Apple Ecosystem

> We speak fluent macOS internals.

From kernel extensions to AppKit misuses, we tear down Apple’s stack—because real control means going past what the UI allows.

Whether you’re deploying at scale with MDM, building native apps, or worried about sandbox escapes and AppleScript exposure, we know the internals—and we know the attack surface. 

This isn’t iOS jailbreaking for kids. 

This is adversarial thinking applied to Apple platforms, at depth. 

> What we work on

  • macOS hardening & attack surface mapping
  • TCC & SIP bypass discovery and mitigation
  • Endpoint monitoring & Apple event abuse detection
  • Reversing Swift & Objective-C binaries
  • AppKit, NSXPC, and AppleScript abuse paths
  • MDM validation and secure rollout audits
  • Security assessments of native apps & daemons
  • Writing Apps and Daemons

> Keywords

macOS • iOS • AppKit • TCC • SIP • AppleScript • NSXPC • sandbox • MDM • LaunchAgents • endpoint hardening • reverse engineering 

API Security

We break APIs the way attackers do: with creativity, patience, and no respect for your Swagger docs

Most API testing stops at status codes and “is auth required?” 

We go deeper: logic flaws, token confusion, race conditions, replay attacks. 

Whether it’s REST, GraphQL, or JSON-RPC, we treat your endpoints as an adversary would — not as a QA checklist.

We don’t believe in static scanners. We believe in controlled abuse. 

> What we work on

  • Broken Object Level Authorization (BOLA) & 
  • Insecure Direct Object References (IDOR)
  • Replay attacks, token leakage, and session hijacking
  • Auth logic abuse (OAuth misuses, JWT manipulation, refresh token traps)
  • Mass assignment, shadow parameters, unsafe defaults
  • Rate-limiting bypass & resource starvation
  • GraphQL introspection hardening
  • Custom fuzzers for endpoint abuse

> Keywords

REST • GraphQL • JWT • OAuth2 • BOLA • IDOR • token replay • mass assignment • fuzzing • rate-limit bypass • logic flaws 

Automotive security

You're not driving a car... you're driving a computer on four wheels!

Modern vehicles are complex, connected systems—CANbus networks, embedded ECUs, mobile-connected infotainment, and OTA firmware. 

We reverse them, we fuzz them, and we simulate what happens when your vehicle gets digitally hijacked.

We don’t audit dashboards. We tear down the drivetrain. 

> What we work on

  • CANbus sniffing, injection, and replay attacks
  • Firmware extraction from ECUs & binary reversing
  • UDS/ISO-TP protocol fuzzing
  • Reverse engineering infotainment systems & companion apps
  • OTA update abuse and insecure bootloader chains
  • Exploit chaining from mobile app to embedded target

> Keywords

CANbus • ECU • Firmware • UDS • Infotainment • OTA • Mobile apps • Protocol fuzzing • Vehicle attack surface • Reverse engineering 

Blockchain Security

We audit smart contracts like they owe us money.

We don’t stop at syntax or static analysis. 

We simulate adversaries under real conditions: race conditions, flash loan setups, and gas-based griefing. 

Whether it’s Solidity or raw EVM, we don’t just check the code—we understand the economics behind the bug.

If you’re pushing to mainnet without a full exploit simulation, you’re gambling with other people’s money. 

> What we work on

  • Smart contract auditing (Solidity, EVM, Foundry, Hardhat)
  • Reentrancy, MEV, logic flaws, unchecked external calls
  • Flash loan exploit simulation
  • Gas griefing, precision math issues
  • DeFi protocol architecture review
  • On-chain transaction analysis & replay abuse

> Keywords

Solidity • EVM • MEV • Flash loans • Reentrancy • Unchecked calls • DeFi • Gas griefing • Precision math • Hardhat • Foundry