We offer premium independent security assessment services that's tailored to meet the requirements of each project we undertake.
We offer premium product security assessment, assumed breach simulation, and applied research services.
For each project, we understand the goals, scope, and priorities, then tailor the end-to-end engagement to meet delivery requirements.
Use the tabs above to read a summary about each service and the technologies that we cover. For inquiries, please click here.
We specialise in white-box security assessments of products at all layers of the technology stack, providing customers a collaborative, code-assisted, and threat-driven approach to security assessments.
This service helps organisations identify vulnerabilities and weaknesses, gain insights into software security maturity, and iteratively evolve security assurance practices to fortify products against likely threats.
If you are responsible for product security and seeking a thorough assessment with tangible outcomes, please contact us.
Our assumed breach service is a scenario driven simulation using the Tactics Techniques and Procedures (TTPs) of modern threat actors leveraging compromised applications, systems, or users.
This service helps organisations prioritise their security roadmap and engineering efforts to incrementally mature security controls and incident response readiness.
If you are responsible for infrastructure security and interested in assumed breach testing, please contact us.
Our applied research service provides customers with independent, technical third-party expertise related to vulnerability research and security engineering.
This service helps organisations understand and respond to relevant security threats and weaknesses in supply chain dependencies and emerging technologies.
If you're responsible for projects with nuanced security requirements that requires deep expertise, please contact us.
We have extensive experience assessing a range of technologies, from applications down to low-level firmware. Our team has skill-sets at different layers, languages, and system types, so we're versatile at tackling multi-component systems.
By seeing such a wide variety of technologies in the field, it allows us to continuously evolve our internal processes, research new trends, and bring useful insight for identifying weaknesses and providing guidance.
Examples of the types of technologies we cover include:
Modern web frameworks & languages, enterprise web applications, thick-clients, and mobile applications.
Environments built on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Client/server applications and libraries down to OS kernels and drivers, hypervisors and firmware.
Devices ranging from consumer Internet of Things (IOT) through to specialised security hardware.
elttam are very professional and efficient in their approach to work.
They work hard to understand their customers requirements and always
They are also highly skilled and experts in their field.
elttam were excellent at communicating with both technical and non-technical members of our team before, during and after the engagement. Their presence was felt as an extension of the team rather than external auditors, which made for a great working relationship.
Depth of knowledge, professionalism and dedication to getting a great outcome on this test. Also, the reporting quality and post testing artefacts (scripts/configurations used) were all excellent and handed over/explained very well to the team.
Founded in 2015, elttam was created with the mission to provide independent high-quality technical security services. Today, our team works closely with dozens of customers across numerous sectors and geographic regions that trust us to help protect their most important assets.
As technology continues to evolve and intertwine in our lives, we aim to keep on the forefront to manage security and privacy threats of key technologies we all use and depend on. We do this via an agile way of operating that ensures our work aligns with our values, while also prioritising our teams well-being.
We perform research and development to stay on top of industry trends and investigate technologies and novel problems observed in the field.
We always have an eye out for folks who identify with what we do and our ethos, and believe they may have something to contribute to our team.
We're looking for a senior level security consultant to join our team who specialises in software security. This person will have a solid background in technical security assessments, with experience performing code auditing to find security flaws. Read more.
We work with companies who share our values and care about improving their security. You will have a lot of independence and be a part of a flexible work environment with exposure to a diverse range of technologies in a variety of industries. We place a strong focus on self-development, collaboration, and well-being of our team, and foster a supportive workplace to learn and grow.
We grow our team organically and every new joiner is important to us. We're up for a casual chat with any folks who follow the process below so we can learn more about each other and see if there's a fit and suitable role, in which we'd kick-off a technical interview process.
If you're an Australian citizen or have a suitable work visa and would like a friendly chat about potential opportunities, please complete a level of your choice at libctf.so and e-mail firstname.lastname@example.org with a solution write-up and CV.