We find the hole before the hacker does.
We don't hand over an 80-page PDF. We fix what's broken. You end up with an actually secure system, not a labelled one.
Strong password.
Crack time: 567 986 669 469 billion years · quantum
- 12+ characters
- Mixed charset
- Not a dictionary word
Demo: Shannon entropy ÷ 10¹¹ h/s · production: pentest, threat model, IR playbook.
What we solve
- You don't know where your system is exposed
- Passwords and API keys kept in the wrong places
- No plan for when you do get hit
- An audit is coming and the company isn't ready
What we ship
- Risk map: what's dangerous, what's not
- Pentest findings · actually fixed, not just flagged
- Proper password and key management
- Incident plan and team training for the worst case
What you get
Website and system review
Simulated attack to see what gives way
Safe password and access management
A plan for when something does happen
How we work on this
The same risk-reducing rhythm on every project · each step has a measurable deliverable.
- 0101 / 04
Recon + threat model
We map the attack surface: public endpoints, internal services, supply chain, human.
- 0202 / 04
Manual pentest
OWASP Top 10 + business-logic-specific. Not just running tools · hand-hunted risks.
- 0303 / 04
Remediation PRs
Every finding gets a fix PR, or if we don't have commit access, a concrete patch proposal with repro test.
- 0404 / 04
Compliance pack
SOC2 / ISO27001 readiness kit: policies, runbooks, audit-evidence templates, training.
Common questions
What most people ask · answered before you have to.
We don't hand over a PDF. We open issues for findings, write fix PRs for the critical ones with reproduction tests. Tickets close in CI only when the test is green.
Yes, at readiness-kit level. Policies, runbooks, evidence templates. The certifying audit is done by the auditor; we do the prep.
Vault / KMS + rotation policy, zero-hardcode. Scan the codebase (trufflehog / semgrep) and gate pushes in CI.
Yes · combined with the Blockchain service. Echidna + foundry fuzz, Slither + Mythril, manual review.
Fixed-price from €4,000 for a scoped web or API test, more for a full-stack or LLM-inclusive engagement. You get the number up front · a security audit shouldn't run on a surprise hourly bill.
Two weeks for the standard audit · attack phase, fix-PRs and a written report by the end of week two. Larger scopes run 3-6 weeks with the same fortnightly checkpoint.
Yes. We ship a NIS2 readiness pack: risk register, 24/72-hour incident-reporting flow, supplier-security review, and the evidence trail an auditor expects · mapped onto whatever framework you already run.
Shipped work
202601 / 04AI solutions · Cybersecurity · Websites, web apps & online shopsUse AI Easily is a Hungarian AI firm: they build AI systems, run AI-security audits, consult and teach workshops. They're the first in Hungary offering dedicated AI-security · we built the site.
what we shipped- AI firm's services + about site
- Workshop and course catalogue
- Contact and booking in one flow
what we usedNext.jsTypeScript
202602 / 04Cybersecurity · AI solutions · Custom softwarePhisGuard generates realistic phishing campaigns automatically · Claude drafts emails based on the company name, context, and current news, the Gophish (Go) engine delivers them, the Fastify backend tracks clicks and credential entry, and pushes the victim into a 5-minute targeted micro-training on click. NIS2 compliance and employee awareness in one loop.
what we shipped- AI-generated campaigns · a different scenario per employee, grounded in company context
- Gophish-based engine · stable Go engine for delivery, landing pages, credential capture
- Real-time tracking · who clicked, who entered credentials, who caught it
what we usedTypeScriptFastifyPostgreSQLAnthropicGoGophish
202603 / 04AI solutions · Cybersecurity · Custom softwareBefore an AI agent calls a tool (send_email, execute_sql, transfer_funds), MCP Security intercepts. A secondary AI model classifies the intent of the call, matches it against a policy, allows or blocks · logs everything for audit. Drop-in in front of any MCP-compatible agent stack.
what we shipped- Intent analyser · separate model decides what the call is trying to do
- Policy engine · YAML-based allow/deny rules
- Full audit log · every call, decision, rationale preserved
what we usedPythonFastAPIOpenAIAnthropicLangChain
202504 / 04CybersecurityPoC exploiting the PaperCut MF/NG authentication-bypass flaw (CVSS 9.8). The SetupCompleted page skips auth, and the Print Scripting console runs arbitrary code from there · our script chains both and drops a Windows SYSTEM-level reverse shell on the attacker machine. Full end-to-end demo: recon, payload, shell.
what we shipped- Exploits PaperCut MF/NG below 20.1.7 / 21.2.11 / 22.0.9
- Python PoC · 1 HTTP POST to bypass, 1 to run code
- SYSTEM / root reverse shell back to the attacker box
what we usedPythonrequestsPaperCut MF/NGNetcat
Cybersecurity, city by city
Budapest-based studio · we deliver to the cities and regions below, remote-first with on-site on request.
Let's get started.
Send an email or book a 30-minute call.
More services