What we do

§ 01   Services

1. 01 Penetration testing

   Testing of web, API, mobile, internal network, and cloud systems

   Black, grey, and white-box. Each finding includes reproduction steps and a fix path. Retest window included.

   1–3 weeks · fixed scope

2. 02 Red teaming

   Objective-based testing against your real environment

   Initial access through to the agreed goal: domain admin, payment system access, sensitive data access, or something else that matters. Includes persistence, lateral movement, and evasion where the scope allows it.

   Multi-week · objective-based

3. 03 Vulnerability research

   Targeted research against products, protocols, or stacks you depend on

   Reverse engineering, fuzzing, exploit development. For when off-the-shelf testing keeps coming back clean and you don't believe it.

   Project or retainer

4. 04 Detection engineering

   Detection rules and pipelines tuned against the activity we generate

   Log pipeline design, rule authoring, alert tuning. Scoped to your stack — not a generic ATT&CK template dump.

   Project or retainer

5. 05 Audit readiness

   Gap analysis, control mapping, evidence preparation

   For ISO 27001, SOC 2, and customer security reviews. We help turn the actual state of your controls into evidence an auditor or customer can review.

   Milestone-based

6. 06 Password recovery

   Recovery of access to wallets, archives, and encrypted material you own

   Targeted attacks against forgotten passphrases on cryptocurrency wallets, encrypted archives, disk images, and key files. Engagements only proceed after ownership is verified. Rule-based, mask, and GPU-accelerated work; wordlists built from the material you can give us.

   Project-based · ownership verification required

7. 07 Training

   Hands-on sessions for developers, defenders, and operators

   Built around your stack and your threat model. Live exercises, not OWASP Top 10 slides.

   Cohort-based · onsite or remote