Built to cover every surface.
We review every surface a modern system exposes, from web apps and APIs to complete Kubernetes clusters, Active Directory, and embedded code. If it's part of your stack, it's in scope.
Every surface below sits in the same model: reviewed in parallel, with attack paths traced the way an attacker chains between them. No surface is a separate tool.
-
Web apps
Auth flows, session handling, access control, and business logic across your web app and the services behind it. Cipher traces the multi-step exploits that single-endpoint scanners miss.
Field report Payments-platform takeover chain → -
APIs
REST, GraphQL, and internal service APIs. Broken object-level authorization, tenant isolation, and token handling, reasoned across every service a request actually touches.
Publicly disclosed Hasura row-permission bypass · 7.7 → -
Cloud & IaC
Terraform, IAM policy, and cloud configuration read together with the code that depends on them, so a misconfiguration is judged by what it actually exposes.
Field report Wallet-mint reachable from the internet → -
Kubernetes clusters
Complete clusters reviewed as one system: workloads, RBAC, operators, admission and network policy, and the tenant boundaries between namespaces, traced to what a compromised pod can actually reach.
Publicly disclosed StackGres tenant-to-pod RCE · 9.4 → -
Identity & Active Directory
Active Directory, Entra ID, and the SSO and OAuth flows in front of them: trust, delegation, and Kerberos paths traced the way an attacker escalates, from one weak account to the domain.
Publicly disclosed ZITADEL OAuth client-binding bypass → -
AI / LLM applications
AI and LLM-powered features: prompt injection, tool and agent abuse, insecure model and data supply chains, and the new trust boundaries they introduce.
-
Network & infrastructure
Internal and external network surfaces, host and service exposure, and the segmentation that decides how far an attacker moves once inside.
Publicly disclosed Open5GS 5G-core pre-auth read · 8.6 → -
Open-source & embedded
Original research into the widely deployed open-source and embedded software your stack inherits: real-time operating systems, media and protocol stacks, and data-layer components. Novel findings, reported and fixed upstream.
Publicly disclosed GraphicsMagick heap overflow + 7 Vim CVEs → -
Secrets & sensitive data
Credential and secret exposure across code, CI/CD, and runtime, traced to what the leaked material actually unlocks.
Field report HMAC signing-key theft, payments chain → -
Mobile applications
Android clients and their backends: insecure storage, weak certificate handling, exported components, and the trust assumptions between app and server.
-
OT / SCADA
Operational-technology and industrial control surfaces, where protocol and segmentation assumptions carry physical consequences.
Publicly disclosed BACnet Stack pre-auth advisory → -
Memory safety
Native and systems code. Memory-corruption classes reasoned through to exploitability, not just flagged as warnings.
Publicly disclosed GraphicsMagick heap overflow · 8.1 →