michaelis labs

Mauritius · Offensive Security · 2026

We find what scanners miss

Real-world penetration testing across web, API, network, Active Directory, and mobile environments. We emulate real attackers to identify exploitable weaknesses before they become breaches — with actionable reporting aligned to OWASP and CREST methodologies.

OWASPAligned
CRESTStandards
ManualTesting only
Web · APINetwork · Active Directory
Request an Assessment
View Services
Michaelis Labs
Secure code review · Find your vulnerabilities Web · API · Active Directory · Mobile · External · Wi-Fi · Cloud ·Align with CVSS & OWASP ·BurpSuite · CrackMapExec · Impacket · Kali Linux · White-Box · Black-Box · Grey-Box · Assumed Breach Web · API · Active Directory · Mobile · External · Wi-Fi · Cloud ·Align with CVSS & OWASP ·BurpSuite · CrackMapExec · Impacket · Kali Linux ·

Turned a forgotten API key buried in JavaScript source code into a full breach of financial records — a critical finding automated tools had never flagged.

Web App · API Assessment

Mapped an entire external infrastructure, chaining passive reconnaissance into credential access and ultimately production data compromise — zero prior knowledge, black-box engagement.

External Pentest · Recon Chain

Leverage misconfigurations within Active Directory to establish persistence as domain administrator evading detection.

Internal Network · Active Directory

What we do

Assessments that reflect how attackers actually operate

Four focused engagements. Each is manual, methodical, and scoped to your environment. Delivered in line with OWASP and CREST standards.

01 ——

Internal Penetration Test

Assumed breach scenario simulating an attacker inside your network. We escalate privileges, move laterally, and reach your crown jewels using real Active Directory attack chains.

Assumed Breach Kerberoasting NTLM Relay Shadow Credentials Impacket
02 ——

External Penetration Test

Full attack surface mapping from zero knowledge — including shadow asset and subdomain discovery. We chain reconnaissance into credential access and lateral movement.

Black Box OSINT Attack Surface Mapping CREST Aligned
03 ——

Web Application Pentest

OWASP-aligned deep manual testing covering IDOR, data exposure, injection, business logic flaws, and auth bypasses. No scanner runs dressed up as a pentest.

OWASP Aligned IDOR Logic Flaws BurpSuite eWPTXv2 Certified
04 ——

API Security Assessment

REST and GraphQL API testing for broken authentication, excessive data exposure, mass assignment, and misconfigured endpoints — including undocumented routes.

REST · GraphQL Auth Bypass Mass Assignment Postman

Credentials & training

Backed by industry-recognized certifications and continuous adversary-focused training.

Because continuous training is essential to staying ahead of evolving attack techniques and modern threat landscapes.

GPEN GSEC CPSA eWPTXv2 eMAPT Hack The Box PortSwigger PentesterLab

Ready to find your gaps?

Start with a free scoping call

We will understand your environment, identify the right engagement type, and provide a clearly scoped proposal. No commitment required.

contact@michaelislabs.com
View Services
📍 Beau-Bassin, Mauritius 📞 +230 57505480 🔗 Hack The Box 🔗 GitHub