Skip to content
Red Team · Controlled offense

We think like attackers to protect you like allies.

LOTOSOFT Security helps Mexican SMBs find and close security gaps before real attackers do.

Request assessmentView services

Pentesting · Phishing simulation · Code review · Training

Approach
Real offense
Reports
Actionable
Follow-up
Retest included

Why choose us

Three principles that set us apart from checklist audits.

  • Real offense, not checklists

    We replicate real-world attacker TTPs (based on MITRE ATT&CK). We don't just run a scanner and hand you the PDF.

  • Reports you can act on

    Every finding includes proof of concept, business impact, and specific remediation steps. Your tech team knows exactly what to do on Monday.

  • We don't leave you alone

    Closing session with your team, remediation retest included, and monthly engagement available to monitor your attack surface.

01 / Servicios

Services

Offensive operations, continuous monitoring, and training.

Offensive operations

  • Basic web pentest

    One site, black-box mode. Identifies the most common critical vulnerabilities (OWASP Top 10).

  • Full web pentest

    Up to 3 systems, gray-box mode. Authenticated tests, business logic, privilege escalation.

  • White-box audit

    Full access to code and architecture. Deep analysis, threat modeling, strategic recommendations.

  • Phishing simulation

    Controlled campaign to measure and train your team against real social engineering attacks.

  • Source code audit

    Manual review + static analysis tools to catch vulnerabilities before they reach production.

Continuous monitoring

  • ASM retainer

    Continuous monitoring of your external attack surface. Alerts when exposed assets change or appear.

  • Monthly phishing retainer

    Recurring campaigns to keep your team trained and measure improvements month over month.

  • Full VIP retainer

    Monitoring + phishing + consulting hours. For companies that need an ongoing security partner.

Training & consulting

  • Employee training

    3-hour workshop, up to 20 people. Security awareness, passwords, phishing and best practices.

  • Hourly consulting

    Targeted advice without project commitment: architecture review, technical questions, second opinion.

  • Remediation retest

    We validate that previous findings have been correctly fixed before closing the cycle.

For a custom quote, fill the form or schedule a 15-minute call.

02 / Metodología

Methodology

Four phases that ensure every finding gets closed, not just reported.

  1. 01

    Reconnaissance

    Attack surface mapping, service enumeration, technology fingerprinting and entry vector identification.

  2. 02

    Exploitation

    Controlled testing following real TTPs (MITRE ATT&CK, OWASP). We validate impact, not just detection.

  3. 03

    Reporting

    Document with executive summary, technical findings, proof of concept and prioritized remediation plan.

  4. 04

    Remediation + Retest

    Closing session with your team and validation that fixes effectively close each vulnerability.

03 / Nosotros

About LOTOSOFT

An offensive cybersecurity agency focused on Mexican SMBs that big consultancies tend to ignore.

Founded by Jared López Toledo, LOTOSOFT was born from the conviction that professional offensive security should be accessible to companies of any size. We work with ethical commitment, technical transparency, and a focus on measurable results.

Commitments

  • Operational ethics

    We operate with written authorization, defined scope, and absolute respect for client data.

  • Technical transparency

    We explain every finding in terms that both the technical team and business can understand.

  • Continuous learning

    Constant investment in certifications, labs, and the offensive security community.

04 / Contacto

Request an assessment

Tell us about your case and we'll respond within 24 business hours. Initial assessment at no cost.

Other channels