I.
Real-world resilience over theoretical coverage
Checklists describe a class of attacker that does not exist. We model the actual adversary — their economics, patience, and tooling — and report on what they would find, not what a scanner can.
NoctuaSec
EngageOffensive Security Research
We examine systems the way capable opponents
will.
Slowly. In writing. With sources cited.
NoctuaSec is an offensive security research practice focused on hardware assessments, regulated-sector engagements, and policy work in defense-adjacent contexts.
§ IScroll to read
§ II — Mission
Most security work is performed in haste, against deadlines that reward the appearance of rigor over its substance.
Late one night during a recent engagement, we were extracting memory from a circuit board — byte by byte, with a majority-vote algorithm, because the standard utilities kept erroring out. This kind of work tends to find things others miss.
Some of what we do is paid. Some appears in academic forums or arrives as pro bono work for organizations operating in defense-adjacent contexts. The standard is the same in all of them.
§ III — Approach
Two principles, observed without exception.
II.
Manual examination over automated coverage
Tools find what is already known and named. The findings that matter come from sitting with a system long enough to ask the questions a scanner cannot frame.
§ IV — Practice
Four disciplines, practiced by the same hands that write the reports.
№ 01Practice
Red Team Operations
Adversary emulation engagements scoped to a specific threat model. Multi-stage operations from initial access through objective, with custom tooling developed where the engagement requires it.
№ 02Practice
Application Security Assessments
Authorization, authentication, and access control flow testing against web applications and platforms holding sensitive data. Manual examination of business logic; automated tooling used as instrumentation, not as a deliverable. Findings documented with risk analysis and remediation guidance.
№ 03Practice
Hardware & Embedded Security
Security assessments of access control systems, embedded devices, and the cryptographic protocols around them. Black-box methodology, hands-on inspection at the chip and protocol level, custom tooling where the work demands it. Engagement reports include risk matrices and prioritized remediation paths.
№ 04Practice
Threat Modeling & Architecture Review
Workshop-based engagements to map adversary economics, attack surface, and design assumptions against new or evolving systems. Conducted before implementation where possible. Deliverables include a written threat model and prioritized remediation roadmap for downstream engineering and security work.
§ V — Fieldwork
Selected engagements, redacted where necessary.
Healthcare2025
Healthcare engagement
A two-week assessment of authorization architecture in a healthcare platform handling clinical records and patient data. Five findings — three critical, two high — including an authentication bypass enabling full administrative account takeover and mass exposure of patient records across the user base. Coordinated disclosure to platform leadership; remediation initiated. Formal acknowledgment issued by the platform's CEO.
Case Note — Available on Request
Critical Infrastructure2026
Access control in a hospitality facility used as student housing
A nine-day authorized assessment of access control infrastructure at a European hospitality facility operating as university student accommodation. Three attack vectors tested: electronic lock service interfaces (Onity HT series, ~2013), RFID/NFC key card cryptographic architecture (MIFARE Ultralight C with 2K3DES authentication), and internal hardware via direct EEPROM extraction over I2C. Of six identified vulnerability areas, five remain architecturally open and cannot be resolved through configuration changes alone. Formal acknowledgment issued by the institution.
Case Note — Available on Request
Red Team2025
Two-month red team operation, mentored by Gynvael Coldwind
A two-month authorized red team engagement against an internal organizational target, conducted under the mentorship of Gynvael Coldwind (ex-Google / Dragon Sector). Four-member team operating across the full engagement lifecycle: OSINT, initial access, persistence, and command-and-control. Custom tooling developed in-house, including a C# multi-stage backdoor with registry-key persistence, Telegram-based C2, and anti-sandbox evasion. All techniques and procedures mapped to MITRE ATT&CK; assessment report delivered through a structured debrief.
Case Note — Available on Request
§ VI — Network
Convening, writing, and collaboration.
Public-purpose work is part of the practice, not adjacent to it. Convening, writing, and pro bono engagements where the work serves a clear public interest.
Forum
Cyber Warfare 2026
Statecraft, Big Tech & Global Defense
WarsawJanuary 2026250+ participants
Keynote speakers
- Gen. Serhii Demediuk
former Deputy Secretary, NSDC of Ukraine - Dr. Łukasz Olejnik
King's College London - Aleksandra Wójtowicz
PISM
In cooperation with
- Vistula University
- Lviv Polytechnic National University
- Institute of Cyber Warfare Research
- Google Developer Group PJATK
War on the Rocks · 2026
Co-authored with Gen. Serhii Demediuk
“The classical understanding of state sovereignty is being challenged. States now must actively ask for permission to use private capabilities for defensive purposes.”
In support of
The 2026 forum supported Superhumans Center.
A Ukrainian organization providing medical rehabilitation for individuals injured during the war.
Engagement inquiries are reviewed individually
§ VII — Correspondence
Begin a correspondence.
We respond to every serious inquiry within two business days. Initial conversations are confidential and without obligation. Encrypted channels available on request.