Innovation

Expert Services
Advanced Training
WWW.OBSCURITYLABS.COM
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

SERVICE DISABLED
VETERAN OWNED
Started from a Passion, SMALL-BUISNESS

Grown with a Purpose. INTRODUCTION

We provide cybersecurity engineering, manage-

ment, and technology services to public and private
sector organizations.

At Obscurity Labs, we pride ourselves in our unique ability to inte-

grate comprehensive strategy and cutting-edge security into any in-
formation environment. Within the ever-evolving world of informa-
tion technology, your organization must take a proactive and holistic
approach to information security operations.

With Obscurity Labs on your team, your organization will be equipped

with comprehensive experience in implementing an infrastructure
and technology-agnostic approach that integrates real-world attack-
er tradecraft, security assessments, and training.

CAGE CODE: 81R22

DUNS CODE: 081070044
NAICS CODES:
- 541511 - Custom Computer Programming Services
- 541512 - Computer Systems Design Services
- 541519 - Other Computer Related Services
- 541690 - Other Scientific and Technical Consulting Services
- 541715 - Research and Development
- 611420 - Computer Training

2 3
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

Our People OUR EXPERTS ARE CERTIFIED.

• OSCP • GIAC GCCC

• CISSP • GIAC GNFA
• CEH • GIAC GPEN
Our team is what makes us unique. We have • GIAC GCIA • CCNA
subject matter experts in a wide range of IT, • GIAC GCIH • CCNP
cybersecurity, software development, lead- • GIAC GRID • ITIL Foundation
• GIAC GPYC
ership, project management, and technology
disciplines. No tool can replace talent.

LEADERSHIP TEAM

Alexander Rymdeko-Harvey Keelyn Roberts Daniel West Brad Crawford (Image not public)
Chief Executive Officer (CEO) Chief of Staff (COS) Chief Financial Officer (CFO) Director of Strategic Development

Alex has extensive experience within the cybersecurity field. Keelyn is an active Red Team Operator and cybersecurity researcher. Daniel has over 10 years of cybersecurity and IT experience Brad is a cybersecurity expert with 15 years of experience in
He has worked in the specialized field of adversary emulation He develops both offensive and defensive cybersecurity tool-sets. within the DoD, industry, academia, and with NATO coalition both the public and private sector. His primary focus is of-
in both government and private organizations. Alex brings ex- His prior experience includes roles as a senior information system partners. He served as the senior multidisciplinary SME and fensive security and technical leadership having served as
tensive knowledge from his experience as a senior cybersecu- analyst and a senior cybersecurity analyst. He has spent over 13 tactical planner for numerous defense cyber operations mis- an operator, trainer, and leader of multiple threat emulation
rity engineer on the Red Team for a Fortune 100 company and years working within the DoD and a Fortune 100 company. In addi- sions in which he was entrusted with the protection of over $1 teams, including the NSA Red Team. Brad is also a co-founder
on the Discovery and Counter-Infiltration Team for the DoD. tion to that, he has also worked on advanced cybersecurity research billion of critical global air and defense networks and systems. of the MITRE ATT&CK framework, which is used to describe
He has authored and co-authored several tools for the cyber projects ranging from new concolic and symbolic fuzzing techniques In addition to holistically understanding DoD and LE cyber doc- post-compromise adversary behavior. Brad holds a Bachelor
community with the most notable of which being the Empyre to advanced cyber analytics. trine, he also holds a Master’s in Homeland Security (Informa- and Master of Science degree in Engineering.
and SimplyEmail projects. tion Security and Forensics Option) from Penn State.

4 5
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

Infrastructure
Enineering Is NO
Longer Simple.
Obscurity Lab’s efforts are always geared towards improving the security quality of the
software products developed by us and our clients. We prefer to take a holistic view
and look at the whole Secure Development Lifecycle (SDL).

At ObscurityLabs, our engineers and developers understand Our assessments utilize the internationally recognized OWASP

IT Services
the importance of a security intergrated design. Our teams OpenSAMM framework to find out where exactly you stand
make use of the OpenSAMM framework to ensure that we are with regards to generally accepted norms of maturity in de-
adhering to the principles necessary when developing secure velopment. Our analysis leads to a clear report of the areas
applications. Our cloud engineers work in conjunction with where you do well and points out where improvements are
our penetration testers to hone the necessary skills needed needed. We can then work together to construct a roadmap
to identify possible security issues in the cloud environment. based on our assessment findings, your security needs, ambi-
Their designs incorporate tools and techniques that monitor tions and budget. This develops a path towards a higher se-
the environment and help prevent and/or identify security curity maturity level in software development and an overall
breaches. better quality product in the end.

PROGRAMING BY THE NUMBERS CLOUD BY THE NUMBERS INFRASTRUCTURE & SOFTWARE

Currently the most in-demand languages according Global cloud adoption has risen to the top of how SYSTEM ENFINEERING DEVELOPMENT
to an Indeed job opening study done in Dec. 2017 continuous integration, DevOps, and software is
led us to understand better and serve the market. built today. Obscurity Labs is focusing on how to Obscurity Labs engineers are experi- Obscurity Labs Developers are experi-
SME for this growing space. enced in architecting, designing, and enced in many programming and script-
building complex KVM, AWS, and on- ing languages. Our team has extensive
Java - 26,269 AWS - 57 %
prem solutions. Our engineers focus on experiences in DevOps, orchestration,
authentication, authorization, security, and ability to develop in low-level lan-
JavaScript - 24,248 Azure - 34%
big data, auditing, defense in depth, guages. We integrate into any SDLC.
high availability, and contingency plan- Our team is expirenced in:
C# - 13,523 Google Cloud - 15% ning. - VC / CI / Code Coverage
Our team is expirenced in: - LXC / Docker
Python - 11,757 IBM - 8% - AWS - Python / Javascript / Java
- VMware - C / C++ / C#
- KVM / QEMU

6 7
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

WHAT WE DO
Cyber Security Services
“Our commitment to our country is in-
grained in our core. They often say that is
not what is in front of us but what is behind
us that is worth fighting for. We take that
seriously and our commitment to support
our warfighters will remain strong no matter
where Obscurity Labs goes.” Alexandder R.

Obscurity Labs is a veteran owned cybersecurity firm. Col-

laborating with public and private sector clients to solve their
most difficult security challenges through a combination of
contracting, consulting, analytics, cyber mission operations,
threat emulation, technology, cybersecurity, engineering, ad-
vanced security research & development, and innovative ex-
pertise.

PENETRATION & ADVANCED THREAT SECURITY ASSESMENTS SECURITY RESEARCH & SOC IMMERSION CYBER THREAT
APPLICATION TESTING EMULATION ISO & PCI DEVELOPMENT TRAINING (SIT) EMULATION TRAINING
Penetration testing is performed in Our team is experienced at performing Obscurity Labs can help overcome the We use the latest tactics, techniques, and Train your cybersecurity team to secure Our Cyber Threat Emulation (CTE)
many different capacities depending on all the phases of a red team operation challenges of payment card industries procedures (TTPs) to develop custom tool- and defend your enterprise. Our SOC courses provide foundational technol-
the scope and requirements. Our flex- to mimic the capabilities and mindset (PCI) compliance assessments. We en- ing for offensive engagements within our Immersion Training (SIT) embeds our ogy training on specific security topics
ible testing services quickly uncovers of today’s dynamic, advanced persis- able our customers to meet these goals internal team and we contribute to open offensive operators inside a virtual lab en- and techniques, to more advanced core
and confirms critical vulnerabilities. tent threat (APT). We can also perform for ISO standardization & PCI certifica- source tools within the security industry. vironment alongside your SOC analysts to concepts that foster a holistic compre-
custom tooling upon request. tions. Our R&D division can tackle the toughest enhance your team’s operational skills and hension of adversarial tradecraft.
challenges in the offensive and defensive improve their ability to prevent, detect,
space. and respond to specific threat actor TTPs.

8 9
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

Our Work
As veteran members of both the Information Technology and • SimplySecurity - SimplyEmail | Domain | Template
Cyber Security fields we have had the ability to contribute, • OS-CFDB - Open Source Common Findings Database
build and develop on tools of the trade. In both offensive and • RAI - Rapid Attack Infrastructure
defensive security environments, we have built automation • HoT - Homeland of Things Framework
around common task that allow us to provide more value to • Mercenary Linux - Mercenary Linux Hunt Team Distribu-
our customers. tion

SOME OF OUR OPEN SOURCE PROJECTS

PROJECT NAME DESCRIPTION PROJECT NAME DESCRIPTION

Rapid Attack Infrastructure was developed to streamline one of the most tedious The HoT Framework to promote best practices for all Federal and State, Local, Trib-
RAPID ATTACK INFRASTRUCTURE HOMELAND OF THINGS
phases of a Red Team Operation: infrastructure setup. This usually entails a team- al, and Territorial (SLTT) governments, non-government organizations (NGOs), and
server or controller, domains, redirectors, and a phishing server. Each of these have the private sector to use as a foundation for the reconnaissance, interrogation, and
DEVLOPER their own nuances when it comes to setup, resulting in a setup process that can DEVLOPER hardening of IoT nodes that are characterized as existing within both critical and
take days. This just seemed overly complex and time consuming. There are sev- non-critical infrastructure throughout the physical network layer, logical network
KEELYN ROBERTS eral issues that come to mind when considering how a painful and time consuming DANIEL WEST layer, and cyber-persona layer of cyberspace terrain. Vulnerabilities, threats, and
setup can impact a Red Team, but the most important thing to consider is: What if risks are inherent with Internet of Things (IoT) devices (including ICS/SCADA), which
CATEGORY your domain(s) get burned and you need to spin up new infrastructure during the CATEGORY typically reside at the meeting place of critical infrastructure and cyberspace. The
OP? With an RAI deployment, it can all be done in less than an hour. HoT Framework serves to assist Federal and SLTT governments, NGOs, and the pri-
vate sector in thwarting attacks against their IoT devices and preventing their IoT
INFRASTRUCTURE FRAMEWORK
devices from being used as an attack platform.

10 11
OBSCURITY LABS LLC +1 (800) 757-1644 [email protected] obscuritylabs.com

Training Philosophy
INTRODUCTION OF A CONCEPT
“Since Red Team Operations take place in As veteran members of both the information technology and
cybersecurity fields, we recognized many of the challenges The trainer introduces aa Trade Craft Concept (TCC). This allows the trainee to
phases, it only made sense for us to offer
surrounding training and certifications within both commu- understand the concept and why it’s important to the training.
our courses broken down by the various nities. After conducting in-depth research and drawing from
phases.” our own experiences, we identified specific problems that
were present across the board:

Overpriced individual training courses

Courses with too broad of a scope for the course length

Annual fees and CPE requirements

CONCEPT DEEP DIVE
Poorly designed courses or courses that didn’t thor-
oughly teach specific topics
The trainer presents relevant data via presentation, audio and other visual aids.
To address these issues, we create courses that thoroughly This helps the trainee understand the low-level technical concepts.
teach individual concepts from beginning to end, maintain
an adequate course length, minimize the costs, and eliminate
CPE requirements and annual maintenance fees.

DEMOSTRATE CONCEPT

The trainee executes the concepts in a contained custom environment that Obscu-
rity Labs hosts internally.

REINFORCE CONCEPT

The trainer demonstrates a walk-through of the training scenario and ensures

that each student thoroughly understands the concepts presented within the lab
environment.

12 13
 44927 George Washington Blvd
Suite 265
Ashburn, VA 20147

+1 (800) 757-1644

[email protected]

WWW.OBSCURITYLABS.COM