INFRASTRUCTURE AUDITING & ENGINEERING

WE
BUILD AUDIT BREAK PROTECT BUILD

SYSTEMS

Security engineering and red team tooling, built in-house by skilled people with a passion for cybersecurity.

Who We Are

Every tool in our arsenal is developed in-house, every network is designed from the ground up, and every engagement is tailored to the threat landscape you actually face.

Custom red team software. Hardened infrastructure. Penetration testing. Our security engineering is rooted in offensive research. We offer tools and techniques built by people who understand how offensive operations actually work, not how vendors say they do.

View our capabilities

The best defense comes from understanding the offense.

CAPABILITIES

01

Security Software

C2 frameworks, evasive loaders, credential recovery, process injection. All built in-house. Our tools are designed to operate in contested environments where commercial solutions won't cut it. See our arsenal.

02

Secure Networks

Firewalls, segmentation, VPNs, monitoring. Designed and managed end-to-end for small and mid-sized businesses. We handle the full lifecycle from initial architecture through daily operations. You run the business, we keep the infrastructure monitored and locked down.

03

Security Operations

Hands-on penetration testing, vulnerability assessments, and physical security evaluations. Zero automated scan reports. We use the same techniques as real threat actors, then deliver remediation recommendations so you know exactly what to fix and why. Get in touch to prepare an engagement.

ARSENAL

LOADERS & STAGERS

01
IcaLoader
Evasive shellcode loader that bypasses 95% of EDR solutions. Built for stealth-first operator deployment.
02
S.T.U.L
Spoofed Totally Undetected Loader. Shellcode execution via stack spoofing & ALPC for clean call stacks and minimal forensic footprint.
03
Phantom-JIT
Shellcode loader using JIT compiled delegates for execution. Dynamic code generation eliminates static signatures.
04
CICADA
Position independent Windows shellcode stager with sleep obfuscation and remote HTTPS staging. Minimal footprint, maximum flexibility.

PAYLOAD & PACKING

05
FRITTER
Complete rewrite of donut. 100% polymorphic output. 6-stage execution pipeline with sliding window decryption and full cleanup.
06
SSB
Custom manual PE mapping compression utility. UPX-style packing with manual mapping for reduced detection surface.
07
CUCKOO
Win64 call-stack spoofing that hides the consumer module from a thread's reconstructed call tree without modifying DLL memory. Descends from SilentMoonwalk; reaches the same zero-EXE-frame goal through a different primitive to avoid fragile gadgets.

ACCESS & IMPLANTS

08
JINX C2
Full Rust C2 framework with indirect syscalls, sleep encryption, return address spoofing, and zero static imports. BOF/COFF execution, .NET assembly loading, WTH injection, lateral movement, and named pipe pivoting. Hardened teamserver with anti-replay, IP blacklisting, and cover identity.
09
VZORVAT HVNC
100% novel HVNC with browser & system shell render support.
10
HOSTLESS
Implant that installs an isolated & persistent backdoor inside a small Hyper-V virtual machine with the Windows filesystem mounted to it.

CREDENTIAL RECOVERY

11
DETEGO
Credential recovery suite with built-in exfiltration. Evasive by design, never touches browser files directly.
12
2040
Custom RP2040 firmware for BadUSB credential recovery. Combines Fritter, IcaLoader, and Detego into a single hardware payload.

*Many details & features not listed. Contact us for more information.

Start a project with Icalia

Penetration test, custom tooling, or managed infrastructure — every engagement starts with a conversation. Tell us what you are up against and we will figure out the right approach together.

Start a project