Sympathy for evil, the nature of our game.


Section9Labs is a startup based in Seattle, WA. Its founders have more than 10+ years in the field, having performed penetration testing, social engineering, web application testing, source code audits, mobile penetration tests, and designed custom security solutions for many of the Fortune 100 corporations as well as other software development, telecommunications, financial services, and professional services. S9L aims at a new kind of Information Security consulting passionate about providing the latest techniques and threats mimicking real world attackers in order to truly secure systems. Team info


Section9Labs offers several world-class comprehensive security consulting services with a deep commitment in delivering the best services to customers. We specialize in security services such as vulnerability management, source code audits, network, web application and mobile penetration test, specialized APT style penetration tests, software and device reserve engineering, among others. Our consultants, have an extensive background in each of these areas, having consulted or directly worked with Fortune 500 companies across every industry allowing us to bring the best expertise and advice to each and every client.

Advance Persistent Test.

In today'ss world, cyber-attacks come in at levels never seen before and from agents as big as goverment-sponsored teams. Measuring the organization's security posture against these types of threats has become key to fully understand the real risks against advance Social Engineering, Wireless, physical and network attacks, among many other threats. info

Network Penetration Test.

Internal and External Network level security testing is a must have component in infosec for both security and compliance reasons. Using the latest methodologies and attack-vectors our team measures the thread exposure of your network. info

Web Application Pentest.

The web is the business platform of the first part of the 21st century. Companies have large precense online ranging from web portal displaying sensitive information all the way to highly sophisticated services such as social networks. In any case,it is important for these companies keep applications secure against known and unknown security vulnerabilities. info

Vulnerability Scans.

The first line of defense for corporations is to constantly run vulnerability scans against their network and it is also the first things attackers are doing for anything that has a link to the internet. At S9L we use a set of multiple standard vulnerability scans and custom developed tools that help us identify vulnerabilities and reduce the amount of false positives. info

Source Code Review.

Companies depend on their code for almost everything. Developers are constantly creating new and innovated code for which every single line could be prone to a security issue. Source code reviews are an integral part of any mature SDCL and a third-party review is key to get a fresh pair of eyes making sure the code is secure and up-to-standards. info

Reverse Engineering.

Our global specialized team will take any binary, software, malware, hardware or embedded devices and it will reverse engineer it in order to find vulnerabilities, explois and other issues. info

Physical Pentest.

Even though we are on the internet age, attackers still rely on physical insecurity in order to gain access to compromise personal and corporate equipment. info

Social Engineering.

Hackers are always looking to attack the weakest link in your organization in order to gain access and social engineering is one of the oldest, but most successful attack vector to take advantage of the "human factor". info

Embedded/hardware Hacking

Embedded devices are present in pretty much anything and everything we use, ranging from kiosks, celphones, card-readers, cars, sensitive infrastructure, energy plants and houses. Hacking and security vulnerabilities do not only affect software. There are plenty of embedded sytems and hardware that could possibly be vulnerable to even more sensitive vulnerabilities that a web application might have. info

Mobile Penetration Test

Technology is shifting to a fully mobile world, where we do everything from chatting to banking; because of this attackers are taking advantage of security vulnerabilities in this area. Mobile Application Security and employees' mobile device security should be at the top of the list of every CSO. info