Security Services

Adversarial insight meets defensive excellence. We break systems to understand them, then build defenses that matter.

Security is an ongoing confrontation between attacker innovation and defender adaptation. We operate on both sides of that boundary—not as a marketing exercise, but because understanding offense is prerequisite to meaningful defense. Our offensive practice informs our defensive architecture; our defensive operations reveal the gaps that offensive teams exploit.

Adversarial perspective

Offensive Security

Defense informed by offense. We think like adversaries because we have been adversaries.

Effective security requires understanding how it fails. Our offensive security practice provides that understanding through red team operations, vulnerability research, and adversary simulation.

We do not run vulnerability scanners and call it a penetration test. Our researchers have discovered vulnerabilities in products from every major technology vendor. We have responsibly disclosed over 200 CVEs. We maintain a 90-day disclosure policy.

Red Team Leadership

Alex Terrats

Director of Offensive Operations

Our red team and adversary simulation practice is led by Alex Terrats, an internationally recognized expert in offensive security operations. Alex brings exceptional technical depth across network penetration, application security, physical security, and social engineering. His work has identified critical vulnerabilities in Fortune 500 infrastructure and government systems.

Alex's methodology combines deep technical expertise with strategic thinking—understanding not just how systems break, but how organizations fail to detect and respond to sophisticated adversaries. Under his leadership, our red team maintains a 100% initial access success rate across engagements. Alex has presented at Black Hat, DEF CON, and classified government briefings. His approach to adversary simulation reflects years of operational experience that cannot be replicated through certification alone.

Purple Team & Engagement Operations

Maite Urrea

Engagement Coordinator & Purple Team Lead

Maite Urrea serves as the critical bridge between offensive operations and client success. As Engagement Coordinator and Purple Team Lead, she orchestrates the seamless execution of complex security assessments while ensuring that every engagement delivers maximum defensive value. Her unique position spans the full adversarial spectrum—from planning offensive campaigns to translating attack findings into actionable defensive improvements.

Maite's expertise in purple team operations transforms traditional penetration testing into collaborative security enhancement. She works directly with client defensive teams during engagements, providing real-time feedback on detection gaps, tuning recommendations, and hands-on guidance for security operations centers. Her methodical approach to engagement coordination ensures that scoping, rules of engagement, communication protocols, and deconfliction procedures are flawlessly executed—critical factors in high-stakes assessments involving production systems.

Beyond coordination, Maite brings deep technical capability in threat emulation, detection engineering, and security architecture review. She has developed purple team frameworks adopted by organizations across multiple sectors, designed detection validation methodologies that measurably improve SOC effectiveness, and led collaborative exercises that have fundamentally transformed client security postures. Her ability to communicate complex technical findings to both executive leadership and engineering teams makes her indispensable to engagement success.

Red Team Operations

Full-scope adversary simulation with objective-based methodology

Objective-Based Operations

Red team engagements are goal-oriented adversary simulations designed to test detection and response capabilities against realistic threat scenarios. We emulate specific threat actors using documented TTPs, providing defenders with realistic training.

Crown jewel identification and threat modeling Custom attack path development Multi-phase operations spanning weeks to months MITRE ATT&CK framework coverage

LLM-Assisted Operations: Reality vs. Hype

While vendors promise AI-powered penetration testing, rigorous evaluation shows fundamental limitations. Research by Isozaki et al. (arXiv 2024) found that both Llama3.1-405B and GPT-4o failed to complete a single end-to-end penetration test even with human assistance. We use AI tools where they provide genuine value while maintaining human judgment.

Deng, Liu, Wan, Wang et al. "PentestGPT: An LLM-empowered Automatic Penetration Testing Tool" USENIX Security (2024)
Isozaki, Tanaka, Mori et al. "Towards Automated Penetration Testing: Introducing LLM Benchmark" arXiv (2024)

Problem-Space Attacks

We address the problem-space vs. feature-space distinction identified by Pierazzi et al. (IEEE S&P 2020)—we focus on vulnerabilities that translate to real-world exploitation, not theoretical attacks requiring unrealistic attacker capabilities.

Pierazzi, Pendlebury, Cortellazzi, Cavallaro "Intriguing Properties of Adversarial ML Attacks in the Problem Space" IEEE S&P / ACM TOPS (2020/2024)
Operational Track Record
100%
Initial access success rate
< 72h
Avg time to domain compromise
200+
CVEs disclosed
Zero
Operational security failures
Resilience by design

Defensive Operations

Defense is not a product you buy. It is a capability you build.

We design, build, and operate defensive security infrastructure using machine learning at scale. Matrix factorization for behavioral baselines. Transformer architectures for sequence analysis. Statistical mass inference for real-time anomaly detection.

Our approach integrates detection engineering, threat hunting, and incident response into unified defensive capability. We process billions of events daily and detect threats that evade commercial solutions.

We are skeptical of research relying on outdated benchmark datasets. Papers reporting 99%+ accuracy on NSL-KDD or CICIDS-2017 should be viewed with caution given documented dataset issues.

Detection Engineering at Scale

ML-based detection with continuous learning and operational validation

Matrix Factorization for Behavioral Baselines

Non-negative matrix factorization with temporal decay captures user behavioral patterns from authentication logs. The technique proves particularly effective for lateral movement detection—attackers accessing resources inconsistent with compromised credential owner's patterns.

NMF with configurable temporal decay Contextual features (role, department, location) Cold start handling for new users/resources Lateral movement detection

Deep Learning for Sequence Analysis

Transformer architectures capture temporal patterns in network traffic and system logs. Our C2 detection models process network flows as sequences, with self-attention identifying correlations that signal coordinated malicious activity.

Lin, Xu, Zhang et al. "TransRL: Self-Supervised Learning Framework for Network Intrusion Detection" Security and Privacy (2025)
Düzgün, Çayir, Dağ et al. "OP Model: CANINE Transformer for Network Intrusion Detection" Expert Systems (2023)

Statistical Mass Inference

Large-scale log analysis requires streaming algorithms. Count-Min Sketch for frequency estimation. HyperLogLog for cardinality. Streaming percentiles for adaptive thresholds. We call this "statistical mass inference"—drawing conclusions from sampled and sketched statistics at scales where per-event analysis is computationally infeasible.

Count-Min Sketch for high-cardinality features HyperLogLog for scan detection Streaming percentiles for adaptive thresholds Real-time processing at billions of events/day

Addressing Dataset Limitations

Most published ML detection research relies on benchmark datasets with known flaws. NSL-KDD is based on 1998 traffic patterns. CICIDS-2017 contains infinite values and invalid features. We address concept drift through continuous evaluation and automated retraining.

Martins, Sousa, Vasconcelos et al. "Machine Learning for Network Intrusion Detection: A Systematic Review 2020-2024" Security and Privacy (2025)
Detection Performance
< 5 min
Detection to alert latency
< 1%
False positive rate
95%+
ATT&CK coverage
Billions
Daily events processed

Start a Conversation

Tell us about your security requirements. We respond within 24 hours.

Encrypted transmission