When standard industry tools fail to provide adequate coverage, we build our own. KMSEC actively develops advanced security frameworks and memory monitors utilizing high-performance, memory-safe languages like Rust and Go. We engineer custom solutions tailored to specific, highly complex enterprise environments.
Our ongoing R&D portfolio includes sophisticated programmatic solutions aimed at scaling deep security analysis. KMSEC has direct experience in the European market building automation-driven web assessment tooling and research tools exemplified by contributions from KMSEC to the concolic execution framework, Zorya—designed to automatically hunt for race conditions and logic state flaws in compiled binaries using symbolic execution engines.
Zorya leverages advanced symbolic execution engines to explore program paths, identify complex logic vulnerabilities, and detect concurrency issues that are often missed by traditional static and dynamic analysis tools. This framework is a testament to our commitment to research-led security solutions.
Go's adoption in critical infrastructure intensifies the need for systematic vulnerability detection. Existing symbolic execution tools struggle with Go binaries due to runtime complexity and scalability. This work introduces Zorya, a concolically enhanced analysis framework, developed in Rust, for Go binaries. Zorya translates binaries to Ghidra's P-Code, offering unique depth of insight into Go-specific race conditions via thread-aware hybrid Happens-Before and Lockset analysis. It addresses scalability by detecting bugs in concretely not taken paths and employing multi-layer filtering. Zorya has been rigorously tested against COTS software.
Go's adoption in critical infrastructure intensifies the need for systematic vulnerability detection, yet existing symbolic execution tools struggle with Go binaries due to runtime complexity and scalability challenges. In this work, we build upon Zorya, a concolic execution framework that translates Go binaries to Ghidra's P-Code intermediate representation to address these challenges. We added the detection of bugs in concretely not taken paths and a multi-layer filtering mechanism to concentrate symbolic reasoning on panic-relevant paths. Evaluation on five Go vulnerabilities demonstrates that panic-reachability gating achieves 1.8-3.9x speedups when filtering 33-70% of branches, and that Zorya detects all panics while existing tools detect at most two. Function-mode analysis proved essential for complex programs, running roughly two orders of magnitude faster than starting from main. This work establishes that specialized concolic execution can achieve practical vulnerability detection in language ecosystems with runtime safety checks.
KMSEC actively seeks partnerships with academic institutions, industry leaders, and innovative startups to push the boundaries of offensive security research. We believe in a collaborative approach to tackle the most challenging problems in cybersecurity, fostering an ecosystem of shared knowledge and advanced solutions.
PARTNER WITH US 🤝