Results

Result-proven cybersecurity

Anyone can promise security. We publish ours. These are real, verifiable findings — fixed in production systems and credited in public vulnerability databases.

Credentials

Certified to international standards

OSCP OffSec

Lead Pen Test Professional PECB

ISO/IEC 27001 Senior Lead Auditor PECB

Certified Information Systems Auditor ISACA

Red Team Operations Clarified Security

Critical Information Infrastructure Protection NATO CCDCOE

Web Applications Attack & Defence NATO CCDCOE

IT Systems Attack & Defense CybExer

Cybercrime CEPOL

Cyber Bite: Darkweb CEPOL

OSINT — Cryptocurrencies CEPOL

Security Awareness: Privileged Accounts SANS

Critical

Command injection fixed in Estonia’s national eID software

DigiDoc4 — Estonia’s official eID signing client

DigiDoc4’s file-manager integration built shell commands by pasting filenames straight into a command line. A file named with shell metacharacters would run arbitrary code the instant a citizen right-clicked it to sign or encrypt — no prompt, no warning. On a client used daily for legally-binding signatures across an entire country, that is as serious as it gets.

OS command injection (CWE-78) Read the write-up

How we’d test yours

High CVE-2024-28996 · CVSS 7.5

SWQL injection in SolarWinds Platform

SolarWinds Platform (≤ 2024.1 SR 1)

A query-language injection flaw let an attacker manipulate backend database queries in one of the most widely deployed IT-monitoring platforms in the world. Discovered while pen-testing for the NATO Communications and Information Agency.

SQL / SWQL injection (CWE-89) View on NVD

How we’d test yours

Medium CVE-2023-22107 · CVSS 6.1

Cross-site flaw in Oracle Enterprise Command Center

Oracle E-Business Suite — ECC Framework

An unauthenticated attacker could gain unauthorized read and update access to data across the framework and connected Oracle products. Fixed in Oracle’s October 2023 Critical Patch Update.

Cross-site / UI components (CWE-79) View on NVD

How we’d test yours

High

SQL injection exposing customer data, disclosed responsibly

International company (responsibly anonymized)

An open SQL injection potentially exposed a company’s customer data. It was reported under responsible-disclosure principles and fixed promptly. CERT.LV has publicly acknowledged our founder’s repeated contributions to securing Latvian internet space.

SQL injection About CERT.LV

How we’d test yours

threat-finder — open-source runtime CVE scanner

OffSeq open-source toolset

A runtime vulnerability scanner that finds CVEs in the services actually running on a host and ranks them by real network exposure — part of the public toolset we build and use in engagements.

Research & tooling View on GitHub

How we’d test yours

Book a consultation

support@offseq.com · +371 2256 5353

Get in touch +371 2256 5353