Company

Krash Consulting has been serving in the Cyber Security space to secure our client’s data for over fifteen years. We have delivered our expertise from start-ups to world-leading organizations of various domains, including IT/ITES (Information Technology/Information Technology Enabled Services), BFSI (Banking, Financial Services, and Insurance), Government, Healthcare and manufacturing. We have provided our services in India, Singapore, Saudi Arabia, Kuwait, UAE, Bahrain, Oman, Iran, Morocco, and Mauritius.

Our strengths in the area of reverse engineering, exploit development, fuzzing, and penetration testing makes us exclusive in the field of Cyber Security. Finding zero-days for Microsoft, Google, Mozilla, and others have also kept us busy for over a decade.

Our specialized areas of training include Advanced Metasploit, Fuzzing for vulnerabilities, Malware Analysis, and Writing Exploits, which we have delivered at Domestic and International Security Conferences. We also have enabled our presence at Cyber Security conferences around the world like ZERONIGHTS (Moscow, Russia), DEFCON (Las Vegas, USA), Black Hat (Las Vegas, USA), and NullCon (Goa, India).

In the heart of India’s High-Tech City Hyderabad, Krash Consulting has high-end infrastructure capable of executing large and mission-critical assignments with all support services and modern tools.

Our Expertise

Our highly experienced security squad is in the penetration testing and ethical hacking industry for around 15 years. We adhere to transparent communication to make sure you do not get surprises on the report. Our assessments provide you with valuable insights into discovered vulnerabilities, the impact of breaches, and remediation steps to reduce exposure.

Our Approach

Our Penetration Testing focuses on a systematic approach to uncover vulnerabilities and saves you from any security breach and aligns with established standards and practices, combined with extensive expertise and experience.

Our Values

Our values are on the belief of being focused on our strategic testing, being consistent in providing expert solutions, and continuously improving our methodologies and delivering quality service to our partners consistently.

Our Methodology
  • Planning and execution by highly skilled cybersecurity experts
  • Strict rules of engagement
  • Thoroughly researching your employees
  • A firmly established level of effort
  • Hand-crafted penetration attempts
  • Thoroughly documented reports and suggestions
Our Reports
  • Comprehensive coverage of the vulnerabilities.
  • Severity – indicating the criticality of the issues found
  • Analysis – Step-by-Step reproduction of the vulnerability so that the owners of the application/server find it easy to patch/re-configure
  • Recommendation – Easiest possible ways to fix the issues found
Security Advisories

Software flaws found by Krash Consulting

Krash Consulting is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code. This list of advisories provides insight into the specific vulnerabilities reported.

  • 2017
    Mozilla Firefox- Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 (CVE-2017-7845)

    Read the advisory

    Microsoft Edge – Information Disclosure Vulnerability (CVE-2017-11844)

    Read the advisory

    Microsoft Edge – Memory Corruption Vulnerability (CVE-2017-11845)

    Read the advisory

    Google Chrome – Use after free in WebAudio (CVE-2017-5129)

    Read the advisory

    Google Chrome – Heap overflow in WebGL (CVE-2017-5128)

    Read the advisory

    Firefox – Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)

    Read the advisory

  • 2014
    Internet Explorer 11 – Cell Resizing (CVE-2014-4128)

    Read the advisory

    Internet Explorer 11 – CSVGSVGElement Use-After-Free (CVE-2014-6354)

    Read the advisory

    Internet Explorer 11 – CElement (CVE-2014-4145)

    Read the advisory

    Internet Explorer 11 – first-letter Use-After-Free (CVE-2014-4050)

    Read the advisory

    Internet Explorer 11 – Memory Corruption (CVE-2014-1772)

    Read the advisory

    Internet Explorer 11 – Microsoft IE CSS Property / Unicode Character Handling Heap Buffer Overflow (CVE-2014-0313)

    Read the advisory

    Microsoft Windows Direct2D Crafted 2D Geometric Figure Handling Memory Corruption (CVE-2014-0263)

    Read the advisory

  • 2010
    Excel File Format Parsing Vulnerability (CVE-2010-3232)

    Read the advisory

    RealPlayer RealMedia Memory Heap Corruption Vulnerability (CVE-2010-4386)

    Read the advisory

    RealPlayer RealAudio Codec Memory Corruption Vulnerability (CVE-2010-4387)

    Read the advisory