nullvector
Scan my domain
[ DOSSIER //NV-2026-0000 · classified ]

Here's how we get into a company like yours in four minutes.

Pentest, audit, monitoring. Three operations to make your attack vectors unexploitable.

./initiate_scanSee an operation
STATUS: [LIVE]× 47 scans this week
03
// THE_COST_OF_INACTION

The risk you've been pushing back since the last board meeting.

$4.5M
average cost of a breach
287
days · average time to detection
−23%
average impact on post-incident valuation

Source: IBM Cost of a Data Breach Report 2024

04
// THREE_OPERATIONS

Three operations. One posture.

OP·RECON/01

Web pentest

We get in before they do.

$ ./recon --depth full
[~] jwt rotation: missing
[!] SSRF in /export
  • OWASP Top 10
  • API auth
  • JWT rotation
  • SSRF / RCE
2-4 weeksexec + technical report
OP·CITADEL/02

Infrastructure audit

We map your cloud, network, and config weaknesses.

$ ./citadel --benchmark cis
[~] s3 public: 1 bucket
[!] secrets in env vars
  • CIS Benchmarks
  • IAM review
  • Cloud configs
  • Network seg.
3-6 weeksscorecard + roadmap
OP·SENTINEL/03

Continuous monitoring

We keep one eye open while you sleep.

$ ./sentinel --watch
[+] dwell time: 12 min avg
[+] last alert: 3m ago
  • MITRE ATT&CK
  • EDR / XDR
  • SIEM rules
  • On-call 24/7
ongoing engagement24/7 alerting + monthly reviews
05
// ENGAGEMENT_TIMELINE

Day 0 → Day 30.

We work in silence. You get two meetings: kickoff and debrief.

  1. step / 01Day 0-3

    RECON

    Mapping, OSINT, attack surface.

  2. step / 02Day 3-15

    EXPLOIT

    Controlled intrusion attempts, attack chains.

  3. step / 03Day 15-22

    REPORT

    Exec + technical report with proof of exploit.

  4. step / 04Day 22-30

    REMEDIATION

    Patch tracking, retest of critical findings.

06
// DECLASSIFIED_FILES

3 files. Real missions. Anonymized details.

FILE //0101

Premium watch e-commerce. Full audit before raise.

key finding
Full server access

One flaw was enough. Patched in 48h, posture rebuilt.

FILE //0202

Members-only premium gaming club. Post-incident.

key finding
Posture rebuild

Infra audit + OP·SENTINEL deployed. Zero incident since.

FILE //0303

B2B SaaS series B. Primary AWS account.

key finding
AWS compromise

Detected and contained in 12 hours via OP·SENTINEL.

07
// THE_TEAM

Who we are.

A team of operators out of École 42 and private offensive research. Senior pentesters, AI-augmented in our tooling, crypto-native in our references — fluent across on-chain attack surface as much as classic SaaS apps.

We'd rather prove than pitch. No marketing PDFs: a report, evidence, a roadmap.

08
// FREQUENTLY_ASKED

The real questions.

01How much does it cost?

Starts at €5k. Exact quote depends on scope — attack surface, depth, deliverables. We price it after the free scan, never before.

02How long does it take?

1 month on average from kickoff to debrief. The free scan returns within 48 hours.

03What if you don't find anything?

We deliver a signed report that says so. You can present it to your board or due diligence team. It's rare, but it happens.

04What sectors do you work with?

Fintech, B2B SaaS, marketplaces, healthtech. Anything that handles sensitive data or money.

05How do you guarantee confidentiality?

Mutual NDA signed before kickoff. Data encrypted at rest and in transit. PGP available for sensitive exchanges.

06How are you different from a traditional audit firm?

We don't sell PDFs. We provide proof of exploit, support patching, and retest. No junior auditors, no subcontractors.

09
// INITIATE_SCAN

The only way to know is to look.

Report in 48 hours. No commitment. If conclusive, we'll set up a call.

// intake_form● ready

→ 48h · no_engagement · if_conclusive_call