Work with us
We are Midnight Blue

The Security Consultancy Firm

Boutique
Security
Consultancy
[ 01 ]

About us

Midnight Blue is a specialist security consultancy firm engaged in high-end security research with a particular focus on embedded systems in domains ranging from Cyber Physical Systems (CPS) to communications and security equipment.

Drawing upon decades of collective

experience and a strong industry network, we

are able to assist our clients in proactively

keeping pace with increasingly advanced

attackers.

Drawing upon our experience and a strong

We provide various consultancy services

ranging from cutting edge vulnerability

research and reverse engineering to

defensive design in order to help our clients

mitigate a wide variety of threats.

Drawing upon decades of collective experience and a strong industry network, we are able to assist our clients in proactively keeping pace with increasingly advanced attackers.

We provide various consultancy services ranging from cutting edge vulnerability research and reverse engineering to defensive design in order to help our clients mitigate a wide variety of threats.

[ ! ]
July, 2023

TETRA:BURST

TETRA:BURST is a collection of five vulnerabilities, two of which are deemed critical, affecting the Terrestrial Trunked Radio (TETRA) standard used globally by law enforcement, military, critical infrastructure, and industrial asset owners in the power, oil & gas, water, and transport sectors and beyond.

Read more

Most of the TETRA:BURST vulnerabilities affect all TETRA networks. Depending on infrastructure and device configurations, these vulnerabilities allow for realtime decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning. Firmware patches are available for some of these vulnerabilities, while compensating controls are recommended for others.

Read more
[ 02 ]

Our Services

Systems & vulnerability research

Understand the inner workings of complex systems, gain insight into vulnerabilities, and identify cost-effective mitigations.

From brand new, highly integrated embedded systems that fit in the palm of your hand to large, geographically dispersed cyber-physical systems running on legacy technology stacks, we’ve got you covered.

Threat Modeling

Vulnerability Discovery

Reverse Engineering

Capability development

Red Team Operations (RTO) and automated Breach and Attack Simulations (BAS) are an effective way to an organization’s security posture. In order to keep pace with the high end of the attacker space, RTO and BAS service providers need to have access to top-tier capabilities.

Building strong in-house capabilities is hard, particularly when it comes to domains requiring a rare intersection of skills. Our capability development services can help you deliver unique results and rapidly build expertise within your organization.

Red Team Operations (RTO) & Breach and Attack Simulations (BAS)

Tailored R&D

Training

Defensive design

A mature security posture is something which cannot be bolted onto an existing product. However, many products used in critical settings nowadays have their roots in a very different era and struggle to keep up with an evolving threat landscape.

Midnight Blue assists to re-architect such systems in order to ensure secure and future-proof operations.

Architecture & Design Reviews

SDLC Consultancy

Our deeply technical offensive expertise and strong

background in academic research enable us to not only

assist our customers in keeping pace with the increasingly

complex threat landscape, but stay ahead of it

Our deeply technical offensive expertise and strong background in academic research enable us to not only assist our customers in keeping pace with the increasingly complex threat landscape, but stay ahead of it.

Our researchers have presented numerous talks at top industry conferences such as Black Hat, DEF CON, Chaos Communication Congress, CanSecWest, Infiltrate, OffensiveCon, REcon, hardwear.io and USENIX. In addition, Midnight Blue has served as SME for the industry standard MITRE ATT&CK for ICS framework as well as government commissions and conference review boards.

[ 03 ]

The way we work

Plan of Approach

We tailor all our services to our clients’ specific needs, and follow a general approach to bring structure to complex and often opaque projects. Depending on the nature of our clients’ needs, we can follow our usual approach or find a more bespoke fit.

01

Intake

Every project starts off with an intake session during which we explore the client’s problem space, identify goals and obstacles and determine a scope.

02

Prestudy

Before an actual plan of approach is drafted we prefer to conduct a prestudy in order to truly understand the problem at hand, decompose it and determine pitfalls and come up with a good estimate on the execution timeframe and technical requirements.

03

Plan of Approach

The output of the prestudy is a plan of approach. It describes the client’s original problem and decomposes it into manageable and clear goals, obstacles and scoping. In addition, it provides an execution timeframe, technical requirements and a step-by-step walkthrough of the execution process as well as an overview of the deliverables produced by the project.

04

Execution

Execution can be tailored to the clients’ needs and can come in time-boxed or milestone-based forms. Deliverables can either be set at project conclusion or can be set as milestones throughout the execution phase.

05

Conclusion

Upon completion of execution, QA will take place as per the four eyes principle and deliverables will be handed over to the client. Assessment reports will have prioritized, reproducible findings and associated remediation advice. Technical deliverables will come with documentation and instructive examples.

[ 04 ]

Our Markets

Security Service Providers

As experienced specialist subcontractors, we provide larger, more generalist consultancy firms and MSSPs with otherwise inaccessible security expertise, allowing them to deepen their offerings and sharpen their internal capabilities.

Critical Infrastructure

We have years of real-world offensive and defensive experience in the energy, oil & gas, water, and transport sectors - from designing state-of-the-art OT intrustion detection systems to red teaming and architecture reviews at major TSOs and DSOs.

Telecommunications

We have found numerous vulnerabilities in mobile radios, base stations, routers, gateways, wireless chips and sensors, and everything in between. Drawing upon this expertise, we assist both vendors, system integrators, and users of telecommunications systems in securely procuring, deploying and operating them.

Technology

We have consulted to R&D-intensive companies of every size, from Fortune 500 semiconductor companies to niche biotech players, assisting them with everything from pentests against highly sensitive systems to (hardening against) reverse engineering of business-critical intellectual property.

Automotive

With a strong background in automotive technologies, we support OEMs in the assessment and secure development of increasingly interconnected vehicle systems.

Finance

From Hardware Security Modules (HSMs) and enterprise firewalls to payment terminals, embedded systems are woven throughout the fabric of the financial sector. We have assisted both established players and startups in the financial sector in assessing their robustness against advanced attackers.

Professional Services

From law firms to Engineering, procurement, and construction (EPC) companies, professional services providers are increasingly targeted for their access to commercially and strategically valuable information. We are able to provide the in-depth expertise necessary to meet these challenges.

[ 05 ]

The Team

Jos Wetzels

Founding partner

Jos' research has involved reverse-engineering, vulnerability research, and exploit development across various domains ranging from industrial and automotive systems to IoT, networking equipment and deeply embedded SoCs.

Carlo Meijer

Founding partner

Carlo's research has included breaking a hardened variant of the Mifare Classic Crypto1 RFID cipher, breaking the security of Self-Encrypting Drives, and compromising default password generators in ISP-deployed consumer routers.

Wouter Bokslag

Founding partner

Wouter is known for breaking several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world's fastest public attack against the Hitag2 cipher.