World-Class Research

Ocelot, is the leading Offensive Security team in Latin America. This elite team of researchers represents the best of the best, partnered together to transform cybersecurity in the region. Ocelot threat intelligence, research and offensive skills power Metabase Q's solutions.

Someone working on a laptop
Ocelot Logo

Unparalleled Experience

Our team has seen it all. We've held critical roles in Red Teams, Blue Teams, APT monitoring, malware and exploit analysis, and deciphering cybercriminal techniques, tactics and procedures.

Recognized authorities

Our researchers have been speakers in the most important conferences worldwide such as REcon Canada, Defcon, and Blackhat USA. They are co-authors of security books such as "Show me the e-money" and others

International Talent

Our team is made up of world-class researchers committed to bringing the best security from around the world to Latin America.

Our Services

Secure Typing

Penetration Testing

We created a team of top security researchers that are book authors, speakers at Defcon, BlackHat and RECon with proved successful experience to offer you the most comprehensive penetration testing with actionable results.

REQUEST A CONSULTATION
Multiple monitors with code

APT Simulation

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved.

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved. We use real attack techniques, tactics, and procedures certified by MITRE ATT&CK. We're the only ones in Latin America who develop their own attack framework. We're not just running some third-party tools, we're building them.

Our offering includes

  • Spear Phishing + Social Engineering: Dridex, Emotet, etc
  • Ransomware-as-a-Service: Ryuk, Darkside, Revil, etc
  • Lateral Movement Techniques: WMI, Powershell, Pass-the-token, DLL/DICOM, etc
  • Data Exfiltration Techniques: DNS, TCP, LOLBINS, ICMP, HTTP, etc
REQUEST A CONSULTATION
Somone buying stuff online

Digital PaymentSolutions

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

Services offered include:

  • Digital Payments training programs.
  • NFC and EMV Security Assessments.
REQUEST A CONSULTATION
Code on a monitor

BASE24 Security Assessments &Solutions

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

  • BASE24 Secure Code Review: We developed the first guide of safe code and scanner for bug detection.
  • PCI Validation: We check for possible violations of PCI DSS standards.
  • ACI Fixed Gap Analysis: We identify the critical safety fixes that your organization should have installed.
  • Fixes Implementation: Our team of experts in TAL, will give you the ideal fix recommendation, develop it, and implement it.
REQUEST A CONSULTATION
Someone using an ATM

ATM Penetration Testing & Security Solutions

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Services offered include:

  • ATM attack simulation and security controls gap analysis.
  • Forensic analysis.
  • ATM cybersecurity training.
  • We create custom ATM malware to replicate techniques of Ploutus, Ripper, Tyupkin, etc making as realistic a test as you can get.
More details
REQUEST A CONSULTATION
A person using a VR headset

IoT/PoS Penetration

Testing

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify their vulnerabilities.

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify vulnerabilities at:

  • Hardware: Anti-tamper, USB stack, JTAG/UART/SPI/I2C, Firmware dumping, Bootloader attacks
  • Mobile Client (Android/iOS: In-depth PoS SDK analysis to interact/attack PoS Firmware: Remote Reboot, Shutdown, Bricking, Memory leaks, Firmware updates, etc.
  • Bluetooth/BLE: HCI, L2cap, SPP, ACL level attacks, MiTM to alter payments at realtime
  • NFC: Relay, Replay, Protocol-level (APDU, etc) attacks, Transaction limit bypass, Payway (VISA), PayPass (Mastercard), ExpressPay (AMEX) attacks
  • PoS Firmware: Reverse Enginering third-party libraries, Secure Code Review of vendor’s code.
REQUEST A CONSULTATION
A machine on a production line

ICS Solutions

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.
Our specialized practice combines technology and people to offer the following services:

  • Architecture Review: evaluate your existing security program.
  • Managed Threat Hunting: augment your staff with our ICS expert analysts.
  • ICS/OT Training: intensive hands-on learning.
  • Incident Response: rapid on- and offsite support.
REQUEST A CONSULTATION
Get in Contact

We'd love to talk

1

Scope Definition

Our experts quickly determine the best scope of action and plan for your security needs.
2

Quality Baseline Assessment

Get a clear and concise cost estimate to launch an initial assessment.
3

Roadmap Definition

Our teams work with yours to build a custom roadmap depending on your needs, budget and constraints.