ENGAGE LABS

We are a small offensive and research team. When you hire us, you get the people who find the bugs, not the people who manage them.

We like strange behaviour, ugly edges and problems that do not fit standard cybersecurity services.

If you have one hard security problem and you want someone to break it, understand it and explain it clearly, this is what we do.

Our only service

Deep Threat Research Sprint

You bring us one hard problem.

We spend a short, intense period going as deep as needed.

You leave with a clear threat model, proof of impact and concrete actions.

What this is for

This is not a generic cybersecurity service.

Good fit if at least one of these is true for you:

You own a product, platform or tech stack and you feel something is wrong but cannot prove it
You had an incident or weird behaviour and your current tools and vendors cannot give you a good answer
You want to know if there is a new class of attack hidden in one feature, protocol or workflow
You are ready to fix and improve things if we show you real risk

If you just need a checkbox pentest, standard red team or basic DFIR, ITRES already does that in other services.

LABS is for the cases that do not fit.

What problem we solve

Typical questions that fit a Deep Threat Research Sprint:

“Can my product security countermeasures be bypassed or exploited?”
“Does this new feature hide a takeover path?”
“Can this business process leak data or internal artifacts?”
“Is this strange behavior actually a new technique, and how would a real attacker use it?”

This is the same type of work behind our public research on:

How a sprint works

We keep it simple. One sprint, one problem.

Understand
- Short calls and document review
- We agree on the exact question and the scope of the sprint
- Access to lab environment, test accounts or sample data if needed
Break and map
- We try to abuse the feature, protocol or workflow in realistic ways
- We build safe proof of concept chains where possible
- We map real impact, preconditions and attacker effort
Explain and harden
- We write a clear technical report
- We give you a threat model with concrete attack paths
- We propose practical fixes, hardening steps and or detections
- Optional session with your team to walk through everything

Sprints are short by design. Think weeks (2~5 weeks) not months. Consider a budget of between $15,000 and $40,000.

We focus on depth for one problem, not on finding “as many bugs as possible”.

What you get

At the end of a Deep Threat Research Sprint you get:

A clear description of what is really going on
Proof of concept material when it is safe and relevant
A threat model that your engineers and your CISO can both read
A list of concrete changes you can make (configuration, protocol changes, code fixes, extra logging or detections)
Optional support text for your customers: security advisory, FAQ or co written blogpost if you want to communicate the work

You also keep all IP and code that we create for you inside the sprint. We only publish anything publicly if you explicitly agree.

Why LABS@ITRES

We do this type of work already on our own time. For example:

Turning a weird behaviour into a full device takeover scenario and a CVE
Showing how CMS media and sitemaps leak draft and past content that teams believe is private
Exploring how VPNs, snapshots or USB can hide attacker activity from standard telemetry

Our public LABS blog shows how we think and how we document. The sprint is simply that mindset applied to your system, with your data and your priorities.

Talk to us

Tell us in a few lines:

What the system or feature is
What you have seen or what you are worried about
What you would like to decide at the end of the sprint

We will answer honestly if a Deep Threat Research Sprint makes sense for you
and what a realistic scope would look like.

Go back