Real engagements, real outcomes
Anonymized projects from real client work. Every finding, every fix, documented. Client names and domains are kept confidential.
Active Ransomware Response, Full Server Rebuild & Hardening on Alibaba ECS (Mainland China)
Walked into a live multi-payload compromise on a mainland-China Alibaba ECS instance hosting two .cn brand sites. Contained the intrusion, preserved evidence, salvaged the customer databases the ransomware missed, and rebuilt the production stack from scratch with cPanel, hardened Apache, and Let's Encrypt. Engagement still in progress.
Cloudflare WAF Redesign & Cache Recovery for a High-Traffic News Site
Replaced a blunt 'I'm Under Attack' mode that challenged 680,000 real readers with targeted rules, and recovered cache hit rate to 71%.
Cloudflare DNS, WAF, SSL, DDoS & Zero Trust Access for WordPress
Configured Cloudflare end-to-end on a WordPress site, locked wp-admin behind email-verified Zero Trust Access, and repaired DNS records broken during migration.
Magento 2 Cloudflare WAF & Bot Protection Audit and Implementation
Rebuilt a leaky Cloudflare WAF across 7 zones, shut down active Magento CVE exploitation attempts, and cut bot traffic 70%.
Multi-Site WordPress Malware Cleanup & Hardening on Shared Hosting
Removed 383 malware files across 7 domains, broke a year-long reinfection chain, and hardened the entire cPanel account.
IIS 8.0 Memory Disclosure & Cloudflare WAF Bypass Assessment
Exploited a critical IIS 8.0 HTTP.sys memory disclosure and proved full Cloudflare WAF bypass via exposed origin IPs.
Responsible Disclosure: Public S3 Bucket Leaking Patient PHI at a Hospital Group
Discovered a publicly accessible healthcare S3 bucket exposing test reports, billing data, and personal information of patients, employees, and doctors. Delivered a full responsible-disclosure report as a professional courtesy.
Have a similar situation? Get a free scoping call.
Contact us