Authorised security testing,
built for Australian law.

We probe your email and web surfaces the way a real attacker would — carefully, lawfully, and on sovereign Australian infrastructure. Evidence-first findings, no offshore data, nothing destructive without your written sign-off.

Authorisation comes first

No test begins until we have your explicit permission. This is the part our legal clients care about most, so we make it non-negotiable.

  • Written authorisation. Every test requires a signed engagement agreement defining exact scope and limits.
  • Domain verification. We confirm you control the target via a DNS-TXT record before any active work.
  • Staged execution with safety gates. Each phase is gated; we only advance with your approval.
  • Emergency stop. You can halt any test at any moment, and we stop immediately.
  • Nothing destructive without sign-off. Exploitation that could affect data or availability never runs without explicit, written authorisation.

Two surfaces, one engagement

We assess both of the surfaces attackers actually use against professional firms.

1. Email & mail security

  • SPF, DKIM, DMARC, MTA-STS and TLS posture review
  • User-enumeration and spoofing resistance
  • Transport hardening and misconfiguration detection

2. Web applications (OWASP-aligned)

  • Reconnaissance and attack-surface mapping
  • Security misconfiguration
  • Injection (SQL, command, template and related)
  • Authentication and session management
  • Broken access control

Engagement tiers

Choose the depth that fits your needs. White Hat is free, so you can see exactly how we work before spending a cent.

Tier Price What it does Risk
White Hat FREE Passive recon & DNS/email security scan, read-only Minimal
Grey Hat On request Active probing & vulnerability scanning, no exploitation Moderate
Black Hat On request Full exploitation, staged with safety gates High (authorised only)
Guided Security Test On request Full remediation & hardening to pass standard, 7-day support Managed
Ongoing Protection On request Continuous monitoring & weekly scans Minimal
Enterprise Shield On request Full hardware + software suite, weekly testing Managed

Run a free check

Pick an area, enter your domain, email address or website, and get an instant on-screen report. All checks are passive and non-invasive — no scanning of your servers.

Email security

SPF, DMARC, MTA-STS and DNSSEC — the records that stop criminals spoofing your email.

Web security

HTTPS, TLS version and the security headers (HSTS, CSP, clickjacking & MIME protection).

SEO & performance

Technical SEO (titles, meta, structured data) and page load weight & speed.

Want the deeper version — live mail-delivery + DKIM + blacklists, or a full Lighthouse audit, or an authorised penetration test? Get in touch and we’ll scope it under written authorisation.