CINXE.COM

Research and development | Coalfire

<!doctype html> <html lang="en"> <head> <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="ad7bc07e-3039-47ad-a414-786011e5c4ca" type="text/javascript" async></script> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="/favicon.png" /> <link rel="stylesheet" href="https://use.typekit.net/rln4yer.css"> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Lustria&display=swap" rel="stylesheet"> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-M5HMLKB');</script> <!-- End Google Tag Manager --> <script type="module" src="https://coalfire.com/dist/main-6b34ca3d.js" crossorigin onload="e=new CustomEvent(&#039;vite-script-loaded&#039;, {detail:{path: &#039;assets/js/main.js&#039;}});document.dispatchEvent(e);"></script> <link href="https://coalfire.com/dist/main-4fceee13.css" rel="stylesheet"> <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script> <title>Research and development | Coalfire</title><meta name="generator" content="SEOmatic"> <meta name="description" content="The Coalfire Labs Research and Development team develops security tools, identifies vulnerabilities, and provides knowledge and insights into the latest…"> <meta name="referrer" content="no-referrer-when-downgrade"> <meta name="robots" content="max-image-preview:large,max-snippet:-1,max-video-preview:-1"> <meta content="en_US" property="og:locale"> <meta content="Coalfire" property="og:site_name"> <meta content="website" property="og:type"> <meta content="https://coalfire.com/about/research-and-development" property="og:url"> <meta content="Research and development" property="og:title"> <meta content="The Coalfire Labs Research and Development team develops security tools, identifies vulnerabilities, and provides knowledge and insights into the latest…" property="og:description"> <meta content="https://assets.coalfire.com/prod/images/transforms/_1200x630_crop_center-center_82_none/default-card.png?mtime=1710449265" property="og:image"> <meta content="1200" property="og:image:width"> <meta content="630" property="og:image:height"> <meta content="https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg" property="og:see_also"> <meta content="https://www.linkedin.com/company/coalfire-systems-inc-/" property="og:see_also"> <meta content="https://www.facebook.com/coalfiresys/" property="og:see_also"> <meta content="https://twitter.com/coalfire" property="og:see_also"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@CoalfireSys"> <meta name="twitter:creator" content="@CoalfireSys"> <meta name="twitter:title" content="Research and development"> <meta name="twitter:description" content="The Coalfire Labs Research and Development team develops security tools, identifies vulnerabilities, and provides knowledge and insights into the latest…"> <meta name="twitter:image" content="https://assets.coalfire.com/prod/images/transforms/_800x418_crop_center-center_82_none/default-card.png?mtime=1710449265"> <meta name="twitter:image:width" content="800"> <meta name="twitter:image:height" content="418"> <link href="https://coalfire.com/about/research-and-development" rel="canonical"> <link href="https://coalfire.com" rel="home"> <link type="text/plain" href="https://coalfire.com/humans.txt" rel="author"></head> <body class="" > <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M5HMLKB" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <svg style="visibility: hidden; position: absolute; height: 0" width="0" height="0"> <defs> <filter id="svg-round"> <feGaussianBlur in="SourceGraphic" stdDeviation="5" result="blur" /> <feColorMatrix in="blur" mode="matrix" values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 19 -9" result="goo" /> <feComposite in="SourceGraphic" in2="goo" operator="atop"/> </filter> <linearGradient id="maggradient" gradientUnits="userSpaceOnUse" x1="29.2105" y1="57.6593" x2="21.6378" y2="5.7308" gradientTransform="matrix(1 0 0 -1 0 58.922)"> <stop offset="0" style="stop-color:#65D2E7"/> <stop offset="1" style="stop-color:#ECFFD3"/> </linearGradient> <linearGradient id="quotegradient" gradientUnits="userSpaceOnUse" x1="18.5046" y1="33.3031" x2="18.4009" y2="1.6873" gradientTransform="matrix(1 0 0 -1 0 33.3128)"> <stop offset="0" style="stop-color:#65D2E7"/> <stop offset="1" style="stop-color:#ECFFD3"/> </linearGradient> <linearGradient id="standardIconGradient" gradientTransform="rotate(90)"> <stop offset="0" stop-color="#65D2E7" /> <stop offset="1" stop-color="#ECFFD3" /> </linearGradient> <linearGradient id="dotsGradient" x1="1.49414" y1="2.23047" x2="282.432" y2="-55.9824" gradientUnits="userSpaceOnUse"> <stop stop-color="#65D2E7"/> <stop offset="1" stop-color="#ECFFD3"/> </linearGradient> </defs> </svg> <svg style="display:none;height:0;"> <symbol id="fa-arrow-right-long" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M502.6 278.6c12.5-12.5 12.5-32.8 0-45.3l-128-128c-12.5-12.5-32.8-12.5-45.3 0s-12.5 32.8 0 45.3L402.7 224 32 224c-17.7 0-32 14.3-32 32s14.3 32 32 32l370.7 0-73.4 73.4c-12.5 12.5-12.5 32.8 0 45.3s32.8 12.5 45.3 0l128-128z"/> </symbol> <symbol id="fa-arrow-left-long" viewBox="0 0 512 512"> <path d="M9.4 233.4c-12.5 12.5-12.5 32.8 0 45.3l128 128c12.5 12.5 32.8 12.5 45.3 0s12.5-32.8 0-45.3L109.3 288 480 288c17.7 0 32-14.3 32-32s-14.3-32-32-32l-370.7 0 73.4-73.4c12.5-12.5 12.5-32.8 0-45.3s-32.8-12.5-45.3 0l-128 128z"/> <symbol id="fa-angle-down" viewBox="0 0 448 512"> </symbol> <symbol id="fa-angle-down" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M212.7 331.3c6.2 6.2 16.4 6.2 22.6 0l160-160c6.2-6.2 6.2-16.4 0-22.6s-16.4-6.2-22.6 0L224 297.4 75.3 148.7c-6.2-6.2-16.4-6.2-22.6 0s-6.2 16.4 0 22.6l160 160z"/> </symbol> <symbol id="fa-angle-down-light" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M218.3 333.7c3.1 3.1 8.2 3.1 11.3 0l176-176c3.1-3.1 3.1-8.2 0-11.3s-8.2-3.1-11.3 0L224 316.7 53.7 146.3c-3.1-3.1-8.2-3.1-11.3 0s-3.1 8.2 0 11.3l176 176z"/> </symbol> <symbol id="fa-arrow-right-long-light" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M507.3 267.3c6.2-6.2 6.2-16.4 0-22.6l-144-144c-6.2-6.2-16.4-6.2-22.6 0s-6.2 16.4 0 22.6L457.4 240 16 240c-8.8 0-16 7.2-16 16s7.2 16 16 16l441.4 0L340.7 388.7c-6.2 6.2-6.2 16.4 0 22.6s16.4 6.2 22.6 0l144-144z"/> </symbol> <symbol id="fa-arrow-right-long-heavy" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M502.6 278.6c12.5-12.5 12.5-32.8 0-45.3l-128-128c-12.5-12.5-32.8-12.5-45.3 0s-12.5 32.8 0 45.3L402.7 224 32 224c-17.7 0-32 14.3-32 32s14.3 32 32 32l370.7 0-73.4 73.4c-12.5 12.5-12.5 32.8 0 45.3s32.8 12.5 45.3 0l128-128z"/> </symbol> <symbol id="fa-arrow-left-long-heavy" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M9.4 233.4c-12.5 12.5-12.5 32.8 0 45.3l128 128c12.5 12.5 32.8 12.5 45.3 0s12.5-32.8 0-45.3L109.3 288 480 288c17.7 0 32-14.3 32-32s-14.3-32-32-32l-370.7 0 73.4-73.4c12.5-12.5 12.5-32.8 0-45.3s-32.8-12.5-45.3 0l-128 128z"/> </symbol> <symbol id="fa-angle-left" viewBox="0 0 320 512"> <path fill="var(--fill-color, currentColor)" d="M52.7 267.3c-6.2-6.2-6.2-16.4 0-22.6l160-160c6.2-6.2 16.4-6.2 22.6 0s6.2 16.4 0 22.6L86.6 256 235.3 404.7c6.2 6.2 6.2 16.4 0 22.6s-16.4 6.2-22.6 0l-160-160z"/> </symbol> <symbol id="fa-angle-right" viewBox="0 0 320 512"> <path d="M278.6 256l-11.3 11.3-160 160L96 438.6 73.4 416l11.3-11.3L233.4 256 84.7 107.3 73.4 96 96 73.4l11.3 11.3 160 160L278.6 256z"/> </symbol> <symbol id="fa-square-facebook" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M64 32C28.7 32 0 60.7 0 96V416c0 35.3 28.7 64 64 64h98.2V334.2H109.4V256h52.8V222.3c0-87.1 39.4-127.5 125-127.5c16.2 0 44.2 3.2 55.7 6.4V172c-6-.6-16.5-1-29.6-1c-42 0-58.2 15.9-58.2 57.2V256h83.6l-14.4 78.2H255V480H384c35.3 0 64-28.7 64-64V96c0-35.3-28.7-64-64-64H64z"/> </symbol> <symbol id="fa-x-twitter" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"/> </symbol> <symbol id="fa-linkedin-in" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M100.3 448H7.4V148.9h92.9zM53.8 108.1C24.1 108.1 0 83.5 0 53.8a53.8 53.8 0 0 1 107.6 0c0 29.7-24.1 54.3-53.8 54.3zM447.9 448h-92.7V302.4c0-34.7-.7-79.2-48.3-79.2-48.3 0-55.7 37.7-55.7 76.7V448h-92.8V148.9h89.1v40.8h1.3c12.4-23.5 42.7-48.3 87.9-48.3 94 0 111.3 61.9 111.3 142.3V448z"/> </symbol> <symbol id="fa-youtube" viewBox="0 0 576 512"> <path fill="var(--fill-color, currentColor)" d="M549.7 124.1c-6.3-23.7-24.8-42.3-48.3-48.6C458.8 64 288 64 288 64S117.2 64 74.6 75.5c-23.5 6.3-42 24.9-48.3 48.6-11.4 42.9-11.4 132.3-11.4 132.3s0 89.4 11.4 132.3c6.3 23.7 24.8 41.5 48.3 47.8C117.2 448 288 448 288 448s170.8 0 213.4-11.5c23.5-6.3 42-24.2 48.3-47.8 11.4-42.9 11.4-132.3 11.4-132.3s0-89.4-11.4-132.3zm-317.5 213.5V175.2l142.7 81.2-142.7 81.2z"/> </symbol> <symbol id="fa-magnifying-glass" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M368 208A160 160 0 1 0 48 208a160 160 0 1 0 320 0zM337.1 371.1C301.7 399.2 256.8 416 208 416C93.1 416 0 322.9 0 208S93.1 0 208 0S416 93.1 416 208c0 48.8-16.8 93.7-44.9 129.1l124 124 17 17L478.1 512l-17-17-124-124z"/> </symbol> <symbol id="fa-instagram" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M224.1 141c-63.6 0-114.9 51.3-114.9 114.9s51.3 114.9 114.9 114.9S339 319.5 339 255.9 287.7 141 224.1 141zm0 189.6c-41.1 0-74.7-33.5-74.7-74.7s33.5-74.7 74.7-74.7 74.7 33.5 74.7 74.7-33.6 74.7-74.7 74.7zm146.4-194.3c0 14.9-12 26.8-26.8 26.8-14.9 0-26.8-12-26.8-26.8s12-26.8 26.8-26.8 26.8 12 26.8 26.8zm76.1 27.2c-1.7-35.9-9.9-67.7-36.2-93.9-26.2-26.2-58-34.4-93.9-36.2-37-2.1-147.9-2.1-184.9 0-35.8 1.7-67.6 9.9-93.9 36.1s-34.4 58-36.2 93.9c-2.1 37-2.1 147.9 0 184.9 1.7 35.9 9.9 67.7 36.2 93.9s58 34.4 93.9 36.2c37 2.1 147.9 2.1 184.9 0 35.9-1.7 67.7-9.9 93.9-36.2 26.2-26.2 34.4-58 36.2-93.9 2.1-37 2.1-147.8 0-184.8zM398.8 388c-7.8 19.6-22.9 34.7-42.6 42.6-29.5 11.7-99.5 9-132.1 9s-102.7 2.6-132.1-9c-19.6-7.8-34.7-22.9-42.6-42.6-11.7-29.5-9-99.5-9-132.1s-2.6-102.7 9-132.1c7.8-19.6 22.9-34.7 42.6-42.6 29.5-11.7 99.5-9 132.1-9s102.7-2.6 132.1 9c19.6 7.8 34.7 22.9 42.6 42.6 11.7 29.5 9 99.5 9 132.1s2.7 102.7-9 132.1z"/> </symbol> <symbol id="fa-circle-play" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M0 256a256 256 0 1 1 512 0A256 256 0 1 1 0 256zM188.3 147.1c-7.6 4.2-12.3 12.3-12.3 20.9V344c0 8.7 4.7 16.7 12.3 20.9s16.8 4.1 24.3-.5l144-88c7.1-4.4 11.5-12.1 11.5-20.5s-4.4-16.1-11.5-20.5l-144-88c-7.4-4.5-16.7-4.7-24.3-.5z"/> </symbol> <symbol id="fa-hexagon-xmark" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M36.9 256L146.6 64H365.4L475.1 256 365.4 448H146.6L36.9 256zM128 32L0 256 128 480H384L512 256 384 32H128zm63.4 136.8l-22.6 22.6 11.3 11.3L233.4 256l-53.3 53.3-11.3 11.3 22.6 22.6 11.3-11.3L256 278.6l53.3 53.3 11.3 11.3 22.6-22.6-11.3-11.3L278.6 256l53.3-53.3 11.3-11.3-22.6-22.6-11.3 11.3L256 233.4l-53.3-53.3-11.3-11.3z"/> </symbol> <symbol id="mag-with-gradient" viewBox="0 0 48.2 57"> <path fill="url(#maggradient)" d="M8.1,4.2c4.4-3.3,9.8-4.5,14.9-3.8s9.9,3.4,13.2,7.8c3.3,4.4,4.5,9.8,3.8,14.9c-0.6,4.4-2.7,8.6-6.1,11.8 L47.6,53c0.7,1,0.5,2.4-0.4,3.1c-1,0.7-2.4,0.5-3.1-0.4L30.4,37.5c-4,2.4-8.6,3.2-13,2.6c-5.1-0.7-9.9-3.4-13.2-7.8 c-3.3-4.4-4.5-9.8-3.8-14.9C1,12.3,3.7,7.5,8.1,4.2z M22.3,4.7c-4-0.6-8.1,0.4-11.6,3C7.3,10.3,5.2,14,4.6,18c-0.6,4,0.4,8.1,3,11.6 c2.6,3.5,6.3,5.5,10.3,6.1c4,0.6,8.1-0.4,11.6-3c3.5-2.6,5.5-6.3,6.1-10.3c0.6-4-0.4-8.1-3-11.6C30.1,7.4,26.3,5.3,22.3,4.7z"/> </symbol> <symbol id="quote-gradient" viewBox="0 0 37.1 31.7"> <path fill="url(#quotegradient)" d="M34.6,0c1.5,0,2.3,0.7,2.3,2.2C36.9,3,36.6,3.6,36,4c-4.4,3.3-6.8,7.2-7,11.6c2.6,0.2,4.5,1,5.9,2.6 c1.4,1.5,2,3.3,2,5.5c0,2.1-0.8,4-2.3,5.6c-1.5,1.5-3.4,2.3-5.6,2.3c-2.2,0-4.1-0.9-5.8-2.7c-1.6-1.8-2.4-4.6-2.4-8.3 c0-3.8,1.3-7.6,3.8-11.5s5.3-6.7,8.2-8.4C33.5,0.2,34,0,34.6,0z M13.8,0c1.5,0,2.3,0.7,2.3,2.2c0,0.8-0.3,1.4-0.9,1.8 c-4.4,3.3-6.8,7.2-7,11.6c2.6,0.2,4.5,1,5.9,2.6c1.4,1.5,2,3.3,2,5.5c0,2.1-0.8,4-2.3,5.6c-1.5,1.5-3.4,2.3-5.6,2.3 c-2.2,0-4.1-0.9-5.8-2.7C0.8,27.1,0,24.4,0,20.6C0,16.9,1.3,13,3.8,9.1S9.1,2.4,12,0.6C12.7,0.2,13.3,0,13.8,0z"/> </symbol> <symbol id="fa-plus-gradient" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M256 80V48H192V80 224H48 16v64H48 192V432v32h64V432 288H400h32V224H400 256V80z"/> </symbol> <symbol id="tag-icon" viewBox="0 0 12 12"> <path fill="var(--fill-color, currentColor)" d="M0,5.9V1.1C0,0.5,0.5,0,1.1,0h4.8c0.3,0,0.6,0.1,0.8,0.3l5,5c0.4,0.4,0.4,1.2,0,1.6l-4.8,4.8 c-0.4,0.4-1.2,0.4-1.6,0l-5-5C0.1,6.5,0,6.2,0,5.9L0,5.9z M2.6,1.5C2,1.5,1.5,2,1.5,2.6c0,0.6,0.5,1.1,1.1,1.1s1.1-0.5,1.1-1.1 C3.8,2,3.2,1.5,2.6,1.5z"/> </symbol> <symbol id="fa-calendar" viewBox="0 0 448 512"> <path fill="var(--fill-color, currentColor)" d="M152 24c0-13.3-10.7-24-24-24s-24 10.7-24 24V64H64C28.7 64 0 92.7 0 128v16 48V448c0 35.3 28.7 64 64 64H384c35.3 0 64-28.7 64-64V192 144 128c0-35.3-28.7-64-64-64H344V24c0-13.3-10.7-24-24-24s-24 10.7-24 24V64H152V24zM48 192H400V448c0 8.8-7.2 16-16 16H64c-8.8 0-16-7.2-16-16V192z"/> </symbol> <symbol id="fa-location-dot" viewBox="0 0 384 512"> <path fill="var(--fill-color, currentColor)" d="M192 512s192-208 192-320C384 86 298 0 192 0S0 86 0 192C0 304 192 512 192 512zm0-384a64 64 0 1 1 0 128 64 64 0 1 1 0-128z"/> </symbol> <symbol id="fa-clock" viewBox="0 0 512 512"> <path fill="var(--fill-color, currentColor)" d="M464 256A208 208 0 1 1 48 256a208 208 0 1 1 416 0zM0 256a256 256 0 1 0 512 0A256 256 0 1 0 0 256zM232 120V256c0 8 4 15.5 10.7 20l96 64c11 7.4 25.9 4.4 33.3-6.7s4.4-25.9-6.7-33.3L280 243.2V120c0-13.3-10.7-24-24-24s-24 10.7-24 24z"/> </symbol> <symbol id="X" viewBox="0 0 384 512"> <path fill="var(--fill-color, currentColor)" d="M380.2 58.3c5.7-6.7 4.9-16.8-1.9-22.5s-16.8-4.9-22.6 1.9L192 231.2 28.2 37.7c-5.7-6.7-15.8-7.6-22.5-1.9s-7.6 15.8-1.9 22.5L171 256 3.8 453.7c-5.7 6.7-4.9 16.8 1.9 22.6s16.8 4.9 22.5-1.9L192 280.8 355.8 474.3c5.7 6.7 15.8 7.6 22.6 1.9s7.6-15.8 1.9-22.6L213 256 380.2 58.3z"/> </symbol> </svg> <svg style="display:none;height:0;"> <symbol id="site-logo" viewBox="0 0 164 18"> <path fill="#3F4644" d="M0,9L0,9c0-0.9,0.2-1.8,0.5-2.6c0.3-0.8,0.8-1.5,1.4-2.1c0.6-0.6,1.4-1.1,2.2-1.4s1.7-0.5,2.5-0.4 c0.9,0,1.9,0.1,2.7,0.5c0.9,0.3,1.7,0.9,2.3,1.5l-1.4,1.6c-1-0.9-2.1-1.6-3.6-1.6c-2.4,0-4.2,2-4.2,4.5v0c0,2.5,1.8,4.5,4.2,4.5 c1.6,0,2.6-0.6,3.7-1.6l1.5,1.4c-0.7,0.7-1.5,1.3-2.4,1.7c-0.9,0.4-1.9,0.6-2.9,0.5c-0.9,0-1.7-0.1-2.5-0.5 c-0.8-0.3-1.5-0.8-2.1-1.4c-0.6-0.6-1.1-1.3-1.4-2.1C0.1,10.8,0,9.9,0,9z"/> <path fill="#3F4644" d="M54.7,10.3l-2.2-5.1l-2.2,5.1H54.7z M51.5,2.6h2.1l5.7,12.8h-2.4l-1.3-3.1h-6.1l-1.3,3.1h-2.3L51.5,2.6z"/> <path fill="#3F4644" d="M70.6,2.7h2.3v10.6h6.8v2h-9V2.7z"/> <path fill="#3F4644" d="M91.1,2.7h9.6v2h-7.3v3.5h6.5v2h-6.5v5.2h-2.3V2.7z"/> <path fill="#3F4644" d="M114.8,2.7h-2.3v12.7h2.3V2.7z"/> <path fill="#3F4644" d="M132.9,8.9c1.6,0,2.6-0.8,2.6-2.1v0c0-1.4-1-2.1-2.7-2.1h-3.3v4.3H132.9z M127.4,2.7h5.7 c1.6,0,2.9,0.5,3.7,1.3c0.3,0.4,0.6,0.8,0.8,1.3c0.2,0.5,0.3,1,0.3,1.5v0c0,2.1-1.3,3.3-3,3.8l3.5,4.8h-2.7l-3.2-4.4h-2.8v4.4 h-2.3V2.7z"/> <path fill="#3F4644" d="M31.8,0l-6.5,3.7v7.4l6.5,3.7l6.5-3.7V3.7L31.8,0z M27.4,10v-5l4.4-2.5l4.4,2.5v5l-4.4,2.5L27.4,10z"/> <path fill="#D5541C" d="M19.8,6.8v7.4l6.5,3.7l6.5-3.7V6.8l-6.5-3.7L19.8,6.8z M21.9,13.1V8l4.4-2.5L30.8,8v5l-4.4,2.5L21.9,13.1z"/> <path fill="#3F4644" d="M149.8,2.7h9.5v2h-7.3V8h6.4v2h-6.4v3.4h7.4v2h-9.6V2.7z"/> <path fill="#3F4644" d="M162.3,13.9h-0.3v0.4h0.3c0.2,0,0.3-0.1,0.3-0.2C162.5,13.9,162.4,13.9,162.3,13.9z M162.5,14.5l0.4,0.5h-0.3 l-0.3-0.5h-0.3V15h-0.3v-1.4h0.6c0.3,0,0.5,0.2,0.5,0.4c0,0.1,0,0.2-0.1,0.3C162.7,14.4,162.6,14.4,162.5,14.5z M162.2,13.2 c-0.2,0-0.5,0.1-0.6,0.2c-0.2,0.1-0.3,0.3-0.4,0.5c-0.1,0.2-0.1,0.4-0.1,0.7s0.2,0.4,0.3,0.6c0.2,0.2,0.4,0.3,0.6,0.3 c0.2,0,0.5,0,0.7-0.1c0.2-0.1,0.4-0.2,0.5-0.4c0.1-0.2,0.2-0.4,0.2-0.6c0-0.2,0-0.3-0.1-0.4c-0.1-0.1-0.1-0.3-0.3-0.4 c-0.1-0.1-0.2-0.2-0.4-0.3C162.5,13.2,162.4,13.2,162.2,13.2z M162.2,15.6c-0.3,0-0.5-0.1-0.7-0.2c-0.2-0.1-0.4-0.3-0.5-0.6 c-0.1-0.2-0.1-0.5-0.1-0.7c0.1-0.2,0.2-0.5,0.4-0.7c0.2-0.2,0.4-0.3,0.7-0.3c0.2,0,0.5,0,0.7,0.1c0.2,0.1,0.4,0.3,0.6,0.5 c0.1,0.2,0.2,0.5,0.2,0.7c0,0.2,0,0.3-0.1,0.5c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.2-0.4,0.3 C162.5,15.6,162.4,15.6,162.2,15.6z"/> </symbol> <symbol id="site-logo-light" viewBox="0 0 164 18"> <path fill="#ffffff" d="M0,9L0,9c0-0.9,0.2-1.8,0.5-2.6c0.3-0.8,0.8-1.5,1.4-2.1c0.6-0.6,1.4-1.1,2.2-1.4s1.7-0.5,2.5-0.4 c0.9,0,1.9,0.1,2.7,0.5c0.9,0.3,1.7,0.9,2.3,1.5l-1.4,1.6c-1-0.9-2.1-1.6-3.6-1.6c-2.4,0-4.2,2-4.2,4.5v0c0,2.5,1.8,4.5,4.2,4.5 c1.6,0,2.6-0.6,3.7-1.6l1.5,1.4c-0.7,0.7-1.5,1.3-2.4,1.7c-0.9,0.4-1.9,0.6-2.9,0.5c-0.9,0-1.7-0.1-2.5-0.5 c-0.8-0.3-1.5-0.8-2.1-1.4c-0.6-0.6-1.1-1.3-1.4-2.1C0.1,10.8,0,9.9,0,9z"/> <path fill="#ffffff" d="M54.7,10.3l-2.2-5.1l-2.2,5.1H54.7z M51.5,2.6h2.1l5.7,12.8h-2.4l-1.3-3.1h-6.1l-1.3,3.1h-2.3L51.5,2.6z"/> <path fill="#ffffff" d="M70.6,2.7h2.3v10.6h6.8v2h-9V2.7z"/> <path fill="#ffffff" d="M91.1,2.7h9.6v2h-7.3v3.5h6.5v2h-6.5v5.2h-2.3V2.7z"/> <path fill="#ffffff" d="M114.8,2.7h-2.3v12.7h2.3V2.7z"/> <path fill="#ffffff" d="M132.9,8.9c1.6,0,2.6-0.8,2.6-2.1v0c0-1.4-1-2.1-2.7-2.1h-3.3v4.3H132.9z M127.4,2.7h5.7 c1.6,0,2.9,0.5,3.7,1.3c0.3,0.4,0.6,0.8,0.8,1.3c0.2,0.5,0.3,1,0.3,1.5v0c0,2.1-1.3,3.3-3,3.8l3.5,4.8h-2.7l-3.2-4.4h-2.8v4.4 h-2.3V2.7z"/> <path fill="#ffffff" d="M31.8,0l-6.5,3.7v7.4l6.5,3.7l6.5-3.7V3.7L31.8,0z M27.4,10v-5l4.4-2.5l4.4,2.5v5l-4.4,2.5L27.4,10z"/> <path fill="#D5541C" d="M19.8,6.8v7.4l6.5,3.7l6.5-3.7V6.8l-6.5-3.7L19.8,6.8z M21.9,13.1V8l4.4-2.5L30.8,8v5l-4.4,2.5L21.9,13.1z"/> <path fill="#ffffff" d="M149.8,2.7h9.5v2h-7.3V8h6.4v2h-6.4v3.4h7.4v2h-9.6V2.7z"/> <path fill="#ffffff" d="M162.3,13.9h-0.3v0.4h0.3c0.2,0,0.3-0.1,0.3-0.2C162.5,13.9,162.4,13.9,162.3,13.9z M162.5,14.5l0.4,0.5h-0.3 l-0.3-0.5h-0.3V15h-0.3v-1.4h0.6c0.3,0,0.5,0.2,0.5,0.4c0,0.1,0,0.2-0.1,0.3C162.7,14.4,162.6,14.4,162.5,14.5z M162.2,13.2 c-0.2,0-0.5,0.1-0.6,0.2c-0.2,0.1-0.3,0.3-0.4,0.5c-0.1,0.2-0.1,0.4-0.1,0.7s0.2,0.4,0.3,0.6c0.2,0.2,0.4,0.3,0.6,0.3 c0.2,0,0.5,0,0.7-0.1c0.2-0.1,0.4-0.2,0.5-0.4c0.1-0.2,0.2-0.4,0.2-0.6c0-0.2,0-0.3-0.1-0.4c-0.1-0.1-0.1-0.3-0.3-0.4 c-0.1-0.1-0.2-0.2-0.4-0.3C162.5,13.2,162.4,13.2,162.2,13.2z M162.2,15.6c-0.3,0-0.5-0.1-0.7-0.2c-0.2-0.1-0.4-0.3-0.5-0.6 c-0.1-0.2-0.1-0.5-0.1-0.7c0.1-0.2,0.2-0.5,0.4-0.7c0.2-0.2,0.4-0.3,0.7-0.3c0.2,0,0.5,0,0.7,0.1c0.2,0.1,0.4,0.3,0.6,0.5 c0.1,0.2,0.2,0.5,0.2,0.7c0,0.2,0,0.3-0.1,0.5c-0.1,0.2-0.2,0.3-0.3,0.4c-0.1,0.1-0.3,0.2-0.4,0.3 C162.5,15.6,162.4,15.6,162.2,15.6z"/> </symbol> </svg> <a href="#site-main" class="skip-link"> Skip to main content </a> <header class="siteHeader"> <div class="siteHeader__wrapper"> <a href="/" class="siteHeader__home"> <svg class="siteHeader__logo"> <use href="#site-logo" /> </svg> <span class="sr-only">Homepage</span> </a> <nav class="siteHeader__mobileNavigation mobileNavigation"> <button type="button" class="mobileNavigation__menuButton hamburger hamburger--collapse" aria-expanded="false" aria-controls="mobile-menu" data-menu-button="mobile-menu" data-open-with-transition="true" data-active-class="is-active" id="mobile-menu-button" > <span class="hamburger-box"> <span class="hamburger-inner"></span> </span> <span class="sr-only"> Mobile Menu </span> </button> <ul class="mobileNavigation__list" data-arrow-navigation data-menu="mobile-menu" aria-hidden="true" aria-labelledby="mobile-menu-button" data-active-class="mobileNavigation__list--active" id="mobile-menu" inert > <li class="mobileNavigation__item"> <form action="/search" method="GET" class="mobileNavigation__search search"> <svg class="search__icon"> <use href="#fa-magnifying-glass" /> </svg> <label for="search" class="sr-only">Search Coalfire.com</label> <input type="search" name="q" id="search" placeholder="Search Coalfire.com" class="mobileNavigation__searchInput search__input" data-search-input /> <button type="submit" class="mobileNavigation__inputButton button search__inputButton"> <svg class="search__inputButtonIcon"> <use href="#fa-arrow-right-long" /> </svg> </button> </form> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-1" data-menu-button="submenu-1" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Services <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-1" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-1" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-1"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Services </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/advisory" target=""> <h3 class="mobileNavigation__columnTitle"> Advisory </h3> Our professional services advise on all global GRC frameworks. <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/assessment" target=""> <h3 class="mobileNavigation__columnTitle"> Assessment </h3> Coordinated assessment services combined with our tech reduces tasks by up to 75% <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/services/security" target=""> <h3 class="mobileNavigation__columnTitle"> Security </h3> Cyber Security services paired with Hexeon and ThreadFix technologies defend against formidable threats <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-2" data-menu-button="submenu-2" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Industries <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-2" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-2" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-2"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Industries </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/financial-services" target=""> <h3 class="mobileNavigation__columnTitle"> Financial Services </h3> FinTech, payment processors, and banks decrease vulnerabilities using our services and to monitor 24/7 <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/healthcare-life-sciences" target=""> <h3 class="mobileNavigation__columnTitle"> Healthcare &amp; Life Sciences </h3> To remain HIPAA compliant, our cybersecurity services help you protect customer data 24/7 <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/retail" target=""> <h3 class="mobileNavigation__columnTitle"> Retail </h3> Retailers use our compliance services to improve security, assess cardholder data, and leverage a risk-based strategy approach to protect their customers <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/industries/tech-software" target=""> <h3 class="mobileNavigation__columnTitle"> Tech &amp; Software </h3> Leading SaaS and IaaS companies achieve FedRAMP and implement GRC in less time <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-3" data-menu-button="submenu-3" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > Resources <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-3" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-3" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-3"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> Resources </span> </h2> <div class="mobileNavigation__columnWrapper"> <a class="mobileNavigation__columnDescriptionCta" href="https://coalfire.com/insights/resources" target=""> <h3 class="mobileNavigation__columnTitle"> Resources </h3> View all resources <svg class="mobileNavigation__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <span class="mobileNavigation__columnType"> By Topic </span> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=offensive-security" target="" class="mobileNavigation__link"> Cybersecurity </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=corporate" target="" class="mobileNavigation__link"> Corporate </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=strategy-privacy-and-risk" target="" class="mobileNavigation__link"> Cyber Risk </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=application-security" target="" class="mobileNavigation__link"> Application security </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=cloud" target="" class="mobileNavigation__link"> Cloud </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=compliance" target="" class="mobileNavigation__link"> Compliance </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=threadfix" target="" class="mobileNavigation__link"> ThreadFix® </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=compliance-essentials" target="" class="mobileNavigation__link"> Compliance Essentials </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=hexeon" target="" class="mobileNavigation__link"> Hexeon® </a> </li> <li class="mobileNavigation__listItem"> <a href="/insights/resources?topic=fedramp" target="" class="mobileNavigation__link"> FedRAMP® </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <span class="mobileNavigation__columnType"> By Type </span> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=case-studies" target="" class="mobileNavigation__link"> Case Studies </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=data-sheet" target="" class="mobileNavigation__link"> Data Sheets </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=video" target="" class="mobileNavigation__link"> Video </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=webinars" target="" class="mobileNavigation__link"> Webinars </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=white-papers" target="" class="mobileNavigation__link"> White Papers </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources?type=reports" target="" class="mobileNavigation__link"> Reports </a> </li> </ul> </div> </div> </li> <li class="mobileNavigation__item"> <button type="button" class="mobileNavigation__trigger" aria-expanded="false" aria-controls="submenu-4" data-menu-button="submenu-4" data-open-with-transition="true" data-active-class="mobileNavigation__trigger--active" id="submenu-button" > About <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-right" /> </svg> </span> </button> <div class="mobileNavigation__column" data-arrow-navigation data-menu="submenu-4" aria-hidden="true" aria-labelledby="submenu-button" data-active-class="mobileNavigation__column--active" id="submenu-4" inert > <h2 class="mobileNavigation__heading"> <button type="button" class="mobileNavigation__back" data-menu-back="submenu-4"> <span class="sr-only">Back to Parent Menu</span> <span class="mobileNavigation__triggerIconWrapper"> <svg class="mobileNavigation__triggerIcon icon icon--chevron-right" aria-hidden="true" role="presentation"> <use href="#fa-angle-left" /> </svg> </span> </button> <span class="mobileNavigation__headingText"> About </span> </h2> <div class="mobileNavigation__columnWrapper"> <h3 class="mobileNavigation__columnTitle"> Company </h3> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/our-story" target="" class="mobileNavigation__link"> The Coalfire Story </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/leadership" target="" class="mobileNavigation__link"> Leadership </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/diversity-and-inclusion" target="" class="mobileNavigation__link"> Diversity &amp; Inclusion </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/research-and-development" target="" class="mobileNavigation__link"> Research &amp; Development </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/resources/coalfire-academy-education/ai-risk-1" target="" class="mobileNavigation__link"> Education: Coalfire Academy </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/richard-dakin-fund" target="" class="mobileNavigation__link"> Richard E. Dakin Fund </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/partners" target="" class="mobileNavigation__link"> Partners </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/contact-us" target="" class="mobileNavigation__link"> Contact Us </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/about/careers" target="" class="mobileNavigation__link"> Careers </a> </li> </ul> </div> <div class="mobileNavigation__columnWrapper"> <h3 class="mobileNavigation__columnTitle"> News &amp; Events </h3> <ul class="mobileNavigation__columnList"> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/press-releases" target="" class="mobileNavigation__link"> Press Releases </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/in-the-news" target="" class="mobileNavigation__link"> In the News </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/the-coalfire-blog" target="" class="mobileNavigation__link"> Coalfire Articles </a> </li> <li class="mobileNavigation__listItem"> <a href="https://coalfire.com/insights/news-and-events/events" target="" class="mobileNavigation__link"> Events </a> </li> </ul> </div> </div> </li> </ul> </nav> <nav class="siteHeader__navigation navigation"> <ul class="navigation__list" data-arrow-navigation> <h2 class="navigation__heading sr-only"> Menu </h2> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-one" data-menu-button="menu-one" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-one-button" > Services <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-one" aria-hidden="true" aria-labelledby="menu-one-button" data-active-class="navigation__megaMenu--active" id="menu-one" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/advisory" target=""> <h3 class="megaMenu__columnTitle"> Advisory </h3> Our professional services advise on all global GRC frameworks. <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/assessment" target=""> <h3 class="megaMenu__columnTitle"> Assessment </h3> Coordinated assessment services combined with our tech reduces tasks by up to 75% <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/services/security" target=""> <h3 class="megaMenu__columnTitle"> Security </h3> Cyber Security services paired with Hexeon and ThreadFix technologies defend against formidable threats <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-two" data-menu-button="menu-two" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-two-button" > Industries <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-two" aria-hidden="true" aria-labelledby="menu-two-button" data-active-class="navigation__megaMenu--active" id="menu-two" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/financial-services" target=""> <h3 class="megaMenu__columnTitle"> Financial Services </h3> FinTech, payment processors, and banks decrease vulnerabilities using our services and to monitor 24/7 <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/healthcare-life-sciences" target=""> <h3 class="megaMenu__columnTitle"> Healthcare &amp; Life Sciences </h3> To remain HIPAA compliant, our cybersecurity services help you protect customer data 24/7 <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/retail" target=""> <h3 class="megaMenu__columnTitle"> Retail </h3> Retailers use our compliance services to improve security, assess cardholder data, and leverage a risk-based strategy approach to protect their customers <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/industries/tech-software" target=""> <h3 class="megaMenu__columnTitle"> Tech &amp; Software </h3> Leading SaaS and IaaS companies achieve FedRAMP and implement GRC in less time <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-three" data-menu-button="menu-three" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-three-button" > Resources <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-three" aria-hidden="true" aria-labelledby="menu-three-button" data-active-class="navigation__megaMenu--active" id="menu-three" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <a class="megaMenu__columnDescriptionCta" href="https://coalfire.com/insights/resources" target=""> <h3 class="megaMenu__columnTitle"> Resources </h3> View all resources <svg class="megaMenu__columnDescriptionIcon"><use href="#fa-arrow-right-long-light" /></svg> </a> </div> <div class="megaMenu__column megaMenu__column--divider"> <ul class="megaMenu__columnList"> <li class="megaMenu__listItem"> <span class="megaMenu__columnType"> By Topic </span> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=offensive-security" target="" class="megaMenu__link"> Cybersecurity </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=corporate" target="" class="megaMenu__link"> Corporate </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=strategy-privacy-and-risk" target="" class="megaMenu__link"> Cyber Risk </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=application-security" target="" class="megaMenu__link"> Application security </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=cloud" target="" class="megaMenu__link"> Cloud </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=compliance" target="" class="megaMenu__link"> Compliance </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=threadfix" target="" class="megaMenu__link"> ThreadFix® </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=compliance-essentials" target="" class="megaMenu__link"> Compliance Essentials </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=hexeon" target="" class="megaMenu__link"> Hexeon® </a> </li> <li class="megaMenu__listItem"> <a href="/insights/resources?topic=fedramp" target="" class="megaMenu__link"> FedRAMP® </a> </li> </ul> </div> <div class="megaMenu__column "> <ul class="megaMenu__columnList"> <li class="megaMenu__listItem"> <span class="megaMenu__columnType"> By Type </span> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=case-studies" target="" class="megaMenu__link"> Case Studies </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=data-sheet" target="" class="megaMenu__link"> Data Sheets </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=video" target="" class="megaMenu__link"> Video </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=webinars" target="" class="megaMenu__link"> Webinars </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=white-papers" target="" class="megaMenu__link"> White Papers </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources?type=reports" target="" class="megaMenu__link"> Reports </a> </li> </ul> </div> </div> </div> </div> </li> <li class="navigation__item"> <button type="button" class="navigation__trigger" aria-expanded="false" aria-controls="menu-four" data-menu-button="menu-four" data-active-class="navigation__trigger--active" data-content-area=".megaMenu__container" id="menu-four-button" > About <span class="navigation__triggerIconWrapper"> <svg class="navigation__triggerIcon" aria-hidden="true" role="presentation"> <use href="#fa-angle-down-light" /> </svg> </span> </button> <div class="megaMenu navigation__megaMenu" data-arrow-navigation data-menu="menu-four" aria-hidden="true" aria-labelledby="menu-four-button" data-active-class="navigation__megaMenu--active" id="menu-four" inert > <div class="megaMenu__container"> <div class="megaMenu__wrapper"> <div class="megaMenu__column "> <h3 class="megaMenu__columnTitle"> Company </h3> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/our-story" target="" class="megaMenu__link"> The Coalfire Story </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/leadership" target="" class="megaMenu__link"> Leadership </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/diversity-and-inclusion" target="" class="megaMenu__link"> Diversity &amp; Inclusion </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/research-and-development" target="" class="megaMenu__link"> Research &amp; Development </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/resources/coalfire-academy-education/ai-risk-1" target="" class="megaMenu__link"> Education: Coalfire Academy </a> </li> </ul> </div> <div class="megaMenu__column "> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/richard-dakin-fund" target="" class="megaMenu__link"> Richard E. Dakin Fund </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/partners" target="" class="megaMenu__link"> Partners </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/contact-us" target="" class="megaMenu__link"> Contact Us </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/about/careers" target="" class="megaMenu__link"> Careers </a> </li> </ul> </div> <div class="megaMenu__column megaMenu__column--divider"> <h3 class="megaMenu__columnTitle"> News &amp; Events </h3> <ul class="megaMenu__columnList megaMenu__columnList--titleGap"> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/press-releases" target="" class="megaMenu__link"> Press Releases </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/in-the-news" target="" class="megaMenu__link"> In the News </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/the-coalfire-blog" target="" class="megaMenu__link"> Coalfire Articles </a> </li> <li class="megaMenu__listItem"> <a href="https://coalfire.com/insights/news-and-events/events" target="" class="megaMenu__link"> Events </a> </li> </ul> </div> </div> </div> </div> </li> </ul> </nav> <nav class="siteHeader__secondaryNav navigation"> <ul class="navigation__list" data-arrow-navigation> <h2 class="navigation__heading sr-only"> Menu </h2> <li class="navigation__item -modal" data-modal> <button class="navigation__trigger" data-modal-button> <svg class="navigation__searchIcon"> <use href="#fa-magnifying-glass" /> </svg> <span class="navigation__searchText">Search</span> </button> <dialog data-dialog class="navigation__dialog dialog"> <div class="navigation__dialogWrapper"> <form action="/search" method="GET" class="navigation__form search"> <svg class="search__icon"> <use href="#fa-magnifying-glass" /> </svg> <label for="search" class="sr-only">Search Coalfire.com</label> <input type="search" name="q" id="search" placeholder="Search Coalfire.com" class="navigation__formInput search__input" data-search-input /> <button type="submit" class="navigation__formButton button search__inputButton"> <svg class="search__inputButtonIcon"> <use href="#fa-arrow-right-long" /> </svg> </button> </form> <button class="navigation__dialogClose" data-modal-close> <span class="sr-only">Close Dialog</span> X </button> </div> </dialog> </li> <li class="navigation__item"> <a class="navigation__trigger" href="https://account.coalfire.com/dashboard" target="_blank"> Customer Login </a> </li> <li class="navigation__item"> <a href="https://coalfire.com/about/contact-us" target="" class="navigation__button button"> Contact Us <span class="button__icon"> <svg><use href="#fa-arrow-right-long" /></svg> </span> </a> </li> </ul> </nav> </div> </header> <main role="main" id="site-main"> <section class="heroWithImage heroWithImage--dark "> <div class="heroWithImage__container"> <div class="heroWithImage__content"> <h1 class="heroWithImage__title"> Research and development team </h1> <p class="heroWithImage__subtitle"> Creating cutting-edge, open-source security tools that advance operational tradecraft for the security industry and provide clients with more realistic adversary simulations. </p> </div> </div> </section> <section class="twoColumnLayout twoColumnLayout--light" ><div class="twoColumnLayout__container"><div class="twoColumnLayout__row"><div class="twoColumnLayout__column"><div class="twoColumnLayout__textBlocks textBlocks"><div class="textBlocks__block"><h3 class="textBlocks__title"> Finding creative solutions to solve the world’s most difficult security problems </h3><div class="textBlocks__text"><p>Improving the security and privacy of data and systems internally and for the broader security community requires a deep commitment to innovation. It’s through our research and development team that we’re able to develop new research, create security tools, and publish technical artifacts that contribute to the continuous improvement of the offensive security space.</p></div></div></div></div><div class="twoColumnLayout__column"><div class="twoColumnLayout__imageBlock"><div class="twoColumnLayout__imageWrapper"><picture class="twoColumnLayout__image"><source data-sizes="auto" data-srcset="/assets/imager/images/About/Research-and-Development/15837/intro_98edf1443e0d9b3e52b3d719c6b1d6f9.webp 300w, /assets/imager/images/About/Research-and-Development/15837/intro_165059becc3e0edd115b9e109c59d8ec.webp 600w, /assets/imager/images/About/Research-and-Development/15837/intro_4be728a53ab8953813124ff77c2a3e8c.webp 800w" type="image/webp" alt="coalfire written on a street sign in front of a group of people looking at a wall of graffiti" /><img alt="coalfire written on a street sign in front of a group of people looking at a wall of graffiti" src='data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" height="444" width="800"></svg>' class="lazyload twoColumnLayout__image" data-sizes="auto" data-srcset="/assets/imager/images/About/Research-and-Development/15837/intro_98edf1443e0d9b3e52b3d719c6b1d6f9.jpg 300w, /assets/imager/images/About/Research-and-Development/15837/intro_165059becc3e0edd115b9e109c59d8ec.jpg 600w, /assets/imager/images/About/Research-and-Development/15837/intro_4be728a53ab8953813124ff77c2a3e8c.jpg 800w" alt="coalfire written on a street sign in front of a group of people looking at a wall of graffiti" /></picture></div></div></div></div></div></section><section class="featuredTextCards featuredTextCards--light " ><div class="featuredTextCards__container"><div class="featuredTextCards__row"><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Join our team of innovators. </h3><div class="textCard__text"><p>Ready to solve some of the world's toughest cybersecurity challenges? Explore our open positions.</p></div><a href="https://coalfire.com/about/careers" class="textCard__cta"> Apply today <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Stay a step ahead. </h3><div class="textCard__text"><p>Follow our R&amp;D team on Twitter to hear about our latest projects and tools.</p></div><a href="https://twitter.com/coalfire" class="textCard__cta"> See the latest <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div></div><div class="featuredTextCards__container"></div></div></section><section class="featuredTextCards featuredTextCards--dark " ><div class="featuredTextCards__container"><header class="featuredTextCards__header contentHeader "><h2 class="contentHeader__title"> Featured tools </h2></header><div class="featuredTextCards__row"><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> ERC </h3><div class="textCard__text"><p>ERC is an open source Windows exploit development framework that is available on GitHub as an API or a X64dbg plugin.</p></div><a href="https://github.com/Coalfire-Research/ERC.Net/tree/main/ERC" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> iOS 11 Jailbreak </h3><div class="textCard__text"><p>For iOS 11.1.2 (15B202) – if you don’t have this exact version, it won’t work for you.</p></div><a href="https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div></div><div class="featuredTextCards__container"></div></div></section><section class="featuredTextCards featuredTextCards--light " ><div class="featuredTextCards__container"><header class="featuredTextCards__header contentHeader -orangeTitle"><h2 class="contentHeader__title"> Key tools and findings </h2></header><div class="featuredTextCards__row"><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> ERC </h3><div class="textCard__text"><p>ERC is an open source Windows exploit development framework that is available on GitHub as an API or a X64dbg plugin.</p></div><a href="https://github.com/Coalfire-Research/ERC.Net/tree/main/ERC" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> iOS 11 Jailbreak </h3><div class="textCard__text"><p>For iOS 11.1.2 (15B202) – if you don’t have this exact version, it won’t work for you.</p></div><a href="https://github.com/Coalfire-Research/iOS-11.1.2-15B202-Jailbreak" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> IP_Sampler </h3><div class="textCard__text"><p>Give the script a newline separated list of subnets, and it scans each subnet for life hosts and writes a certain percentage of random live IPs from each subnet to a SampleIPs.txt.</p></div><a href="https://github.com/Coalfire-Research/IP-sampler" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Nmap-Extensions </h3><div class="textCard__text"><p>Detect cve2012-0053 with this Nmap plugin.</p></div><a href="https://github.com/Coalfire-Research/Nmap-Extensions" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> The dangers of client probing on Palo Alto firewalls </h3><div class="textCard__text"><p>Gain a better understanding of the risks associated with User-ID and the particularly dangerous Client Probing option within it.</p></div><a href="https://coalfire.com/the-coalfire-blog/the-dangers-client-probing-on-palo-alto-firewalls" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> ERC.Net </h3><div class="textCard__text"><p>Used for debugging Windows application crashes. ERC.Net supports 64- and 32-bit applications; parses DLL/EXE headers; identifies compile time flags (ASLR, DEP, SafeSEH); generates non-repeating patterns and platform-specific egg hunters; and more.</p></div><a href="https://github.com/Coalfire-Research/ERC.Net" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> ERC.Xdbg </h3><div class="textCard__text"><p>Assists in exploit development process with an X64dbg plugin built around the ERC library.</p></div><a href="https://github.com/Coalfire-Research/ERC.Xdbg" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Fuzzing: common tools and techniques </h3><div class="textCard__text"><p>A software testing methodology, fuzzing is used from a black- or white-box perspective and provides deliberately malformed inputs to an application to identify errors that could cause further compromise.</p></div><a href="https://coalfire.com/the-coalfire-blog/fuzzing-common-tools-and-techniques" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> The basics of exploit development </h3><div class="textCard__text"><p>Learn more about the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin.</p></div><a href="https://coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-1" class="textCard__cta"> Part 1: The basics <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Internet of Things </h3><div class="textCard__text"><p>See how easy it was for hackers to attempt to cause life-threatening harm by weaponizing one of today’s increasingly common and cheap devices: a 3D printer.</p></div><a href="https://coalfire.com/the-coalfire-blog/with-iot-common-devices-pose-new-threats" class="textCard__cta"> Part 1: IoT devices pose new threats <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> NPK </h3><div class="textCard__text"><p>Built from serverless components in AWS and designed for easy deployment, NPK brings high-power hash-cracking to everyone.</p></div><a href="https://coalfire.com/the-coalfire-blog/high-power-hash-cracking-with-npk" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> HashBot </h3><div class="textCard__text"><p>Send hashes to hashcat to be cracked with this Willie module. As soon as a hash is cracked, HashBot PMs the invoker with the cracked hash and plaintext.</p></div><a href="https://github.com/Coalfire-Research/HashBot" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Git-user.rb </h3><div class="textCard__text"><p>An OSINT tool specifically for developers.</p></div><a href="https://github.com/Coalfire-Research/Git-Scrapers" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Pymetasploit3 </h3><div class="textCard__text"><p>A full-fledged Python3 Metasploit automation library that can interact with Metasploit through msfrpcd or the msgrpc plugin in msfconsole.</p></div><a href="https://coalfire.com/the-coalfire-blog/pymetasploit3-metasploit-automation-library" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Executing Metepreter on Windows 10 </h3><div class="textCard__text"><p>Windows Defender blocks Metasploit’s Web Delivery module. Learn an alternate way to achieve the same goal – without dropping files on the host system – and provide more options depending on which ports can egress the network.</p></div><a href="https://coalfire.com/the-coalfire-blog/executing-meterpreter-on-windows-10" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> PowerShell: in-memory injection using certUtil.exe </h3><div class="textCard__text"><p>Use PowerShell, Invoke-CradleCrafter, and Microsoft’s Certutil.exe to craft a payload and one-liner that can evade Windows Defender, and get tips to avoid getting caught by intrusion detection systems and behavior analysis.</p></div><a href="https://coalfire.com/the-coalfire-blog/powershell-in-memory-injection-using-certutil-exe" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Slackor </h3><div class="textCard__text"><p>A Golang implant that uses Slack as a command-and-control channel.</p></div><a href="https://github.com/Coalfire-Research/Slackor" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Twittor </h3><div class="textCard__text"><p>A stealthy Python-based backdoor that uses Twitter direct messages as a command-and-control service.</p></div><a href="https://github.com/Coalfire-Research/twittor" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> DeathMetal </h3><div class="textCard__text"><p>A suite of tools that interact with Intel AMT.</p></div><a href="https://coalfire.com/the-coalfire-blog/the-death-metal-suite" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Reverse engineering and patching with Ghidra </h3><div class="textCard__text"><p>Delve into reverse engineering and patching software using the open-source NSA tool Ghidra, which rivals expensive competitors (e.g., IDA Pro) in value and ease of use.</p></div><a href="https://coalfire.com/the-coalfire-blog/reverse-engineering-and-patching-with-ghidra" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> SQLinator </h3><div class="textCard__text"><p>Use mitmproxy to intercept all HTTP traffic and automatically forward HTTP GET and Post requests to SQLMap’s API to test for SQLi and XSS.</p></div><a href="https://github.com/Coalfire-Research/sqlinator" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> AnomalousCookie.py </h3><div class="textCard__text"><p>Auto fuzz cookies to detect weaknesses that can lead to additional vulnerabilities and create screenshots.</p></div><a href="https://coalfire.com/the-coalfire-blog/epic-holiday-cookie-baking" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Java Deserialization Exploits </h3><div class="textCard__text"><p>Explore a collection of curated Java deserialization exploits.</p></div><a href="https://coalfire.com/the-coalfire-blog/exploiting-blind-java-deserialization" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> The right way to test JSON parameters with Burp </h3><div class="textCard__text"><p>Discover a Burp trick to help find instances of command execution and lots of SQL injection in other applications.</p></div><a href="https://coalfire.com/the-coalfire-blog/the-right-way-to-test-json-parameters-with-burp" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Carvajal </h3><div class="textCard__text"><p>Helper functions for describing AWS infrastructure. Intended for writing tests, Carvajal can also monitor and audit. Look up variables, data sources, and other terraform objects with terraform helpers.</p></div><a href="https://github.com/coalfire/carvajal" class="textCard__cta"> Learn more <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div><div class="featuredTextCards__textCard textCard"><div class="textCard__wrapper"><h3 class="textCard__title"> Compliance testing </h3><div class="textCard__text"><p>Get real-life lessons that you can apply to your security program from our pen tester who found two zero-days and used them to break a system from no access to work.</p></div><a href="https://coalfire.com/the-coalfire-blog/getting-more-from-a-compliance-test" class="textCard__cta"> Read the blog post <svg class="textCard__ctaIcon"><use href="#fa-arrow-right-long" /></svg></a></div></div></div><div class="featuredTextCards__container"></div></div></section> </main> <footer class="siteFooter"> <div class="siteFooter__main"> <div class="siteFooter__container"> <a href="/" class="siteFooter__home"> <svg class="siteFooter__logo"> <use href="#site-logo-light" /> </svg> <span class="sr-only">Homepage</span> </a> <nav class="siteFooter__nav"> <ul class="siteFooter__navList"> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/privacy" target="" class="siteFooter__navLink"> Privacy Policy </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/cookies" target="" class="siteFooter__navLink"> Cookie Policy </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/agreements/accessibility-statement" target="" class="siteFooter__navLink"> Accessibility </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/legal" target="" class="siteFooter__navLink"> Legal </a> </li> <li class="siteFooter__navListItem"> <a href="https://coalfire.com/about/contact-us" target="" class="siteFooter__navLink"> Contact </a> </li> </ul> </nav> </div> </div> <div class="siteFooter__secondary"> <div class="siteFooter__container"> <p class="siteFooter__legalText"> Copyright © 2024 Coalfire Systems, Inc. All rights reserved. Coalfire, the Coalfire Logo, CoalfireOne, the Coalfire|Talks Logo, the Hexagon Logo, Hexeon, Neuralys, RAMP/pak, RAMP/pak+, RAMPcon, the RAMPcon Logo, and ThreadFix are trademarks or registered trademarks of Coalfire Systems, Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners. </p> <nav class="siteFooter__socialNav"> <ul class="siteFooter__socialNavList"> <li class="siteFooter__socialListItem"> <a href="https://www.facebook.com/coalfiresys/" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-square-facebook" /> </svg> <span class="sr-only">Facebook</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://twitter.com/coalfire" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-x-twitter" /> </svg> <span class="sr-only">X Twitter</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://www.linkedin.com/company/coalfire-systems-inc-/" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-linkedin-in" /> </svg> <span class="sr-only">Linkedin</span> </a> </li> <li class="siteFooter__socialListItem"> <a href="https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg" target="_blank" class="siteFooter__socialLink"> <svg class="siteFooter__socialIcon"> <use href="#fa-youtube" /> </svg> <span class="sr-only">YouTube</span> </a> </li> </ul> </nav> </div> </div> </footer> <script type="application/ld+json">{"@context":"http://schema.org","@graph":[{"@type":"WebPage","author":{"@id":"https://coalfire.com#identity"},"copyrightHolder":{"@id":"https://coalfire.com#identity"},"copyrightYear":"2024","creator":{"@id":"https://coalfire.com#creator"},"dateCreated":"2024-03-06T11:43:17-05:00","dateModified":"2024-07-22T12:09:05-04:00","datePublished":"2024-03-06T11:43:00-05:00","description":"The Coalfire Labs Research and Development team develops security tools, identifies vulnerabilities, and provides knowledge and insights into the latest malware trends and attacker techniques, tactics, and procedures.","headline":"Research and development","image":{"@type":"ImageObject","url":"https://assets.coalfire.com/prod/images/transforms/_1200x630_crop_center-center_82_none/default-card.png?mtime=1710449265"},"inLanguage":"en-us","mainEntityOfPage":"https://coalfire.com/about/research-and-development","name":"Research and development","publisher":{"@id":"https://coalfire.com#creator"},"url":"https://coalfire.com/about/research-and-development"},{"@id":"https://coalfire.com#identity","@type":"LocalBusiness","address":{"@type":"PostalAddress","addressCountry":"US","addressLocality":"Greenwood Village","addressRegion":"CO","postalCode":"80111","streetAddress":"8480 E Orchard Rd., Suite 5800"},"geo":{"@type":"GeoCoordinates","latitude":"39.607910","longitude":"-104.890720"},"image":{"@type":"ImageObject","height":"20","url":"https://s3.us-east-2.amazonaws.com/coalfire.com/prod/images/coalfire-logo-dark.png","width":"165"},"logo":{"@type":"ImageObject","height":"60","url":"https://assets.coalfire.com/prod/images/transforms/_600x60_fit_center-center_82_none/coalfire-logo-dark.png?mtime=1711569942","width":"495"},"name":"Coalfire","priceRange":"$","sameAs":["https://twitter.com/coalfire","https://www.facebook.com/coalfiresys/","https://www.linkedin.com/company/coalfire-systems-inc-/","https://www.youtube.com/channel/UC94x12L8MJJP70afk6FRrOg"],"telephone":"(877) 224-8077","url":"https://coalfire.com"},{"@id":"https://coalfire.com#creator","@type":"LocalBusiness","address":{"@type":"PostalAddress","addressCountry":"US","addressLocality":"Greenwood Village","addressRegion":"CO","postalCode":"80111","streetAddress":"8480 E Orchard Rd., Suite 5800"},"geo":{"@type":"GeoCoordinates","latitude":"39.607910","longitude":"-104.890720"},"image":{"@type":"ImageObject","height":"20","url":"https://s3.us-east-2.amazonaws.com/coalfire.com/prod/images/coalfire-logo-dark.png","width":"165"},"logo":{"@type":"ImageObject","height":"60","url":"https://assets.coalfire.com/prod/images/transforms/_600x60_fit_center-center_82_none/coalfire-logo-dark.png?mtime=1711569942","width":"495"},"name":"Coalfire","priceRange":"$","telephone":"(877) 224-8077","url":"https://coalfire.com"},{"@type":"BreadcrumbList","description":"Breadcrumbs list","itemListElement":[{"@type":"ListItem","item":"https://coalfire.com","name":"Home","position":1},{"@type":"ListItem","item":"https://coalfire.com/about/research-and-development","name":"Research & Development","position":2}],"name":"Breadcrumbs"}]}</script></body> </html> <!-- Cached by Blitz on 2024-11-01T11:30:11-04:00 -->

Pages: 1 2 3 4 5 6 7 8 9 10