INFRASTRUCTURE AUDITING & ENGINEERING

WE
BUILD AUDIT PROTECT BUILD

SYSTEMS

Security engineering and red team tooling, built from scratch. We write the software that breaks in so you can lock it down.

Who We Are

The best defense comes from understanding the offense. We don't resell off-the-shelf products or run automated scans and call it a day. Every tool in our arsenal is developed in-house, every network is designed from the ground up, and every engagement is tailored to the threat landscape you actually face.

Custom red team software. Hardened infrastructure. Penetration testing with real operator tradecraft. Our security engineering is rooted in offensive research — tools and techniques built by people who understand how attacks actually unfold, not how vendors say they do.

View our capabilities

CAPABILITIES

01

Security Software

C2 frameworks, evasive loaders, credential recovery, process injection — built from scratch in Rust and C. Our tools are designed to operate in contested environments where commercial solutions get caught. We build for red teams that need to stay ahead of modern EDR. See our arsenal.

02

Secure Networks

Firewalls, segmentation, VPNs, monitoring — designed and managed end-to-end for small and mid-sized businesses. We handle the full lifecycle from initial architecture through day-to-day operations. You run the business, we keep the infrastructure locked down.

03

Security Operations

Hands-on penetration testing, vulnerability assessments, and physical security evaluations — no automated scan reports. We use the same tools and techniques as real threat actors, then deliver actionable remediation so you know exactly what to fix and why. Get in touch to scope an engagement.

ARSENAL

LOADERS & STAGERS

01
iCaLoader
Evasive shellcode loader that bypasses 95% of EDR solutions. Built for stealth-first operator deployment.
02
TUL
Totally Undetected Loader. Shellcode execution via stack spoofing & ALPC for clean call stacks and minimal forensic footprint.
03
PHANTOMJIT
Shellcode loader using JIT compiled delegates for execution. Dynamic code generation eliminates static signatures.
04
CICADA
Position independent Windows shellcode stager with sleep obfuscation and remote HTTPS staging. Minimal footprint, maximum flexibility.

PAYLOAD & PACKING

05
FRITTER
Complete rewrite of donut. 100% polymorphic output. 6-stage execution pipeline with sliding window decryption and full cleanup.
06
SSB
Custom manual PE mapping compression utility. UPX-style packing with manual mapping for reduced detection surface.

ACCESS & IMPLANTS

07
JINX C2
Full Rust C2 framework with indirect syscalls, sleep encryption, return address spoofing, and zero static imports. BOF/COFF execution, .NET assembly loading, WTH injection, lateral movement, and named pipe pivoting. Hardened teamserver with anti-replay, IP blacklisting, and cover identity.
08
VZORVAT HVNC
100% novel HVNC with browser & system shell render support. Accepts any regular VNC client — no custom viewer required.
09
HOSTLESS
Implant that installs an isolated & persistent backdoor inside a small Hyper-V virtual machine with the Windows filesystem mounted to it.

CREDENTIAL RECOVERY

10
DETEGO
Credential recovery suite with built-in exfiltration. Evasive by design — never touches browser files directly.
11
2040
Custom RP2040 firmware for BadUSB credential recovery. Combines Fritter, iCaLoader, and Detego into a single hardware payload.

*Many details & features not listed. Contact us for more information.

Start a project with Icalia

Penetration test, custom tooling, or managed infrastructure — every engagement starts with a conversation. Tell us what you are up against and we will figure out the right approach together.

Start a project