Services
Technical depth, reproducible evidence, remediation that engineering can ship.
Penetration testing
Web, API, mobile, internal networks, and infrastructure—validated with safe PoCs.
Web & API
- AuthZ: BOLA/IDOR, RBAC/ABAC bypass, multi-tenant isolation
- SSRF, deserialization, request smuggling, template injection
- Token handling: OAuth/JWT mistakes, session issues
Internal
- AD/Kerberos paths (delegation, relay scenarios)
- Privilege escalation and lateral movement validation
- Segmentation and egress control testing
Mobile
- Secure storage (keychain/keystore), hardcoded secrets
- TLS trust issues and pinning validation
- API coupling and replay scenarios
Artifacts: request transcripts, PoCs, and verification steps.
Attack paths: from initial access to impact.
Cloud: misconfig exploitation paths and identity boundaries.
Red team operations
Objective-based adversary simulation with ATT&CK mapping and controlled impact validation.
Adversary simulation
- Initial access paths (perimeter + user-based scenarios)
- Credential access and lateral movement validation
- Controlled exfil simulation where explicitly approved
Purple teaming
- Validate telemetry: EDR + SIEM coverage
- Close detection gaps with test cases
- Runbook hardening + response playbooks
Defensive engineering
Detection engineering and hardening that can be verified.
Detection engineering
- Sigma/KQL detections and validation playbooks
- Telemetry design: what to log, where, and why
- Tuning to reduce noise and increase fidelity
Hardening
- Baseline configuration + attack surface reduction
- Identity controls: MFA, conditional access
- Secrets hygiene and rotation strategy
Cloud security
IAM review, Kubernetes posture, and network egress control validation.
IAM boundaries
Privilege escalation paths across users/roles/workloads.
Kubernetes
RBAC, admission policies, secrets exposure and network policy.
Network & egress
Prevent “easy exfil” by validating allowlists and routing constraints.