THREAT INTELLIGENCE DIVISION — EST. 2019
Sovereign Intelligence.
Offensive Security.
Noctis Research operates at the intersection of adversarial simulation, zero-day research, and agentic defense. We don't monitor threats — we anticipate them.
SHELL
3,840+
CVEs CATALOGUED
98%
DETECTION RATE
14ms
RESPONSE TIME
0day
IN-HOUSE RESEARCH
LIVE INTEL
CVE-2025-4471 CRITICAL — Remote code exec in OpenSSL 3.x
APT-41 campaign detected — EAST ASIA financial sector
Noctis zero-day: kernel privilege escalation [PATCHED]
BGP hijack attempt blocked — AS 1234 NEUTRALISED
CVE-2025-3901 HIGH — SSRF in popular API gateway
Ransomware C2 infrastructure taken down — 14 nodes
Supply chain attack in npm package event-stream-x
CVE-2025-4471 CRITICAL — Remote code exec in OpenSSL 3.x
APT-41 campaign detected — EAST ASIA financial sector
Noctis zero-day: kernel privilege escalation [PATCHED]
BGP hijack attempt blocked — AS 1234 NEUTRALISED
CVE-2025-3901 HIGH — SSRF in popular API gateway
Ransomware C2 infrastructure taken down — 14 nodes
Supply chain attack in npm package event-stream-x
// 01
Capability Matrix
MODULE_01
Automated Exploitation
Autonomous exploit generation leveraging LLM-assisted vulnerability chaining and memory-corruption primitives against hardened targets.
COVERAGE: CVE, CAPEC, ATT&CK
MODULE_02
Deep Network Forensics
Full-packet capture with ML-based protocol dissection, C2 beacon detection, and encrypted traffic analysis at line rate.
THROUGHPUT: 100Gbps
MODULE_03
Agentic Defense Systems
Self-healing network perimeters driven by reinforcement-learning agents that adapt rule sets in real time to evolving adversary TTPs.
RESPONSE: < 14ms
MODULE_04
Threat Attribution Engine
Graph-based threat actor attribution using TTPs, infrastructure pivots, and geopolitical OSINT correlation across 140 monitored APT groups.
CLUSTERS: 140 APT groups
MODULE_05
Supply Chain Integrity
Cryptographic provenance tracking across software supply chains with real-time SBOM analysis and dependency confusion detection.
PACKAGES: 12M+ tracked
MODULE_06
Dark Web Intelligence
Continuous monitoring of onion services, paste sites, and encrypted forums for credential leaks, exploit sales, and pre-breach signals.
SOURCES: 4,200+ nodes
// 02
Engagement Protocol
PHASE_01
Threat Scoping
NDA execution, target environment definition, rules of engagement, legal clearance, and threat model construction.
›
PHASE_02
Passive Reconnaissance
OSINT collection, DNS enumeration, ASN mapping, supply chain graph construction — zero footprint on target.
›
PHASE_03
Active Exploitation
Stealth scanning, vulnerability chaining, privilege escalation, lateral movement, and C2 establishment.
›
PHASE_04
Persistence & Exfil Sim
Implant deployment, data exfiltration simulation, detection evasion validation, and dwell-time measurement.
›
PHASE_05
Debrief & Remediation
Encrypted report delivery, executive briefing, remediation roadmap, and optional re-test validation.
// 03
Live Vulnerability Scan
// 04
Declassified Engagements
OP-2024-041
Critical Infrastructure Red Team — European Energy Sector
Full-scope adversarial simulation against OT/SCADA networks for a classified EU energy operator. Achieved domain admin via Kerberoasting within 6 hours. Zero detection by incumbent SOC.
0 / 72h
DETECTIONS / DWELL
● CLOSED
OP-2024-067
Zero-Day Discovery — Tier-1 API Gateway (CVE-2024-NNNN)
Remote code execution vulnerability identified in a widely deployed enterprise API gateway affecting 14,000+ installations globally. Coordinated disclosure with vendor under 90-day embargo.
14,000+
INSTALLS AFFECTED
● CLOSED
OP-2025-003
Supply Chain Compromise — Financial Sector npm Package
Identified malicious dependency confusion attack targeting internal packages at a Tier-1 investment bank. Attacker had 11-day dwell time pre-discovery. Full forensic reconstruction delivered.
11 days
ATTACKER DWELL TIME
● CLOSED
OP-2025-019
Nation-State Attribution — APT Campaign Against Defence Contractor
Intelligence cell deployed to attribute ongoing intrusion campaign. TTPs matched to known APT-29 cluster with 94% confidence using graph-based infrastructure pivoting and geopolitical OSINT.
94%
ATTRIBUTION CONFIDENCE
● ONGOING
OP-2025-███
[ DETAILS REDACTED — CLASSIFIED SOVEREIGN ENGAGEMENT ]
Nature, scope, and findings of this engagement are classified under bilateral intelligence-sharing agreement. Available to cleared Enterprise clients on request.
███████
REDACTED
■ REDACTED
// 05
Operator Roster
👁
0xVAULT
LEAD — OFFENSIVE RESEARCH
SC CLEARED
15 years adversarial simulation. Former GCHQ, specialising in memory corruption, kernel exploitation, and zero-day development.
CVEs AUTHORED: 38
⚡
WRAITH_SIX
PRINCIPAL — NETWORK FORENSICS
TS/SCI
Full-packet capture and protocol reverse-engineering. Published researcher on C2 beacon detection and encrypted traffic fingerprinting.
CVEs AUTHORED: 14
🔬
CIPHER_NULL
SENIOR — MALWARE ANALYSIS
DV CLEARED
Reverse engineering of nation-state implants. Authored Noctis YARA ruleset. Prior deployment analysing Turla and Lazarus Group toolchains.
CVEs AUTHORED: 9
🛰
SPECTER_IO
SENIOR — THREAT INTELLIGENCE
SC CLEARED
APT tracking and infrastructure attribution. Maintains Noctis graph database of 140+ monitored threat clusters and 4,200+ dark web sources.
CVEs AUTHORED: 6
🔑
REDPILL_7
ENGINEER — AGENTIC SYSTEMS
BPSS
Architect of Noctis autonomous defense platform. Reinforcement-learning systems for adaptive firewall rule generation and real-time TTP detection.
CVEs AUTHORED: 3
🤖
DARKNODE_Ω
ANALYST — SUPPLY CHAIN
SC CLEARED
SBOM analysis and dependency graph construction across 12M+ tracked packages. Specialist in typosquatting, dependency confusion, and CI/CD poisoning.
CVEs AUTHORED: 11
🌐
KRONOS_X
OPERATOR — RED TEAM
DV CLEARED
Physical and digital combined-arms operations. Social engineering, RFID cloning, and insider threat simulation. 60+ red team engagements delivered.
CVEs AUTHORED: 5
🔒
[ REDACTED ]
CLASSIFIED ROLE
TS/SCI + SAP
Identity and specialisation withheld under operational security protocol. Available to Enterprise sovereign clients only.
CVEs AUTHORED: ███
// 06
Access Tiers
TIER_01
Pro
$
2,400
/ OPERATOR / MONTH — BILLED ANNUALLY
- Full CVE database access — 3,840+ signatures
- Automated vulnerability scanning (5 targets)
- Real-time threat intelligence feed
- Dark web credential monitoring
- Monthly threat report — PDF + JSON export
- API access — 50,000 req/month
- Email & Signal support — 48h SLA
- Red team operations
- Zero-day advisory access
- Dedicated analyst
PGP-SIGNED LICENCE · 30-DAY EVAL ON REQUEST
TIER_02
Business
MOST SELECTED
$
8,900
/ OPERATOR / MONTH — BILLED ANNUALLY
- Everything in Pro
- Unlimited target scanning — stealth mode
- Supply chain integrity monitoring — 12M+ packages
- Threat attribution engine — 140 APT groups
- Weekly briefings — analyst-narrated
- API access — 500,000 req/month + webhooks
- Agentic defense integration — API-driven
- Red team scoping sessions — 2/quarter
- Priority support — 8h SLA — Signal & secure onion
- Zero-day advisory access
INCLUDES ONBOARDING · NDA REQUIRED · SEAT-BASED LICENSING
TIER_03
Enterprise
CLASSIFIED
/ CUSTOM RETAINER — CONTACT FOR SCOPING
- Everything in Business
- Dedicated sovereign intelligence cell
- Full red team operations — unlimited engagements
- Zero-day advisory — pre-disclosure access
- Custom exploit development & weaponisation
- Air-gapped deployment option available
- 24/7 incident response retainer
- Quarterly adversary simulation — C-suite briefing
- Regulatory compliance mapping — DORA, NIS2, SOC2
- Unlimited API — on-prem or private cloud
SOVEREIGN CLIENTS · CLEARED PERSONNEL ONLY · NDA + VETTING
// 07
Secure Channel
Classified engagements, retainer agreements, and zero-day disclosures are handled through encrypted communications only. PGP key available on keyserver.
// PGP FINGERPRINT
A1B2 C3D4 E5F6 7890 1234 5678 9ABC DEF0
// SECURE ONION
noctis7xyzresearch.onion
// SIGNAL
Available on request
FIELD REQUIRED — VALID EMAIL NEEDED
MESSAGE REQUIRED — MINIMUM 10 CHARS
ISO 27001 ALIGNED
DORA COMPLIANT
NIS2 READY
SOC2 TYPE II
GDPR ARTICLE 32
CVD POLICY ACTIVE
E2E PGP ENCRYPTED