Creative minds
breaking your Apps.

Get a Quote

CREST certified


📰 News:
- Bypassing Watermark Implementations
- Dive into Hacker-movies with our Hacker Movies Quiz
- Our Nmap CTF challenge for Ekoparty
- Gitxray: a security X-Ray for GitHub repositories
- Secure boot and VMware - Automating Kernel module signing

Creative minds
breaking your Apps.

Get a Quote

CREST certified


📰 News:
- Bypassing Watermark Implementations
- Dive into Hacker-movies with our Hacker Movies Quiz
- Our Nmap CTF challenge for Ekoparty
- Gitxray: a security X-Ray for GitHub repositories
- Secure boot and VMware - Automating Kernel module signing

Experienced testers

Our approach prioritizes a thorough understanding of the solutions we test, with a strong focus on their logic and integrations.

Passion for technology

Passion for technology

Passion for technology

We continually train ourselves to offer a distinctive value compared to automated options. Our proprietary Kulkan Academy serves as an internal quality driver.

The Kulkan way

The Kulkan way

Wow Factors

We culturally place a huge amount of energy on understanding technology as opposed to becoming button-clickers and merely running tools. In every single project we're after what we call "Wow Factors" - helping us raise the bar by identifying non-trivial vulnerabilities.

Meetings and Collaboration

We strongly believe in having as many meetings as necessary to get familiarized with the architecture and use-cases of the solutions that we test. We also have, per project, a good amount of internal meetings to brainstorm ideas and draft potential attack vectors.

Meetings and Collaboration

We strongly believe in having as many meetings as necessary to get familiarized with the architecture and use-cases of the solutions that we test. We also have, per project, a good amount of internal meetings to brainstorm ideas and draft potential attack vectors.

Meetings and Collaboration

We strongly believe in having as many meetings as necessary to get familiarized with the architecture and use-cases of the solutions that we test. We also have, per project, a good amount of internal meetings to brainstorm ideas and draft potential attack vectors.

Detailed testing plans

Planning is one of our strengths. Project plans get updated by our team daily and shared with your team regularly (weekly, monthly and annually!).

Detailed testing plans

Planning is one of our strengths. Project plans get updated by our team daily and shared with your team regularly (weekly, monthly and annually!).

Detailed testing plans

Planning is one of our strengths. Project plans get updated by our team daily and shared with your team regularly (weekly, monthly and annually!).

Preserving Context

Our methodolgy and process enables us to preserve key context and information in between rounds of testing. It's a whole different experience than using a partner that starts from scratch every time.

Adaptable testing

We are prepared and so is our methodology to adapt our testing using Production or Sensitive environments.

Adaptable testing

We are prepared and so is our methodology to adapt our testing using Production or Sensitive environments.

Adaptable testing

We are prepared and so is our methodology to adapt our testing using Production or Sensitive environments.

Keeping your team Focused

We can work with application teams directly, or collaborate with your existing security team. Our experience and love for detail helps deliver zero false positives and high quality deliverables.

Keeping your team Focused

We can work with application teams directly, or collaborate with your existing security team. Our experience and love for detail helps deliver zero false positives and high quality deliverables.

Keeping your team Focused

We can work with application teams directly, or collaborate with your existing security team. Our experience and love for detail helps deliver zero false positives and high quality deliverables.

Get a Quote

A simple four step engagement process.

A simple four step engagement process.

Scoping and Scheduling

We can help estimate and define the scope of work. We’ll prepare and share a work proposal document. Slots in our schedule are only locked once a work proposal is approved and signed.

We can help estimate and define the scope of work. We’ll prepare and share a work proposal document. Slots in our schedule are only locked once a work proposal is approved and signed.

We can help estimate and define the scope of work. We’ll prepare and share a work proposal document. Slots in our schedule are only locked once a work proposal is approved and signed.

Execution

We’ll create a Kulkan Footprint of your APIs. We’ll establish a bridge between both parties and share detailed weekly updates.



We’ll create a Kulkan Footprint of your APIs. We’ll establish a bridge between both parties and share detailed weekly updates.

We’ll create a Kulkan Footprint of your APIs. We’ll establish a bridge between both parties and share detailed weekly updates.

Delivery

We’ll share with your team a report in multiple formats via our proprietary secure file transfer method. Our team will then preserve context and new knowledge to seal the Kulkan Footprint of your APIs.

Retesting

We can help you validate fixes to any of the findings that we’ve reported. Talk to us in order to schedule either a subsequent round of testing or an isolated project for validating fixes.

We are CREST Accredited in Penetration Testing

We are CREST Accredited in Penetration Testing

Working with professional, experienced security consultants and penetration testers who are awarded the CREST accreditation, grants your company a level of independent assurance over the services being delivered.

What is CREST?

What is CREST?

CREST is the international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence services, and Security Operations Centre (SOC) services.

A flexible vessel for communicating risk.

A flexible vessel for communicating risk.

Please discuss your reporting needs upfront if you’re looking for a specific type of Report.
We’ll be happy to try our best!

Please discuss your reporting needs upfront if you’re looking for a specific type of Report. We’ll be happy to try our best!

PDF / EXCEL

Our report documents include details on each threat, their impact on your infrastructure and recommendations. We Also include an excel-friendly version of the report, to ease parsing and importing.

CVSS

Findings are assigned a CVSS score based on actual exploitation context, meant to help your team strategize a mitigation plan.



CVSS

Findings are assigned a CVSS score based on actual exploitation context, meant to help your team strategize a mitigation plan.



CVSS

Findings are assigned a CVSS score based on actual exploitation context, meant to help your team strategize a mitigation plan.



Security

Our secure report delivery platform will help us deliver all of the sensitive data securely to you.

Security

Our secure report delivery platform will help us deliver all of the sensitive data securely to you.

Security

Our secure report delivery platform will help us deliver all of the sensitive data securely to you.

Get a Quote

Collaboration, made easy.

Collaboration, made easy.

By joining your Ticketing system
(eg. JIRA, RALLY, GIT)

In addition to or in replacement of the report deliverable, our team can submit findings to Rally, JIRA, Github, and more.

In addition to or in replacement of the report deliverable, our team can submit findings to Rally, JIRA, Github, and more.

By joining your Chat platform
(eg. Slack, Telegram, Signal)

We welcome communication and therefore our team will be happy to jump on a shared channel or authenticate to your infrastructure.

We welcome communication and therefore our team will be happy to jump on a shared channel or authenticate to your infrastructure.

Happy customers include:

Get a Quote
We look forward to hearing from you.