Skip to Content

IonSpark Advanced Research Lab

Services

IonSpark focuses on the technical security problems scanners cannot answer.

We assess important, complex, or unusual software, firmware, binaries, agents, and embedded systems through reverse engineering, vulnerability research, fuzzing, dynamic analysis, and evidence-backed reporting.

Vulnerability Research

Focused analysis of security-sensitive code paths, parsers, native libraries, agents, daemons, and exposed interfaces.

  • Attack surface map
  • Bug class hypotheses
  • Validated findings
  • Repro artifacts
  • Remediation guidance

Reverse Engineering

Binary, firmware, installer, protocol, and closed-source software analysis to understand behavior and hidden risk.

  • Architecture notes
  • Behavior map
  • Binary/component inventory
  • Network/IPC observations
  • Risk summary

Firmware & Embedded Security

Security review for embedded Linux, IoT, robotics, drone, edge, appliance, and industrial software.

  • Firmware unpacking
  • SBOM/CVE mapping
  • Exposed services
  • Update mechanism review
  • Hardcoded secrets/config review

Agent & Daemon Review

Assessment of privileged local software, update services, EDR/RMM-style agents, backup tools, IPC/RPC services, and local APIs.

  • Privilege boundary map
  • Local attack surface review
  • Service hardening notes
  • Parser/importer review
  • Crash or abuse-case evidence where applicable

Parser & File Format Fuzzing

Custom testing of software that consumes attacker-controlled input, including file formats, serialization libraries, protocol decoders, and importers.

  • Fuzzing harnesses where applicable
  • Sanitizer-backed testing
  • Crash triage
  • Minimized reproducers
  • Coverage/reachability notes

Advanced Technology Assessment

Security research for robotics, drones, edge AI, sensor platforms, RF-adjacent systems, industrial devices, and other emerging technology that does not fit a standard assessment model.

  • Technical teardown
  • Behavior and communication map
  • Attack surface analysis
  • Deployment risk notes
  • Evidence-backed findings

What we assess

Targets can be source, binary, firmware, hardware-adjacent, or simply too unusual for a checklist.

  • Source code
  • Native libraries
  • Binaries
  • Firmware images
  • Installers
  • Agents and daemons
  • Embedded Linux systems
  • Parsers and file formats
  • Protocol implementations
  • SDKs and client software
  • Update mechanisms
  • Local APIs and IPC/RPC interfaces

Focused research sprints start at $5,000.

Most scoped reverse engineering, vulnerability research, firmware, and technical code assessments range from $5,000-$18,000 depending on target complexity, available source, testability, and required artifacts.

Rapid Technical Triage

Starting at $1,500-$3,500

3-5 business days. Best for one binary, small repo, firmware image, installer, parser, or weird technical question.

Focused Research Sprint

Starting at $5,000

1 week. Best for one component, parser, daemon, protocol, local service, or firmware subsystem.

Deep Technical Assessment

Starting at $10,000

1-2 weeks. Best for embedded Linux images, complex binaries, agent/daemon review, or source and binary hybrid work.

Reports that show the work.

Every engagement produces clear technical artifacts: attack surface maps, coverage notes, validated findings, reproduction steps, logs, and remediation guidance.

Defensive assessment only.

IonSpark does not provide commodity web scanning, unauthorized testing, DRM/license bypass, malware deployment, credential theft, persistence, stealth, or offensive tooling. Engagements are scoped for defensive assessment only and require authorization to test the provided target.

Have a hard technical security question?

Send us the repo, binary, firmware, agent, or component. We will scope a focused research sprint and tell you what can be proven.

Request a Research Sprint