Services
PCI • HIPAA • SOX • SOC2 coverage in deliverables.
Web & API Pentesting
- OWASP ASVS/API
- AuthN/AuthZ abuse
- SSRF, desync, race
External / Perimeter
- Attack surface mapping
- Exploit dev (where warranted)
- Egress controls
Internal / AD
- Privilege escalation
- Kerberoasting/NTLM
- Lateral movement
IoT / Embedded
- Firmware & RF
- UART/JTAG
- Cloud & mobile ties
AI / LLM Security
- Prompt injection
- RAG poisoning
- Data exfil / jailbreaks
Purple Team
- Detection engineering
- Use-case tuning
- Tabletop & fix-verify