software have been embedded into your trusted platforms.

  • Embedded Devices
  • Routers/Modems
  • Communication Devices
  • SCADA, UART, JTAG, I2C & SPI


OSINT & Threat Intel
Providing complete, real-time Situational Awareness around your brand, people and Digital Assets is nearly an impossible task, due to the amount of data that exists in today’s world. Identifying External Threats, Data/Information leakages, and Indicators of Compromise associated with your brand is often too challenging and time consuming. Lost Rabbit Labs is equipped to assist your company by leveraging our years of investigative experience, along with the WisQuas Engine, our custom crawler that provides high-value enrichments to existing data sources.



Attribution Investigation

Uncovering the identity of an individual or group responsible for conducting malicious activity targeting your company is critical to understanding your threat model, and assist in creating resilient defenses. Knowing how a breach or data leakage happened, and who may have been behind it provides great insight into on-going prevention and protection.

  • Threat Actor/Group Awareness
  • Historical/Archival Exposure
  • Credential Breach Analysis
  • Data Point Link-Analysis



Threat Landscape Awareness

Protect your Intellectual Property, Executive Team and Employees through constant monitoring of the Internet, Deep Web, Darknet, and Social Media networks. Identify vulnerable services, breached accounts, weak credentials, and unintended information exposures (Data Leak Detection). Discover rogue Digital Assets owned by Threat Actors targeting your brand, employees, and customers.

  • Executive Team Monitoring
  • Data-leakage Awareness
  • Digital Asset Impersonation Identification
  • Vulnerable Services Discovery


Brand and Reputation Evaluation

Discover Reputation Issues involving your company and remediate them before they cause negative impacts to your brand and people. Ensure none of your Digital Assets are flagged as dangerous or known to have been involved in malicious or criminal campaigns. Merger and Acquisition awareness efforts and supply chain inspection also possible through our OSINT services.

  • Reputation Lookups
  • Historical Traffic Analysis
  • Domain Attribution
  • Brand Evaluation


Digital Footprint Discovery

Having a complete and comprehensive inventory of your company’s Digital Assets is essential in order to assist with providing the proper protections needed to ensure security across your landscape and domains. 

  • Reverse Lookups & Attribution
  • Domain Auditing
  • Digital Asset Management & Tracking
  • Data Leak Detection & Exposed Public Container Awareness


Full Spectrum Attack Simulation
Lost Rabbit Labs seeks to deliver high quality actionable intelligence through focused collaborative teaming efforts. By offering ‘Full Spectrum Teaming’, and partnering with our clients, we can more efficiently identify and help remediate discovered vulnerabilities, weaknesses, and un-intended disclosures.



Collaborative & Adversarial Teaming

Working as a team and providing real-time information sharing often increases the quality of an engagement and yields the best deliverables. Other times you need a covert, adversarial scenario tested and explored. Lost Rabbit Labs will work with your team in the way you need, and provide full methodologies and results, to help you increase your security posture.

  • Collaborative Teaming
  • Adversarial Scenarios
  • Covert/Overt Teaming
  • Best-Practices vs. Compliance


Phishing - Email, Phone and Video

With the average financial cost of data breaches nearing roughly $3.8 million, the human security layer must be able to identify and withstand phishing attempts of all types.  Our security team can attempt to impersonate employees, vendors, and more to try to spear phish high-value individuals and infiltrate your network, in order to test your policies.

  • Spear Phishing
  • Email, Phone, & Video Impersonation
  • Whaling
  • Waterhole Attacks


Physical Security Assessments

Does your organization need to test the physical security or perimeter of its offices? Knowing how your defenses would hold up in the event of an actual attack can greatly help improve your overall security posture. Using Social Engineering tactics, various forms of Asset Manipulation, USB drops, lock-picking, impersonation, and more, Lost Rabbit Labs can help you identify weakness before the real threats do.

  • Physical Assessment Testing
  • Social Engineering Tactics
  • Asset Manipulation
  • Rogue Device Installations



Ransomware Awareness

In 2019, there were roughly 151.9 million ransomware attacks that took place around the world.  Having your digital assets taken hostage is one of the most devastating experiences you can go through as an organization.  Our ‘Strategic Security Team’ can assist your company with prevention, identification, and resolution during and post-event. 

  • Threat Identification
  • Response Training
  • Reducing Risk & Impact
  • Infrastructure Security Analysis


Consulting & Training Services
Through decades of combined experience in information, system and network security, Lost Rabbit Labs offers a wide range of consulting services to assist your organization.  Whether the need is Offensive or Defensive, our Security Team is ready to provide knowledge, resources, and expert advice to your teams.



Training & Awareness Programs

From covering basic concepts, to having in-depth discussions on tools, methodologies, and best security practices, our Security Team can help your organization evolve its security posturing and increase knowledge and awareness around topics of your choosing.

  • Identifying a Phishing Campaign
  • Fundamental Security Knowledge
  • Digital Asset Protection
  • Offensive/Defense Techniques


Code Inspection & Review

Our Security Team will inspect your source code and use dynamic testing techniques searching for vulnerabilities and weaknesses within your code base.  Weak cryptography, insecure functions and methods, unauthenticated communications, improper storage of credentials, along with other vulnerabilities will be tested.

  • Web & Client Application
  • API & Endpoint
  • DoS & Injection Identification
  •  Weak Code Function Detection


Incident Response & Remediation

A good Incident Response team can help save your organization from prolonged downtime, wasted resources and needless panicking.  Our Security Team is well versed in threat, malware, and forensics analysis, along with remediation techniques associated with commonly used attack vectors.

  • Threat, Malware & Forensics Analysis
  • Binary Analysis
  • Reverse Engineering
  • Log Ingestion/Parsing


Policies, Procedures & Security Posturing

Organizations that handle personal, health, and financial data are required to have strong policies geared towards asset management and protection. All businesses need to know how to handle an incident, event, breach, or even a simple phishing email properly. Having organized Policies and Procedures in place can help create a more secure environment for your employees and customers data. 

  • VCISO Support
  • Policy Review
  • Beyond Best Practices
  • Firewall/Netflow Review
  • Log Retention & Analysis