Private Program

Brief highlights from our largest disclosed pen test and notes on private, NDA-bound engagements.

LMCTPlus.com Pen Test (Disclosed)

During an engagement against LMCTPlus.com, we identified insecure access controls on several API endpoints. These weaknesses allowed retrieval of data that should have been restricted to internal systems.

Exposed personally identifiable information for giveaway winners, including name, email, and phone number.
Access to additional non-user operational data gated only by obscurity, without proper authorization checks.

No NDA was executed for this assessment, and we are able to disclose these high-level details. All findings were responsibly reported.

Private Engagements Under NDA

We have conducted multiple private penetration tests under strict NDAs. While outcomes informed platform improvements and best practices, specific targets, methods, and results cannot be disclosed.

For inquiries about our private program, please reach out through your existing channels.