Cyber defense & offense · Est. 2019

The operators you call
when it's already inside.

Incident response, ransomware negotiation, and offensive security from senior hands who've done the work under fire. Evidence-first, honest about what we know, and building the tools we fight with.

Capabilities

Full-spectrum security operations

From the worst day of your year to the assessment that stops it happening. One senior team, across defense and offense.

01

Incident Response

When something's already inside, the clock is the enemy. We contain the threat, reconstruct exactly what happened, and get you operating again — with evidence preserved and defensible for legal, insurance, and regulators.

DFIRContainmentForensics
02

Ransomware Negotiation

A calm, experienced hand on the other side of the chat. We profile the actor, manage communications, buy your recovery team time, and advise the decision — sanctions-aware and grounded in what actually gets data back.

ExtortionOFAC-awareRecovery
03

Cloud Investigations

AWS, Azure, GCP, M365, Workspace. We follow the identity and the API trail through control-plane logs to establish access, persistence, and exfiltration — in environments where there's no disk to image.

M365CloudTrailIdentity
04

Vulnerability Assessments

Find what's exploitable before someone else does. Authenticated and unauthenticated assessment across external, internal, and cloud surfaces — prioritized by real attack paths, not a raw scanner dump.

ExternalInternalCloud
05

Active Directory Testing

AD and Entra ID are where breaches escalate. We map the paths from a foothold to domain dominance — Kerberos abuse, delegation, ACL chains, tiering failures — and hand you the fixes that close them.

KerberosEntra IDTiering
06

Offensive Security

Adversary emulation and full-scope penetration testing. We operate the way real intrusion sets do, then translate findings into detections and hardening your defenders can actually act on.

PentestRed teamPurple
Who we are

Built by operators,
not a sales bench.

Slash Zero Security is a boutique cybersecurity firm. When you engage us, you work directly with the person doing the work — someone who has run real incidents, negotiated with real threat actors, and sat in the room when a business had to decide what to do next.

The name is the ethic. Slash zero — cut the noise, keep the signal. We'd rather tell you plainly that we don't know something yet than hand you a false all-clear. In our world, an honest UNANALYZED beats a comfortable, wrong CLEAN every time.

We also build the tools we fight with — including SZIN, our malware-analysis and threat-intelligence platform, and Anomalocaris, our DFIR collection agent. That means our tradecraft isn't rented from a vendor stack; it's ours, and it improves with every engagement.

Legal EntitySlash Zero Security LLC
FormedAug 2019
JurisdictionDelaware, USA
ModelSenior-led · boutique
PostureDefense + offense
ToolingIn-house / SZIN
How we work

Principles that hold under pressure

How we handle your worst day — and everything before it.

/0

Evidence first

Every action is defensible. We preserve, document, and reconstruct so findings hold up for counsel, carriers, and regulators.

/0

Honest over convenient

No fabricated verdicts, no theater. If the answer is "we don't know yet," you'll hear that — and what we're doing to find out.

/0

Senior on the keyboard

The operator scoping your engagement is the operator running it. No handoff to a rotating bench of juniors.

/0

Findings you can act on

Not a raw scanner dump. Prioritized attack paths, real fixes, and detections your team can deploy the same week.

Get in touch

Under attack right now? Reach us first.

If you're mid-incident, don't fill out a form. Use the incident line — we triage active engagements ahead of everything else.