Services

Services organized by risk type.

Choose the right assessment for the asset, the threat and the business objective you want to protect.

4 risk universes
6 service areas
Regional LATAM coverage
Capabilities

Select the risk universe you want to address.

Each universe groups the services that apply to that type of asset, threat or objective. Expand any service to see the scope, or visit the full landing page for more detail.

01
External Pentest
Assessment of the perimeter visible from the Internet.
Learn more →
+

Service scope

Assessment of Internet-exposed assets: public IPs, web servers, email services, VPN, remote access portals, administrative panels and cloud services with a public footprint.

What your organization receives

  • Technical report with reproducible evidence
  • CVSS v3.1 classification
  • Remediation roadmap
  • Validation retest
02
Internal Pentest
Simulation of an attacker with access to the corporate network.
Learn more →
+

Service scope

Assessment from the perspective of an attacker who has already breached the perimeter: workstations, servers, Active Directory, network segmentation, databases and privileged access controls.

What your organization receives

  • Reconstructed attack chains
  • Critical path map
  • Prioritized roadmap
  • Validation retest
03
Wireless Pentest
Assessment of corporate and guest wireless networks.
Learn more →
+

Service scope

Technical assessment of wireless infrastructure: access points, authentication protocols, SSID segmentation, rogue AP detection, evil twin and captive portal bypass.

What your organization receives

  • Technical report with evidence
  • Segmentation analysis
  • Remediation roadmap
  • Retest after remediation
04
Pentest 360
Comprehensive assessment combining all attack vectors.
Learn more →
+

Service scope

Comprehensive assessment combining the external perimeter, internal infrastructure, applications, wireless and social engineering in a coordinated exercise. It simulates adversaries who exploit multiple chained vectors.

What your organization receives

  • Consolidated report per vector
  • End-to-end narrative
  • Detection and response assessment
  • Strategic roadmap
  • Comprehensive retest
01
Application Pentest
Testing of web and mobile applications and APIs.
Learn more →
+

Service scope

Assessment of web applications, mobile apps (Android and iOS) and REST or GraphQL APIs following OWASP. We analyze authentication, authorization, business logic, dependencies and data exposure.

What your organization receives

  • Report per application and endpoint
  • Reproducible evidence
  • OWASP Top 10 mapping
  • Roadmap for development teams
  • Validation retest
01
Red Team Operations
Objective-driven simulation of advanced adversaries.
Learn more →
+

Service scope

Attack scenarios aligned with real threats to your sector, combining external vectors, social engineering, lateral movement, privilege escalation and evasion techniques to measure your real defensive capability.

What your organization receives

  • End-to-end narrative
  • TTPs mapped to MITRE ATT&CK
  • Defensive capability analysis
  • Purple Team session
02
Blue Team
Incident response, forensics, CTI and dark web monitoring.
Learn more →
+

Service scope

Five defensive capabilities: 24/7 Incident Response, Forensic Analysis with court-admissible chain of custody, Incident Investigations, Deep/Dark Web Monitoring and regional Cyber Threat Intelligence.

What your organization receives

  • Activation in <2 hours for incidents
  • Containment on day one
  • Reporting suitable for legal proceedings
  • Actionable alerts with context
03
Social Engineering
Assessment of the human factor through controlled techniques.
Learn more →
+

Service scope

Controlled campaigns of targeted phishing, spear phishing, vishing, smishing, pretexting and physical access testing. Realistic scenarios are designed around your organization's context.

What your organization receives

  • Segmented metrics by department
  • Risk pattern analysis
  • Awareness plan
  • Validation retest
04
Security Hardening
Remediation, hardening and cloud security across AWS, Azure and GCP.
Learn more →
+

Service scope

Implementation of fixes across servers, endpoints, network devices and cloud environments following CIS Benchmarks. Tuning of firewalls, IPS, WAF, EDR and SIEM.

What your organization receives

  • Detailed remediation plan
  • Configuration baseline
  • Technical validation
  • Knowledge transfer
05
Training
Specialized technical training tailored to your stack.
Learn more →
+

Service scope

Four training tracks: SOC and Blue Team staff, security for developers, hardening and secure administration, and executive programs for directors and board members. Content you can apply the next day.

What your organization receives

  • Customized program based on sector and stack
  • Content based on real cases
  • On-site, remote or hybrid delivery
  • Instructors with operational experience
01
Regulatory Testing
Assessments aligned with international regulatory frameworks.
Learn more →
+

Service scope

Technical assessments designed to comply with ISO 27001, NIST CSF, SOC 2, GDPR, data protection laws, Superintendency of Banks agreements and sector-specific regulations.

What your organization receives

  • Report aligned with the regulatory framework
  • Audit-ready evidence
  • Gap analysis
  • Prioritized roadmap by criticality
02
PCI DSS Pentest
Testing under PCI DSS v4.0 for cardholder data environments.
Learn more →
+

Service scope

Testing of the Cardholder Data Environment (CDE) following requirements 11.4.1, 11.4.2, 11.4.3 and 11.4.4 of the PCI DSS v4.0 standard. Validation of segmentation and compensating controls.

What your organization receives

  • QSA-ready report
  • Segmentation validation of the CDE
  • Evidence for requirements 11.4.x
  • Validation retest
03
Advisory
Technical compliance audits and strategic consulting.
Learn more →
+

Service scope

ISO 27001, SOC 2, PCI-DSS and NIST CSF audits; and strategic consulting for CISOs, boards and executive committees on investment, enterprise program design and security architecture.

What your organization receives

  • Audit report or strategic document
  • Gap analysis
  • Implementation roadmap
  • Documentation ready for certification