ABOUT

Divergent Security provides a full range of adversarial digital security services to a select clientele. In addition to more traditional security assessment service offerings, Divergent specializes in assisting enterprises with mature information security programs to define and implement customized strategies for understanding and outpacing real world threats.

SERVICES

Continual Assessment Services

The attack surface of your enterprise doesn't shift on a yearly or quarterly basis. New attack vectors can arise at any time with the most minor code or architectural change. Divergent Security offers a full range continual assessment services that mimic the real world advanced persistent threats that target your enterprise.


View Our Public Disclosures
Red Team Excercises

In today's threat landscape, it can be difficult to know whether you are truly prepared for the worst case scenario. Without experiencing an actual attack, it is impossible to know whether your safeguards and response will be effective, or even if you will identify the threat at all. Divergent works with enterprises to design and execute full scale Red Team exercises that can both answer these questions and serve as invaluable training exercises for your team.

Traditional Service Offerings

Divergent's traditional adversarial security assessment service offerings include:


Native Application Assessment
Web Application Assessment
Mobile Application Assessment
Embedded Device Assessment
Penetration Testing
Technical Interviewing

TEAM

CONTACT US

Address
San Francisco, CA
Email
query@divergentsecurity.com

Please complete the following form if you would like to be contacted by Divergent Security to discuss how our services may fit your needs.

Public Disclosures

In support of our private adversarial services, Divergent Security periodically performs vulnerability research targeting various ubiquitous software products. The following list exhibits vulnerabilities identified as a result of this research.

Reference ID Product Vulnerability More Info
CVE-2008-0862 IBM Lotus Notes Command Execution IBM Advisory
ZDI-10-145 Novell ZENWorks Authentication Bypass Novell Advisory
CVE-2010-3040 Cisco ICM Multiple Buffer Overflows Cisco Alert
CVE-2010-3805 Apple WebKit Integer Overflow Apple Advisory
CVE-2010-3821 Apple WebKit Memory Corruption Apple Advisory
ZDI-10-283 Novell ZENWorks Buffer Overflow Novell Advisory
ZDI-10-284 Novell ZENWorks Buffer Overflow Novell Advisory
CVE-2011-1800 Google Chrome Multiple Integer Overflows Chrome Release Notes
CVE-2011-1806 Google Chrome Memory Corruption Chrome Release Notes
CVE-2011-2339 Apple WebKit Memory Corruption Apple Advisory
CVE-2011-2813 Apple WebKit Memory Corruption Apple Advisory
CVE-2011-2869 Apple WebKit Memory Corruption Apple Advisory
CVE-2011-2872 Apple WebKit Memory Corruption Apple Advisory
CVE-2011-3233 Apple WebKit Memory Corruption Apple Advisory
CVE-2011-3910 Google Chrome Memory Corruption Chrome Release Notes
CVE-2011-3922 Google Chrome Buffer Overflow Chrome Release Notes
CVE-2012-0632 Apple WebKit Memory Corruption Apple Advisory
CVE-2012-2523 Microsoft Internet Explorer Integer Overflow Microsoft Bulletin
CVE-2012-2880 Google Chrome Memory Corruption Chrome Release Notes
CVE-2012-2892 Google Chrome Pop-up Blocker Bypass Chrome Release Notes
CVE-2012-2893 Google Chrome Double Free Chrome Release Notes
CVE-2012-3605 Apple WebKit Memory Corruption Apple Advisory
CVE-2012-5128 Google Chrome Memory Corruption Chrome Release Notes
CVE-2012-5143 Google Chrome Integer Overflow Chrome Release Notes
CVE-2013-0832 Google Chrome Use After Free Chrome Release Notes
CVE-2013-0833 Google Chrome Buffer Overflow Chrome Release Notes
CVE-2013-0834 Google Chrome Buffer Overflow Chrome Release Notes
CVE-2013-0836 Google Chrome Memory Corruption Chrome Release Notes
CVE-2013-0896 Google Chrome Memory Corruption Chrome Release Notes
CVE-2013-0917 Google Chrome Memory Corruption Chrome Release Notes
CVE-2015-0059 Microsoft Windows Memory Corruption Microsoft Bulletin
CVE-2015-0060 Microsoft Windows Memory Corruption Microsoft Bulletin
CVE-2016-9189 Python Pillow Memory Corruption Mitre CVE
CVE-2016-9190 Python Pillow Memory Corruption Mitre CVE
CVE-2017-6753 Cisco WebEx Remote Command Execution Cisco Security Advisory
CVE-2017-10137 Oracle WebLogic Remote Command Execution Oracle Security Advisory
CVE-2017-10154 Oracle Access Manager Sensitive Information Disclosure Oracle Security Advisory
CVE-2018-2587 Oracle Access Manager Memory Corruption Oracle Security Advisory