Urgent incident
Suspicious login, malware alert, account takeover, exposed data, or active business disruption.
Start Here
Contact Our Ethical Hacking Team
Tell us what happened, what you own, and what outcome you need. We review authorization before any technical work begins, then route the request to testing, response, recovery guidance, monitoring, code review, cloud review, or another safe service path.
Private intakeNDA availableAuthorization reviewNo unsafe requests
What to Include
A better first message gets you a faster answer
Include the asset involved, your relationship to it, what changed, when you noticed it, the business or personal impact, screenshots or logs if available, and who can approve access. Do not send passwords or unnecessary sensitive data in the first message.
If the request involves an account, device, financial record, wallet, exchange, review platform, or third-party system, explain what you own and what permission you have. That lets us keep the work legal and useful.
Prevention work
Application launch, cloud review, code review, pentest, red team, or vulnerability disclosure planning.
Recovery guidance
Account recovery, device security concern, fraud documentation, reputation abuse, or dark web exposure.
Request Consultation
After You Send It
What happens after the intake form
The first response is about qualification, not pressure. We review the facts, confirm whether the request is allowed, identify missing authorization details, and recommend the safest service path. If the request is urgent, the goal is to preserve evidence and reduce damage without destroying logs or making assumptions. If the request is preventive, the goal is to define assets, test windows, reporting needs, and the stakeholders who must approve the work.
1. Request review
We read the concern, asset details, ownership notes, urgency, and desired outcome. If anything is unclear, we ask before technical work begins.
2. Authorization check
We confirm written permission, owner approval, scope boundaries, excluded activity, and whether any third party must approve the work.
3. Service routing
The request is routed to incident response, penetration testing, code review, cloud security, device review, monitoring, or reputation support.
4. Scoped next step
You receive a clear recommendation: discovery call, emergency triage, fixed-scope assessment, evidence review, or a refusal if the request is unsafe.
Before We Start
Every engagement needs a safe boundary
We do not provide credential theft, unauthorized access, hidden surveillance, social media hacking, extortion, bank manipulation, review-platform hacking, malware creation, or instructions for illegal activity. Every engagement requires proof of ownership or written authorization.
We confirm ownership
The first step is proving that the asset, account, device, data, or system can be reviewed with permission.
We define scope
We document what is included, what is excluded, who approves access, and how evidence will be handled.
We choose the right path
The request may become a test, investigation, recovery plan, monitoring engagement, or advisory call.
Do Not Send Yet
Keep the first message useful and controlled
The first contact should help us understand the situation without creating unnecessary privacy or security risk. A short, clear summary is better than a large dump of sensitive files. Once the scope is accepted, we agree on the right channel for evidence — encrypted email, a shared secure folder, or another method appropriate to the sensitivity of the material.
No passwords
Do not send passwords, recovery codes, private keys, seed phrases, bank login details, or one-time codes in the intake form.
No unrelated private data
Avoid sending private messages, images, records, or third-party data unless it is necessary to explain the concern.
No unauthorized targets
Do not ask us to access accounts, devices, platforms, or systems you do not own or have written authority to review.
Response Times
What to expect after you send the intake form
The first reply is about qualification and routing, not pressure. Response times depend on urgency and the type of engagement, but the targets below are what we hold ourselves to during normal business hours.
Urgent triage
Same business day for urgent intakes — active compromise, account takeover, suspicious financial activity, or breach pressure. The first response confirms what to preserve and what not to touch.
Standard scoping
One to two business days for scoped assessments — penetration testing, code review, cloud security review, audit preparation, and recovery work that is not actively bleeding.
Complex engagements
Three to five business days for complex or multi-party engagements where legal, compliance, or vendor stakeholders need to align before scope is final.
Refusal turnaround
Requests that fall outside authorized scope receive a same- or next-business-day response explaining what is being refused, why, and the legal alternative we recommend.
Channel Options
How we move from intake to engagement
The intake form starts the conversation. After scope is accepted, the channel for the actual work depends on what is being handled — sensitivity, regulatory pressure, and the formality the client needs for their own records.
Email for scoping and reports
Standard business email is fine for non-sensitive scoping, status updates, and final report delivery. Reports themselves can be encrypted on request.
Phone for urgent triage
When something is actively going wrong, a short call before the intake form is finalised often saves hours of misdirected work. Email us first to schedule.
Secure file transfer for evidence
Once the engagement is open, sensitive evidence — logs, screenshots containing tokens, redacted personal data, configuration files — moves over encrypted file transfer rather than email attachments.
NDA and engagement letter
A mutual NDA can be put in place before scope details are shared. The engagement letter records scope, exclusions, fees, evidence-handling terms, and any compliance constraints.
Routing Decisions
Which service the intake will probably point to
The intake form does not lock the request to one service. Most engagements only confirm their final shape after a short scoping call. The patterns below cover the most common starting points so the first reply can be specific.
Active compromise
If suspicious activity is happening now — account takeover, malware alerts, exposed credentials, business disruption — the intake routes to urgent cybersecurity help or incident response.
Pre-launch or pre-release
New product, new feature, new cloud environment, or new API surface usually routes to penetration testing, secure code review, or cloud security depending on what is most exposed.
Hacked account or device
When an account, phone, or laptop the client owns has been taken over, the work usually routes to account recovery services, social media account recovery and monitoring, or owned-device security investigation.
Financial fraud or crypto loss
Wire fraud, payment-app scams, identity theft on bank or credit accounts, or crypto theft routes to financial account recovery support or crypto fraud and wallet recovery guidance.
Compliance or audit pressure
A customer questionnaire, audit deadline, insurance renewal, or board review usually routes to cyber risk and compliance audits, vulnerability management, or human risk and organization security.
Detection and response operations
Ongoing monitoring, alert triage, retainer-based response, or a new SOC capability routes to managed cybersecurity MDR/SOC or purple teaming for detection improvement.
Ready
Send the scope and ownership details.
We will review the request, confirm the safest next step, and route it to the right service path — usually within one business day.