We understand that fighting against cyber risks, threats and attacks can be very complicated. At Techlab, we have arranged our resources to enable us to work with you to identify and solve your security issues as earliest and quickest as possible.
We leverage modern cybersecurity technologies, tools and infrastructure in striking to provide the best quality services to you. However, all would not mean much without our talented and enthusiastic cybersecurity consultants.
Our consultants are working diligently and tirelessly to provide you with the best solutions, making sure that our recommendations to you are feasible and effective to solve your problem.
Our consultants are popular in the communities, conducting seminars, workshops, trainings to the communities and societies (i.e. SANS/GIAC Advisory Board, VNISA, BBGV, Amcham, Auscham, Eurocham, ICAEW, KICPAA, Banking group, etc.).
Our consultants have equipped themselves with cybersecurity focused international certifications and qualifications.
The Offensive Security Certified Professional (OSCP) is the world’s first completely hands-on offensive information security certification. The certificate challenges the OSCP to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
An OSCP has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.
SANS is the most trusted and by far the largest source for information security training in the world. SANS offers certification via GIAC, an affiliate of the SANS Institute, a certification body featuring over 20 hands-on, technical certifications in information security.
GIAC Web Application Penetration Tester (GWAPT) holders have demonstrated their ability to test and defend web applications and the vulnerabilities associated with them. Professionals holding the GWAPT understand web application exploits and penetration testing methodology.
A Certified Ethical Hacker (CEH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).
The CEH credential certifies individuals in the specific security discipline of Ethical Hacking from a vendor-neutral perspective.
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.
EC-Council’s Computer Hacking Forensic Investigation (CHFI) certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective.
The CISM certification focuses and promotes international security practices and recognizes the individual at management level who manages, designs, and oversees and assesses enterprise’s information security.
The CRISC certification prepares and enables professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic risk management partners for the enterprise.
The CISA designation is a globally recognized certification for Information System audit control, assurance and security professionals. Being CISA-certified showcases the audit experience, skills and knowledge, and demonstrates the capability to assess vulnerabilities, report on compliance and institute controls within the enterprise.
CISSP is an independent information security certification granted by the International Information System Security Certification Consortium (ISC)². CISSP certification demonstrates the knowledge as the cybersecurity leaders. This certification is all it takes to design, engineer, implement and run an information security program.
ISO/IEC 27001 Lead Auditor certification is the recognition that the individual can be engaged by certification bodies to perform information management system audits under their direction and management system.
ISO/IEC 27001 Lead Implementer certification is the recognition that the information security professional is fully capable to implement the ISO 27001 standard successfully.
PMP certification demonstrates that a project manager possesses project management knowledge, experience and skills to bring projects to successful completion.
TECHLAB and our consultants are proudly being associated and contributing to some of the top cybersecurity associations and organizations world-wide. We are continuing to integrate to international renowned professional associations to make sure our service standards are always up-to-date and in touch with the top cybersecurity though-leaderships, movements and solutions in the field.
The International Information System Security Certification Consortium (ISC)² is an international, nonprofit membership association, the World’s Leading Cybersecurity and IT Security Professional Organization. Along with the (ISC)² association, TECHLAB provide the international standard cybersecurity services, inspire a safe and secure cyber world.
The Open Web Application Security Project (OWASP) is a professional community dedicated to enabling organization to develop, purchase, and maintain applications that are secured and trusted. Joining the community enables TECHLAB to leverage from and contribute to the world-wide leading cybersecurity practices.
The GIAC/SANS Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. Participation is by invitation only, and is offered to GIAC certification holders who earn a score of 90% or better on at least one certification exam.
The GIAC Advisory Board members can exchange ideas and advice. We also utilize the Advisory Board list to discuss issues directly related to GIAC and SANS business, such as training and certification.
The Information Systems Audit and Control Association (ISACA) is a global association for professionals involved in information security, risk management, assurance and governance. Associated with ISACA, TECHLAB engage in the development, adoption and use of globally accepted, industry-leading standards and practices for information security, IT governance and IT risk management.
The International Society of Automation (ISA) is a nonprofit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence. Becoming an ISA membership, TECHLAB is able to keep updated with the world leading automation technology, therefore maintaining the highest quality in our services related to the automation systems.
The Vietnam Information Security Association (VNISA) is a professional social organization consisting of individuals, organizations working in Information Security area. As a member of this association, TECHLAB demonstrate the responsibilities and commitments to promote national information security by acting as the bridge between international practices and in-country practices.
The Ho Chi Minh City Computer Association (HCA) is a voluntary career society association for IT companies, advisory firms, educational institutions and other industry stakeholders. HCA is responsible for both domestic and foreign trade promotion, government relations and other collaboration initiatives. TECHLAB within HCA is an active member contributing to the development of the communities.
Our Technology Resouces
In our approach, when necessary we will select and use a combination of appropriate open-source, commercial tools and exploit databases.
A sample list of the tools we commonly used is listed below. This list is not exhaustive and is subject to constant review to ensure that we provide our clients with the most up-to-date toolset.
We use Acunetix to quickly scan a web application to identify security weaknesses. Manual validation will be performed to eliminate false-positives.
We use Burp Suite as a interceptor proxy and manual web app testing tool which contains a wide number of plugins and tools. E.g repeater, intruder, extender, etc.
We use IDA to disassemble, debug and analysis of hostile code and vulnerabilities in Android, iOS and windows application.
We use JEB Decompiler to perform disassembly, decompilation, debugging, analyze Android apps, reverse engineer Windows apps, audit embedded code, and much more.
Exploit Pack (Premium) contains a full set of 38000+ exploits, zero-days and weekly/monthly updates of zero days, technical support document to support our testing process. We use the features of Exploit Pack to conduct the in-deep tests and exploitations.
We use Kali Linux which contains a variety of pentest tools and utilities from numerous different security fields that allow us to assess and penetrate a system.
We use Nessus to scan for large number of vulnerabilities and security holes that could be exploited to gain control a server, computer system or network.
We use Metasploit platform to develop, test, and use exploit code where contains various payloads, encoders and modules of up-to-date exploits.
We use Hopper as a reverse engineering tool where we disassemble, decompile and debug iOS application.
We use Shodan, "an search engine for hackers", for information gathering, reconnaissance and discovery the system.
We use Exploit Database, which contains very up-to-date CVEs along with exploits & proof-of-concepts, for our research purposes, as well as CVE validation for targeted systems.
We used Nmap for network discovery and finding out the current systems of the server, the ports being opened and which one exposes vulnerability.
A wide range of other tools are also made use properly and effectively during our testing approach.
Techlab developed and established a Cybersecurity Lab dedicated for advance cybersecurity activities, equipped with leading-edge cybersecurity technologies and tools, providing clients with a secure and self-contained facility.
A secured environment equipped of security and encryption solutions to protect client data.
Leading-edge tools and infrastructure to provide a wide range and scalable penetration testing capabilities.
Dedicated 24x7 centrally supported by an emergency response capabilities.
Rigorous and comprehensive testing of security tools, technologies and approach.
A talent pool of experienced penetration testers and cybersecurity specialists to quickly provide service to client.