← Back to services // Research

Security Research

Applied research

We perform targeted security research for organisations. Are cybercriminals abusing a vulnerability in your organisation? We find out how they do it.

What is security research?

Security research is targeted investigation into a specific security question. We regularly see organisations where cybercriminals have methods to carry out criminal activities via their platform. We find out how they do it, so you can solve the problem and limit the damage.

We monitor known criminal networks to map whether your organisation is mentioned there. If so, we dive into the shared information to find out exactly which method they apply to your organisation. We share the results with you, so you can take action to counter the abuse.

Our researchers combine offensive security expertise with creativity: we think like an attacker and look for ways to abuse your systems, payment flows or business logic. From bypassing payment logic and creating fraudulent accounts to in-depth 0-day research into the software you rely on — the goal is always the same: to discover what attackers can do before they do it.

When is security research relevant?

  • Complex business logic: abuse of payment flows, ordering processes, loyalty programmes, pricing engines.
  • Platform abuse: how can malicious actors abuse your platform? Fake accounts, fraud, scraping?
  • Responsible disclosure: you received a report and want to understand the impact.
  • Incident analysis: after an incident, understanding exactly how it happened.

Our approach

Research is by definition custom work. The approach depends on the question:

  1. Formulate research question - what do we want to know? Which scenarios are most relevant? Direct conversation with the researcher who will do the work.
  2. Dark Web research - we search the dark web for information about your organisation or services.
  3. Investigate findings - thoroughly examining found information, building a PoC.
  4. Reporting - detailed report with PoC and recommendations.

What does security research cost?

Hourly rate €175 per hour. We align scope and budget upfront. We report on progress along the way.

Methodology

1

Research question

Together with the researcher we define what we want to know and which abuse scenarios are most relevant.

2

Investigation

Active investigation of the scenario, including dark web research and analysis of known criminal networks.

3

Proof-of-concept

We examine the findings and build a reproducible PoC that demonstrates the abuse.

4

Reporting

Detailed report with PoC, the exact method and concrete recommendations to stop the abuse.

Frequently asked questions

What is the difference between security research and a pentest?

A pentest tests a system against known vulnerabilities within a fixed scope. Security research investigates openly how a product, process or platform can be abused, including unknown (0-day) weaknesses and complex business logic.

How long does a security research engagement take?

It depends on the research question. We agree scope and budget upfront and report on progress along the way, so you always stay in control of time and cost.

What does security research deliver?

A detailed report with a reproducible proof-of-concept, the exact abuse method and concrete recommendations to stop the abuse.

Do you work according to responsible disclosure?

Yes. If we find vulnerabilities at third parties, we always report them through a responsible disclosure process and in consultation with you.

Related services

// Offensive

Penetration Testing

CCV certified - blackbox, greybox & whitebox

 // Offensive

AI Pentest

Prompt injection, model manipulation and AI supply chain risks

 // Research

Speaking

Presentations at events and conferences

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch