Offensive Security Services

We've centralized the world's top talent in advanced persistent threat simulations, PoS and NFC payment systems, BASE24, ATMs, IoT, and ICS to ensure that we can serve as an ally to you in your most complicated problems.

Someone working on a laptop
Ocelot Logo

Ocelot, is the leading Offensive Security team in Latin America. This elite team of researchers represents the best of the best, partnered together to transform cybersecurity in the region. Ocelot threat intelligence, research and offensive skills power Metabase Q's solutions.

Our Services

Unparalleled Experience

Our team has seen it all. We've held critical roles in Red Teams, Blue Teams, APT monitoring, malware and exploit analysis, and deciphering cybercriminal techniques, tactics and procedures.

Recognized authorities

Our researchers have been speakers in the most important conferences worldwide such as REcon Canada, Defcon, and Blackhat USA. They are co-authors of security books such as "Show me the e-money" and others

International Talent

Our team is made up of world-class researchers committed to bringing the best security from around the world to Latin America.

Penetration Testing

We created a team of top security researchers that are book authors, speakers at Defcon, BlackHat and RECon with proved successful experience to offer you the most comprehensive penetration testing with actionable results.

APT Simulation

In our advanced persistent threat (APT) simulation, we offer a real simulation of attacks from real criminals worldwide to gain a clear perspective of your team's and security products' detection and response times in the different levels of your network as well as the procedures and people involved. We use real attack techniques, tactics, and procedures certified by MITRE ATT&CK. We're the only ones in Latin America who develop their own attack framework. We're not just running some third-party tools, we're building them.

Someone using a desktop computerSomeone working on a laptop

Digital Payments Solutions

We are experts on MST, the new Samsung Pay technology, and more complex relay attacks on NFC.

Services offered include:

  • Digital Payments training programs.
  • NFC and EMV Security Assessments.

BASE24 Security Assessments & Solutions

We are the world’s leading experts in BASE24 and TAL code review. Our leading-edge systems vulnerability detection is the first on the market.

  • BASE24 Secure Code Review: We developed the first guide of safe code and scanner for bug detection.
  • PCI Validation: We check for possible violations of PCI DSS standards.
  • ACI Fixed Gap Analysis: We identify the critical safety fixes that your organization should have installed.
  • Fixes Implementation: Our team of experts in TAL, will give you the ideal fix recommendation, develop it, and implement it.
Somone programming on an ipadSomeone debugging code
Someone using an ATMPeople analyzing data

ATM Penetration Testing & Security Solutions

Our state-of-the-art ATM laboratory is the first of it's kind. We enable companies to improve their ATM cybersecurity programs rapidly and effectively. In our laboratory, we offer various customized services based on your needs and your fleet models.

Services offered include:

  • ATM attack simulation and security controls gap analysis.
  • Forensic analysis.
  • ATM cybersecurity training.
  • We create custom ATM malware to replicate techniques of Ploutus, Ripper, Tyupkin, etc making as realistic a test as you can get.

IoT Penetration Testing

Get your device secure before getting it to the market. We perform penetration testing on IoT devices before they begin production to identify vulnerabilities at:

  • Hardware: Dumping sensitive content like Flash memory, Boot loader, etc via JTAG, SPI or I2C interfaces. USB Attacks to get unauthorized access during firmware/music updates, as well as shell protection bypass from UART interfaces.
  • Firmware: Finding bugs by doing reverse engineering of the binaries or assessing the protection of sensitive data like encryption keys, cardholder data, Personally Identifiable information (PII) stored in the device.
  • Software: Secure Code Review assessment to spot vulnerabilities at the application layer that could help an attacker to compromise the device.
  • Signal: Over-the-Air type evaluation to identify vulnerabilities in different network stacks
A PCB with exposed wiringPeople using computers
Machinery in a modern factoryA machine on a production line

ICS Solutions

We offer a proactive and responsive approach to comprehensively understand your specific ICS cybersecurity environment, mitigate risks, and respond to threats with confidence.
Our specialized practice combines technology and people to offer the following services:

  • Architecture Review: evaluate your existing security program.
  • Managed Threat Hunting: augment your staff with our ICS expert analysts.
  • ICS/OT Training: intensive hands-on learning.
  • Incident Response: rapid on- and offsite support.

Case Studies


We'd love to hear from you

Let's talk

Send us your information and a brief summary of what you're looking for and our experts will start working with you right away to get you the cybersecurity you deserve.

Thank you! One of our experts has been assigned to your case and will be in contact shortly.
Oops! Something went wrong while submitting the form. Please try again.