INFRASTRUCTURE AUDITING & ENGINEERING

WE
BUILD AUDIT PROTECT BUILD

SYSTEMS

Security engineering and red team tooling, built from scratch.

Who We Are

We understand the best defense comes from understanding the offense. Every tool in our arsenal is developed in-house, every network is designed from the ground up, and every engagement is tailored to the threat landscape you actually face.

Custom red team software. Hardened infrastructure. Penetration testing with real operator tradecraft. Our security engineering is rooted in offensive research. We offer tools and techniques built by people who understand how attacks actually work, not how vendors say they do.

View our capabilities

CAPABILITIES

01

Security Software

C2 frameworks, evasive loaders, credential recovery, process injection. All built from scratch. Our tools are designed to operate in contested environments where commercial solutions get caught. See our arsenal.

02

Secure Networks

Firewalls, segmentation, VPNs, monitoring. Designed and managed end-to-end for small and mid-sized businesses. We handle the full lifecycle from initial architecture through daily operations. You run the business, we keep the infrastructure locked down.

03

Security Operations

Hands-on penetration testing, vulnerability assessments, and physical security evaluations. Zero automated scan reports. We use the same tools and techniques as real threat actors, then deliver remediation recommendations so you know exactly what to fix and why. Get in touch to prepare an engagement.

ARSENAL

LOADERS & STAGERS

01
ICA-LOADER
Evasive shellcode loader that bypasses 95% of EDR solutions. Built for stealth-first operator deployment.
02
S.T.U.L
Spoofed Totally Undetected Loader. Shellcode execution via stack spoofing & ALPC for clean call stacks and minimal forensic footprint.
03
PHANTOMJIT
Shellcode loader using JIT compiled delegates for execution. Dynamic code generation eliminates static signatures.
04
CICADA
Position independent Windows shellcode stager with sleep obfuscation and remote HTTPS staging. Minimal footprint, maximum flexibility.

PAYLOAD & PACKING

05
FRITTER
Complete rewrite of donut. 100% polymorphic output. 6-stage execution pipeline with sliding window decryption and full cleanup.
06
SSB
Custom manual PE mapping compression utility. UPX-style packing with manual mapping for reduced detection surface.

ACCESS & IMPLANTS

07
JINX C2
Full Rust C2 framework with indirect syscalls, sleep encryption, return address spoofing, and zero static imports. BOF/COFF execution, .NET assembly loading, WTH injection, lateral movement, and named pipe pivoting. Hardened teamserver with anti-replay, IP blacklisting, and cover identity.
08
VZORVAT HVNC
100% novel HVNC with browser & system shell render support.
09
HOSTLESS
Implant that installs an isolated & persistent backdoor inside a small Hyper-V virtual machine with the Windows filesystem mounted to it.

CREDENTIAL RECOVERY

10
DETEGO
Credential recovery suite with built-in exfiltration. Evasive by design, never touches browser files directly.
11
2040
Custom RP2040 firmware for BadUSB credential recovery. Combines Fritter, iCaLoader, and Detego into a single hardware payload.

*Many details & features not listed. Contact us for more information.

Start a project with Icalia

Penetration test, custom tooling, or managed infrastructure — every engagement starts with a conversation. Tell us what you are up against and we will figure out the right approach together.

Start a project