HardKore Labs

KoreLogic is a creative company. Rarely a day goes by without a new idea or tool being put into play. Some of our most challenging projects have come from DARPA. By definition, DARPA projects must be ground-breaking and create lasting, revolutionary change. Our ability to thrive in that demanding environment allows us to help our Fortune 500 clients solve their hard security challenges.

Increasingly, successful CISOs are becoming solution "integrators"; they buy interoperable security solutions and custom-build others. Our solutions typically involve security automation or purpose-built security tools that incorporate our offensive testing experience to produce function and attack-resistant solutions.

Representative Solutions Developed In HardKore Labs


Distributed Device Driver Fuzzing

Attackers look for flaws in how device drivers handle potentially unexpected user input in order to elevate their privilege or compromise systems. This purpose-built fuzzer's design allows us to evaluate drivers to find flaws before a malicious party does, and to distribute this work across many target device drivers and computer systems simultaneously. We provide this service to OEM manufacturers and their suppliers who receive product security assurance, less time-to-market pressure (quicker testing), and reduced cost and technical expertise required for fuzzing.

Security Research Source Code Repository Protection

DARPA projects must be groundbreaking and create lasting revolutionary change. Developed under the Cyber Insider Threat (CINDER) Program, KoreLogic created the first-ever multi-layered threat detection framework to protect the integrity of source code.

Digital Forensic Research Workshop (DFRWS) Forensics Challenge

In winning this Challenge, KoreLogic created digital file-carving techniques and tools including use of sliding entropy. Challenge participants were asked to extract as many files as possible from a DFRWS-prepared data set while reducing the number of false positives. Data carving techniques are used during digital forensics investigations and existing file carving tools typically produce many false positives.

Corporate Data Leakage Detection

This Fortune 500 client's business requirement was to detect if major company announcements were being pre-released from unauthorized sources. KoreLogic built a data leakage discovery platform that could be moved around their network to passively monitor for sensitive data being transported outside via unencrypted email, email attachments, file transfers, chat, etc. Reports identified where sensitive data transiting the network originated, its destination, and the sensitive data itself.

Security Automation Framework

KoreLogic tailored its WebJob Framework to provide a Department of Defense client the following capabilities: automated system administration tasks to offset the high server-to-system administrator ratio and few senior administrators; provided monitoring of system administrative practices; provided evidence of compliance with server and network security standards; and provided key system performance indicators.

Automated Security Micro-Perimeter Data Traffic Analyzer

KoreLogic automated what had previously been manual analysis of data flows transiting the electronic security perimeters (ESP) of a regional electrical utility client. The ESPs act as security micro-perimeters to protect electrical grid-controlling systems as required by government critical infrastructure regulations. KoreLogic performed network traffic discovery and data flow analysis inventory mapping, documented the business justification for each traffic axiom identified during discovery, identified compliance gaps, and provided critical impact analysis results for remediation recommendations.