Cybersecurity  ·  Defence

We break in.
So nobody else can.

Average SA breach cost: R53M. 60% of SMEs close within six months of a major one. We attack your systems the way real adversaries would, find the gaps, and patch them before someone exploits them.

The cheapest breach is the one caught upstream.

R53M

Average SA breach cost

IBM Cost of a Data Breach, 2024

60%

SMEs close within 6 months of a major breach

Cybersecurity Ventures, 2024

194d

Average time to detect a breach in SA

IBM Cost of a Data Breach, 2024

R10M

Max POPIA administrative fine

Information Regulator (ZA), 2024

What we do

Six disciplines. One job: keep you out of the news.

ASSESS

Security Assessment

Full network scan, configuration testing, policy review. Ranked vulnerability list with business impact, specific fixes, priorities.

ATTACK

Penetration Testing

We attack your systems the way real threat actors do. Network, web app, API, social, wireless. Chained exploits, escalated privileges, proven impact.

RESPOND

Incident Response

Ransomware, breach, compromised credentials. We contain first, then investigate. How they got in, what they touched, what you need to report.

TRAIN

Awareness Training

93% of breaches start with a phishing email. Realistic simulations, social-engineering drills, sessions that stick.

MONITOR

Managed Security (SOC)

24/7 monitoring without hiring a team. Wazuh SIEM/XDR, detection rules, alert response. A real SOC at a fraction of the build cost.

COMPLY

Compliance Security

POPIA, ISO 27001, PCI-DSS, NIST. The technical controls auditors want to see working: firewall, access, encryption, logging, vuln mgmt.

A real engagement

Domain SYSTEM in eight commands.

Sanitised metasploit session against an unpatched Windows server. Eight lines, four minutes, NT AUTHORITY\\SYSTEM. Hit Run and watch what an unpatched SMB stack costs you.

Real engagements run for days. This is one exploit chain out of dozens we'd document.

msfconsole · live
$ Click Run to play deploy log

What we protect you against

Six threats. All current. All real.

Not hypothetical. What we see in the wild, every week, targeting SA businesses.

Phishing & Social Engineering

One click costs an average of R1.4M in recovery. We test if your team falls for it and train them not to.

Ransomware

Average SA ransom: R2.1M, plus 21 days of downtime. We test your defences and backup recovery before it happens for real.

Supply Chain Attacks

One compromised vendor exposes every client they serve. Your security is only as strong as your weakest supplier.

Insider Threats

Insider incidents take 85 days on average to contain. We audit access controls and monitor for unusual internal behaviour.

Web Application Attacks

SQLi, XSS, auth bypass, API abuse. POPIA fines up to R10M for a data leak. We find the holes first.

Network Intrusion

Average time to detect a network breach in SA: 194 days. We simulate a full attack chain from initial access to domain compromise.

What we find

Real findings. Sanitised. Almost universal.

Names and details changed. The vulnerabilities are real and we find variants of these in almost every assessment.

Domain admin in 3 hours

Critical

Phishing email to a junior employee. Credentials harvested via a cloned login page. Used those to access an internal file share with plaintext service-account passwords. One had domain-admin rights. Full AD compromise inside 3 hours.

Database exposed to the internet

Critical

MongoDB on a cloud server with default credentials and no firewall. 45,000 customer records including emails, phone numbers, hashed passwords. Exposed for 8 months. Nobody knew.

Backup that doesn't work

High

Backup running nightly. Green lights on the dashboard. Nobody tested a restore in 2 years. Tested on engagement: backups corrupt. Ransomware would have erased the company while they believed they were protected.

VPN with no MFA

High

Remote VPN accepting username + password only. No MFA. Credential-stuffing would have unlocked the network. 340 employees using it daily. Fixed in one afternoon.

How an engagement runs

Five stages. From scope to fix.

01

Scope

Define what gets tested. Sign rules of engagement. Agree targets, timelines, boundaries. Every move spelled out up front.

02

Discover

Map your attack surface. Automated scanning plus manual recon. We find what scanners miss because we think like attackers.

03

Test

Controlled exploitation. Real threat-actor techniques. Chain vulns, escalate privileges, prove business impact.

04

Report

Findings ranked by real business impact. What we found, how we exploited it, what an attacker could do, how to fix it.

05

Fix

Implementation support included. We help remediate, verify fixes, retest to confirm. Findings get resolved.

The arsenal

What we open in anger.

ScanningNmap · Nessus · OpenVAS · Nuclei · Nikto. Automated vulnerability scanning with manual validation.
ExploitationBurp Suite · Metasploit · SQLMap · Gobuster · Hydra. Manual exploitation and privilege escalation.
OSINTShodan · Censys · theHarvester · Maltego · certificate transparency. Mapping your attack surface from the outside.
MonitoringWazuh SIEM/XDR · Suricata IDS · YARA rules · Sigma rules. Real-time threat detection and response.
Incident analysisAutopsy · Volatility · Wireshark · FTK Imager. Evidence collection and analysis when we are responding to a breach.
ReportingCustom reports with CVSS scoring, business-impact analysis, step-by-step remediation. Not a scanner dump.

Stop hoping you're secure.
Find out for sure.

Free 30-minute scoping call. We agree what to test, when, and what you get back. Rules of engagement signed before anyone runs anything.