NODE://CASE_FILES
Every file below is anonymised with the client's blessing — names and identifying details removed, findings intact. These are the engagements we are allowed to talk about. The ones we are not are usually the more interesting.
CASE://0x1A Fintech · Series B Web App & API Penetration Test
A payments startup had passed two prior pentests. We chained a forgotten debug header to a JWT signing flaw and pulled every account in their staging mirror inside a day.
“Two firms had given them a clean bill. The third finding we logged would have been a reportable breach in production.”
Burp Suite Pro · custom JWT tooling · Nuclei
CASE://0x2C Health-tech · 60 staff SOC 2 Readiness + Operations Retainer
A health-tech team was losing enterprise deals waiting on a SOC 2 report. We scoped down hard, wired evidence into their existing tools, and got them through a Type I dry run in eight weeks.
“They closed a six-figure deal the week the report landed. The auditor called it the cleanest evidence package of the quarter.”
Vanta · AWS Audit Manager · custom policy set
CASE://0x3F B2B SaaS · 140 staff Incident Response (25-hour bank)
Ransomware detonated in a SaaS company's build environment overnight. Because they held a prepaid hour bank, we were on the bridge in eleven minutes and contained it before it reached production.
“The prepaid bank meant no procurement, no SOW negotiation. Just a phone call and an engineer who already knew the environment.”
Velociraptor · KAPE · TheHive · Chainsaw
CASE://0x4B E-commerce · 80 staff Cloud Security Hardening
A fast-growing retailer had grown their AWS footprint faster than their IAM hygiene. We mapped twenty-one privilege-escalation paths — one starting from a read-only intern role.
“The scariest path had five hops and ended at organization-wide admin. We codified every fix in their Terraform so it would not creep back.”
Prowler · ScoutSuite · Terraform · Cloud Custodian
CASE://0x5D Logistics · 400 staff Red Team Operation
A logistics firm wanted to know whether their new SOC actually worked. We phished in, moved laterally, and reached their crown-jewel system — and their analysts caught us before exfiltration.
“Day nine, an analyst flagged the one DNS query we got slightly wrong. That catch was worth more to them than the whole report.”
Cobalt Strike · custom loaders · GoPhish
CASE://0x6E Gov-tech · 25 staff HIPAA Security Readiness
A small gov-tech vendor handling health data needed a HIPAA program that would survive a regulator's questions — without a compliance department they did not have.
“We built a program a 25-person team could actually run, not one that needed a department. The risk analysis alone changed three architecture decisions.”
NIST 800-66 · custom risk analysis · policy set