About Us

This one was different. Instead of a set path, you’re thrown into two APIs and expected to exploit them. No hand-holding. No rigid structure. Just you, the API, and your ability to discover, enumerate, and exploit.
The OWASP API Top 10 was a huge part of this. But knowing the list isn’t enough—you have to apply it in real-world scenarios.
Good challenge. Good learning. APIs aren’t going anywhere, so let’s keep breaking (and securing) them.

I just passed The SecOps Group mobile pentest (Android) exam!!! The test lasts a maximum of 4 hours with 14 flags to be submitted on the platform! It is necessary to have knowledge in reverse engineering, root bypass techniques, sslpinning and similar, it requires intermediate/advanced knowledge and includes knowledge in instrumentation with frida, objection and tools commonly used in mobile pentest! I want to thank The SecOps Group for the opportunity!!!

As a cybersecurity professional who has recently completed the certification program in pentesting offered by secops, I can confidently say that it was an excellent experience. The program is comprehensive and up-to-date with the latest trends and techniques in pentesting, making it a valuable investment for anyone looking to enhance their skills and knowledge in this field.

I was really impressed with the exam. The 4 hour long, practical (ctf-style), online exam thoroughly tested me on common LLM vulnerabilities. The labs were carefully designed and the challenges mimicked real world scenarios. From direct/in-direct prompt injection test cases to the RAG poisoning challenge, it had a bit of everything. Including bypassing system prompt firewalls of a 𝘋𝘐𝘍𝘍𝘐𝘊𝘜𝘓𝘛 degree.

The challenges were really cool at first, I started solving some quickly, but then it got difficult and I ended up speeding up to try to rest, but 7 hours of testing are enough to solve them all! In total there are 10 questions and each one has a greater weight than the other, so if you are going to dedicate yourself at the beginning, focus on the ones that have more weight in the score, something I didn't do at the beginning. Well, if you want to prepare yourself beforehand, do some labs from portswigger labs, basic explorations in AWS, API exploration and evasion techniques in web explorations (SSRF, XSS, SQL Injection, etc.) That's it, again I congratulate The SecOps Group, you are certainly at my top as companies I recommend for certification and your innovative model.