I run dmk.sh as a single-person consultancy out of Budapest. My clients are mostly compliance-driven or proactive-security buyers in the financial, energy, and industrial sectors. I work directly: no outsourcing, no offshoring, no junior I send in my place.
Over eighteen years across application, network, ICS/SCADA, and physical engagements, I have come to think of pentesting less as a sport and more as a craft of careful description. The report is the product; the engagement is how you earn the right to write it.
What I take on
- Web and mobile application security assessments aligned to OWASP/PTES.
- Internal and external network testing, OSSTMM-aligned.
- Goal-based red and purple team exercises, with or without your blue team in the loop.
- ICS/SCADA assessments where I have a credible operations-side counterpart.
- Hardware and physical engagements where the scope is clearly bounded.
How I work
Engagements start with a written PtA and a clear stop-condition. Findings are delivered as a draft first; we run a revision pass with the engineering team before the report goes to stakeholders. Critical findings are reported as soon as they are confirmed.