World-Class Research

Metabase Q Offensive Team, is the leading Offensive Security team in Latin America. This elite team of researchers represents the best of the best, partnered together to transform cybersecurity in the region. Ocelot threat intelligence, research and offensive skills power Metabase Q's solutions.

Request a Consultation

World-class Team

Metabase Q Offensive Team, is the leading Offensive Security team in Latin America. This elite team of researchers represents the best of the best, partnered together to transform cybersecurity in the region. Ocelot threat intelligence, research and offensive skills power Metabase Q's solutions.

Unparalleled Experience

Our team has seen it all. We've held critical roles in Red Teams, Blue Teams, APT monitoring, malware and exploit analysis, and deciphering cybercriminal techniques, tactics and procedures.

Recognized authorities

Our researchers have been speakers in the most important conferences worldwide such as REcon Canada, Defcon, and Blackhat USA. They are co-authors of security books such as "Show me the e-money" and others

International Talent

Our team is made up of world-class researchers committed to bringing the best security from around the world to Latin America.

Our Best Sellers Solutions

Threat Intelligence Service

DeepWeb monitoring and visibility of bad actors. Get ahead of new threats not just technology but social atacks, fraud, and brand abuse in cyberspace.

Know more

Arrow pointing right

ATM Penetration testing capabilities

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively.

Know more

Arrow pointing right

ATM Training

Fully offensive and defensive training, unique in the world, addressing the main verticals of ATM attacks and defense strategies.

Know more

Arrow pointing right

Specialized Solutions

APT Simulation

We offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection.

Know more

Arrow pointing right

PoS Penetration testing

No tools, in-depth protocol analysis. NIST, PCI, OWASP based methodology.

Know more

Arrow pointing right

Network Penetration testing

We created a team of top security researchers that are book authors, speakers at Defcon, BlackHat and RECon with proved successful experience.

Know more

Arrow pointing right

BASE24 Security Assessments & Solutions

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

Know more

Arrow pointing right

IoT Penetration Testing

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify their vulnerabilities.

Know more

Arrow pointing right

Our Services

Secure Typing

Penetration Testing

We created a team of top security researchers that are book authors, speakers at Defcon, BlackHat and RECon with proved successful experience to offer you the most comprehensive penetration testing with actionable results.

REQUEST A CONSULTATION
Multiple monitors with code

APT Simulation

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved.

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved. We use real attack techniques, tactics, and procedures certified by MITRE ATT&CK. We're the only ones in Latin America who develop their own attack framework. We're not just running some third-party tools, we're building them.

Our offering includes

  • Spear Phishing + Social Engineering: Dridex, Emotet, etc
  • Ransomware-as-a-Service: Ryuk, Darkside, Revil, etc
  • Lateral Movement Techniques: WMI, Powershell, Pass-the-token, DLL/DICOM, etc
  • Data Exfiltration Techniques: DNS, TCP, LOLBINS, ICMP, HTTP, etc
REQUEST A CONSULTATION
Somone buying stuff online

Digital PaymentSolutions

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

Services offered include:

  • Digital Payments training programs.
  • NFC and EMV Security Assessments.
REQUEST A CONSULTATION
Code on a monitor

BASE24 Security Assessments &Solutions

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

  • BASE24 Secure Code Review: We developed the first guide of safe code and scanner for bug detection.
  • PCI Validation: We check for possible violations of PCI DSS standards.
  • ACI Fixed Gap Analysis: We identify the critical safety fixes that your organization should have installed.
  • Fixes Implementation: Our team of experts in TAL, will give you the ideal fix recommendation, develop it, and implement it.
REQUEST A CONSULTATION
Someone using an ATM

ATM Penetration Testing & Security Solutions

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Services offered include:

  • ATM attack simulation and security controls gap analysis.
  • Forensic analysis.
  • ATM cybersecurity training.
  • We create custom ATM malware to replicate techniques of Ploutus, Ripper, Tyupkin, etc making as realistic a test as you can get.
More details
REQUEST A CONSULTATION
A person using a VR headset

IoT/PoS Penetration

Testing

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify their vulnerabilities.

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify vulnerabilities at:

  • Hardware: Anti-tamper, USB stack, JTAG/UART/SPI/I2C, Firmware dumping, Bootloader attacks
  • Mobile Client (Android/iOS: In-depth PoS SDK analysis to interact/attack PoS Firmware: Remote Reboot, Shutdown, Bricking, Memory leaks, Firmware updates, etc.
  • Bluetooth/BLE: HCI, L2cap, SPP, ACL level attacks, MiTM to alter payments at realtime
  • NFC: Relay, Replay, Protocol-level (APDU, etc) attacks, Transaction limit bypass, Payway (VISA), PayPass (Mastercard), ExpressPay (AMEX) attacks
  • PoS Firmware: Reverse Enginering third-party libraries, Secure Code Review of vendor’s code.
REQUEST A CONSULTATION
A machine on a production line

ICS Solutions

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.
Our specialized practice combines technology and people to offer the following services:

  • Architecture Review: evaluate your existing security program.
  • Managed Threat Hunting: augment your staff with our ICS expert analysts.
  • ICS/OT Training: intensive hands-on learning.
  • Incident Response: rapid on- and offsite support.
REQUEST A CONSULTATION

In-House Research

See all our resources
Get in Contact

Ready to get started?

Whether you've experienced a breach, want to test your cybersecurity maturity or readiness, or transform your cybersecurity program - our team is ready to go.

We’re here to help

Provide us with more information and a member of the Metabase Q team will reach out to you.