Tooling

Hacker tools are made for hackers right? Wrong. Ours are made for developers and customers.

Whether it’s tools to help you run your own security tests, integrate security in to your pipeline, or help you understand your threat better, we have tools that can help.

REX

REX is an Android application vulnerability scanner allowing developers to quickly and easily find security issues in their mobile apps. More than that, REX is designed to integrate into the CI/CD pipeline allowing software developers to continuously scan the applications they are developing!

How do I get REX?

REX is currently at https://rex.digitalinterruption.com As REX is currently in “testing” you’ll need a code to register an account. Please get in touch with rex@digitalinterruption.com if you are interested in trying REX for free.

Can REX replace penetration testing?

Just as a network vulnerability scanner can’t replace penetration testing, REX can’t replace penetration testing of a mobile app. Although we have a lot of confidence in REX, there are some issues that require human knowledge and experience to discover.

Saying that, REX will identify issues which can be addressed before a penetration test (reducing the cost of manual security testing) or for lower risk applications, a REX scan may be all that is required.

Is REX only for Android developers?

REX only works with Android apps at the moment, and although it is mostly aimed at Android developers, it may also be useful to security testers, QA testers and security researchers working on Android applications.

How do I perform a scan with REX?

REX has three modes of operation:

Web Application
Jenkins Plugin
WEB API

This allows users to either upload an APK directly to REX via the web application or integrate REX into your CI/CD pipeline. This is the recommend approach for companies with a mature development process.

EoP - COMING SOON!

Elevation of Privilege (EoP) is a card game that helps you quickly and easily find threats to software of computer systems.

Using the Microsoft STRIDE model, EoP uses a simple point system to gamify the threat modeling process. Don’t have an EoP card deck? Don’t worry, you can use our EoP Android app to play!

How do I get the EoP app?

We’re currently testing the EoP app, but it’ll be in the Play Store soon. Watch this space for updates.

Can I play EoP Online?

Version 1 of EoP isn’t online, so you’ll need to be in the same room to play. Version 2 will have more features including the option to play online, so keep an eye out for updates.

Is EoP only on Android?

EoP is only available on Android at the moment, but we’re working on other versions. Watch this space for iOS and web, comming soon!

What is STRIDE?

STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats.

The threats are:

Spoofing

Tampering

Repudiation

Information disclosure

Denial of service

Elevation of privilege