Incident Response
When something's already inside, the clock is the enemy. We contain the threat, reconstruct exactly what happened, and get you operating again — with evidence preserved and defensible for legal, insurance, and regulators.
Incident response, ransomware negotiation, and offensive security from senior hands who've done the work under fire. Evidence-first, honest about what we know, and building the tools we fight with.
From the worst day of your year to the assessment that stops it happening. One senior team, across defense and offense.
When something's already inside, the clock is the enemy. We contain the threat, reconstruct exactly what happened, and get you operating again — with evidence preserved and defensible for legal, insurance, and regulators.
A calm, experienced hand on the other side of the chat. We profile the actor, manage communications, buy your recovery team time, and advise the decision — sanctions-aware and grounded in what actually gets data back.
AWS, Azure, GCP, M365, Workspace. We follow the identity and the API trail through control-plane logs to establish access, persistence, and exfiltration — in environments where there's no disk to image.
Find what's exploitable before someone else does. Authenticated and unauthenticated assessment across external, internal, and cloud surfaces — prioritized by real attack paths, not a raw scanner dump.
AD and Entra ID are where breaches escalate. We map the paths from a foothold to domain dominance — Kerberos abuse, delegation, ACL chains, tiering failures — and hand you the fixes that close them.
Adversary emulation and full-scope penetration testing. We operate the way real intrusion sets do, then translate findings into detections and hardening your defenders can actually act on.
Slash Zero Security is a boutique cybersecurity firm. When you engage us, you work directly with the person doing the work — someone who has run real incidents, negotiated with real threat actors, and sat in the room when a business had to decide what to do next.
The name is the ethic. Slash zero — cut the noise, keep the signal. We'd rather tell you plainly that we don't know something yet than hand you a false all-clear. In our world, an honest UNANALYZED beats a comfortable, wrong CLEAN every time.
We also build the tools we fight with — including SZIN, our malware-analysis and threat-intelligence platform, and Anomalocaris, our DFIR collection agent. That means our tradecraft isn't rented from a vendor stack; it's ours, and it improves with every engagement.
How we handle your worst day — and everything before it.
Every action is defensible. We preserve, document, and reconstruct so findings hold up for counsel, carriers, and regulators.
No fabricated verdicts, no theater. If the answer is "we don't know yet," you'll hear that — and what we're doing to find out.
The operator scoping your engagement is the operator running it. No handoff to a rotating bench of juniors.
Not a raw scanner dump. Prioritized attack paths, real fixes, and detections your team can deploy the same week.
If you're mid-incident, don't fill out a form. Use the incident line — we triage active engagements ahead of everything else.