Industries

We focus on four industries. Deeply.

Specialization matters. Most of our engagements fall into one of the four verticals below — the ones where we have the deepest threat model coverage and the most reproducible playbooks.

Fintech

Payments, neobanks, and investment platforms under PSD2, PCI DSS, SOC 2 pressure.

Common findings we chase

KYC bypasswire-fraud flowsBOLA on wallet endpointscard-tokenization scope confusionwebhook forgery

Compliance drivers

SOC 2 Type IIPCI DSSPSD2 SCA

Web3 & DeFi

Lending, DEX, bridges, staking — Solidity, Move, Rust / Anchor.

Common findings we chase

reentrancy (classic / cross-function / read-only)oracle manipulationMEV exposureprecision losscapability model misuseupgradeability flaws

Compliance drivers

Pre-mainnet auditUpgrade reviewContest-mode dry run

B2B SaaS

Multi-tenant platforms, identity, integration-heavy architectures.

Common findings we chase

tenant isolation breaksSSO / SCIM flawsAPI authorization (BFLA)SSRF in integration featuressecret leakage

Compliance drivers

SOC 2 Type I/IIISO 27001Customer trust reviews

iGaming & Sportsbooks

High-volume, regulated, adversarial by default.

Common findings we chase

wallet IDORbet settlement race conditionspromo abuse chainsRNG integrity concernsKYC / withdrawal flow attacks

Compliance drivers

MGAUKGCSOC 2 for B2B ops

Outside these four?

We still take engagements outside these verticals. Tell us about your stack — we will say so if it is not a fit.

Request Assessment