Company Profile

Information Security Department

Security Operations Center
Who We Are

We are collaboration people are focusing on Information Security that will provide another dimension in
the development or maintain of information security technology for business and institutional needs,
created from a creativity and pride of perfection.

We are providing integrated IT security solutions and consultancy services. We provided IT cyber
security services, included the SOC or security operation center that managed clients cyber security
needs. And also We also provided some of our own security vanilla tools to do our task.

As a MSSP managed security service provider, we provided range of services related to the needs for
handling cyber security breach, vulnerability assessment.
What We Do
● Defensive (Blue Team)

Not like a red team, blue team will conduct formal test on web-based/web-service
application, network infrastructure, and other types of computer system on a regular
basis to evaluate security of application and network infrastructure. Blue team also build,
maintain, and operate system to ensure environment and application are secure from
threats, and meet a number of stringent security, especially PCI DSS and ISO
27001/27002.

Our Aspects :
● Security Audit and Hardening
● Log Analysis
● Malware Analysis
● Threat Intelligence and Firewall
● Security Information and Event Management
● Information Security Policy and Procedure
● Incident Response and Computer Forensics
What We Do
● Offensive (Red Team)

Red Team are focused on penetration testing of different systems and their levels of
security programs. We are there to detect, prevent and eliminates vulnerabilities. We also
imitates real-world attacks that can hit a company or an organization, and they perform
all the necessary steps that attackers would use. By assuming the role of an attacker, we
show organizations what could be backdoors or exploitable vulnerabilities that pose a
threat to their cybersecurity. To be truly effective, red teams need to know all the tactics,
techniques and procedures an attacker would use.

Our Aspects :
● Security Assessment and Penetration Testing
● Threat Emulation and Analyzer
● Developing tools and methodologies
● 0day and NextGen vulnerability research
● Comprehensive and accurate reports
● Mentoring less experienced staff about security awareness
What We Do
● Research about Information Security

We also conduct research about Information Security. We also imitates real-world cases.
Sample case such as Intelligence, we develop OSINT (focused on HUMAN and GEO).
What We Do
● Application Platform

Most of our application are using open source technology, and also proprietary are tailor
made for the needs of task we are doing and the target that we have to achives.
Defensive
Securing infrastructure certainly requires experienced people. We not just fixated by
existing modules, we also research and analysis.
Security Audit and Hardening
We can audit and hardening before live production and analysis of upcoming threats.
Because data breach is a corporate disgrace!

Threats analysis sample case:

● Phishing Attacks
● DDoS Attacks
● Malware / Virus
● Malicious third-party services
● Poor Password Behavior
● Physical Attacks
● Natural Disaster
● Negligent Employees
Malware Analysis
Handle and analyze malware (botnet) on production server (in another company)
Log Analysis
Analyze Log on Web Server (Access Log)
Show Case
IDS/IPS Sensor for local VLAN/Network
Offensive
To find out cyber-attacks that occur in the real world case, we have to be offensive.
Security Assessment & Penetration Testing
We use 3 methods White Box, Gray Box, and Black Box when testing. We are very familiar
with Network, Server, Database Server, Web Application, and API. To be more accurate,
80% we do it manually.

Aspects
● Reconnaissance (Information Gathering) ● Exploitation
-> Social Engineering ● Gaining Access
-> Enumeration ● Business Impact Analysis
-> Crawling ● Reporting
-> Footprinting
● Vulnerability Analysis
-> Fuzzing
-> 0day / CVE Identification
Security Assessment Experience
● Our Red Team has participated Bug Hunting on

and many more….

Penetration Testing (Show Case)
● SQL Injection Vulnerability
Penetration Testing (Show Case)
● Content Injection Vulnerability
Penetration Testing (Show Case)
● Sensitive Data Enumeration (Phone Number Extraction)
Penetration Testing (Show Case)
● Cross-Site Scripting (XSS) Vulnerability
Penetration Testing (Show Case)
● Server-Side Request Forgery (SSRF) Vulnerability
Penetration Testing (Show Case)
● Readable Configuration Vulnerability
Show Case
● Network Threat Detection and Analyze
Various vanilla homemade tools based on
needs
● Network Assessment tool for Red Teaming Activity
Various vanilla homemade tools based on
needs
● Cloudflare Real IP digger for Red Teaming Activity
Show Case
● Various tools for Red Teaming activity
Research about Information Security
We also research about Information Security best practice, 0day Exploit, Malware
Analysis, Next-Gen Methodology, OSINT (Open Source Intelligence), etc.
Research (Show Case)
Inject WRT software
OSINT - Open Source Intelligence (Show Case)
We develop OSINT (HUMINT) to find location by name
OSINT - Open Source Intelligence (Show Case)
We develop OSINT (HUMINT) to find college (student or ex-student) and student relation
by name
 Feel not secure?

Your system under attack?

Need out of the box solutions?

Contact Us!