What I offer
Services
Engagements tailored for SMBs: defined scope, controlled budget, actionable deliverables. I don't just identify problems. I help fix them.
Pentest & External Audit
Real-world attack simulation from the Internet to map your exposure and identify critical vulnerabilities before an attacker does.
Duration: 1 to 2 weeks
What's included
- Passive reconnaissance (OSINT, DNS, certificates)
- Port scanning and enumeration of exposed services
- Web application testing (OWASP Top 10)
- Exploitation attempts of discovered vulnerabilities
- API testing (authentication, authorization, injection)
- Detailed report with CVSS score and prioritization
Deliverables
- Executive report (non-technical, for management)
- Detailed technical report (for IT teams)
- Prioritized remediation plan
- Debriefing session
Active Directory Pentest
Full audit of your Active Directory, the most targeted component in SMB attacks. Kerberoasting, Pass-the-Hash, BloodHound, privilege escalation.
Duration: 1 to 3 weeks
What's included
- AD enumeration (users, groups, GPO, ACL)
- Privilege escalation path analysis (BloodHound)
- Kerberoasting, AS-REP Roasting tests
- Pass-the-Hash / Pass-the-Ticket
- DCSync and secret extraction
- Kerberos delegation review
- Trust relationship testing
Deliverables
- Attack path mapping (BloodHound graphs)
- Technical report + remediation
- Customized AD hardening guide
- Debriefing session with the IT team
Azure / M365 Audit
Review of your Microsoft cloud security posture. Misconfigurations, over-privileged identities, exposed data, compliance, based on CIS and MSRC benchmarks.
Duration: 1 to 2 weeks
What's included
- Entra ID role audit (RBAC, PIM, MFA)
- Conditional access policy review
- Defender for Cloud analysis (CSPM, security score)
- Storage Accounts and Blob permissions audit
- App Registrations and Service Principals review
- Exchange / SharePoint / Teams configuration
- Microsoft Sentinel log and alert analysis
Deliverables
- Audit report with CIS compliance score
- Risk matrix and priority remediations
- PowerShell/Azure CLI remediation scripts
- Monitoring dashboard
Hardening & Remediation
I don't just write reports. I step in to fix identified vulnerabilities: system hardening, configuration fixes, and implementing controls.
Duration: Variable based on scope
What's included
- Windows/Linux server hardening (CIS Benchmarks)
- Securing exposed services (Nginx, Apache, IIS)
- WAF configuration (ModSecurity, Coraza, OpenAppSec)
- Firewall rule setup or audit (pfSense, FortiGate)
- API security (JWT, rate limiting, CORS)
- Azure hardening (policies, Defender settings)
- Documentation and maintenance procedures
Deliverables
- Before/after report with metrics
- Technical documentation of changes
- Maintenance procedures
- Short IT team training if needed
Web Development
Design and development of modern, performant web applications built with Next.js and React, with security baked in from the start.
Duration: Variable based on scope
What's included
- Full-stack web application development (Next.js App Router)
- React component architecture and UI design
- REST API design and integration
- Authentication & authorization (NextAuth, JWT, OAuth2)
- Performance optimization and Core Web Vitals
- Deployment on Vercel / cloud infrastructure
- Security-first approach: input validation, CSP, HTTPS enforcement
Deliverables
- Production-ready web application
- Source code with documentation
- Deployment and hosting setup
- Maintenance handoff or ongoing support
How it works
Initial call
Free discovery call to understand your context, challenges, and define the scope.
Proposal
Detailed quote with scope, methodology, deliverables and timelines. No surprises.
Engagement
Mission execution with regular progress updates. Full transparency.
Delivery & follow-up
Report + debriefing. Available to support remediation if needed.
Questions about a service?
Let's talk with no commitment to see what fits your situation.
Get in touch