miguellopes.net

What It Is

miguellopes.net is the personal consulting website of security researcher Miguel Lopes, focused on “Offensive Defense Services.” It is not a standardized SaaS security product; instead, it provides capabilities such as vulnerability assessment, penetration testing, client-side attack testing, service monitoring, application analysis, and malware analysis through consulting and project-based delivery for businesses and organizations.

Core Capabilities and Scope

In terms of protection coverage, its offering is fairly comprehensive: vulnerability assessments are used to identify, quantify, and prioritize weaknesses; penetration testing simulates internal and external attacks to validate security mechanisms and detection systems; client-side attack testing covers user-facing attack vectors such as email and malicious documents; and malware analysis is aimed at handling targeted attack samples. As for deployment, the site does not mention agents, a platform, or cloud-based products, so the work appears to be conducted as project-based assessments. Service monitoring can include building custom monitoring solutions for clients and alerting internal teams before issues escalate. On compliance, the consultant says he has participated in ISO 2700-series and SOC 2 implementations, and notes that monitoring is one of the requirements of ISO 27001, but the website does not claim any certification of its own.

Pricing and Service Delivery

Pricing information is limited. The site only describes vulnerability assessment as an “affordable first step,” with no packages, project timelines, report templates, SLAs, or details on onsite versus remote delivery. Buyers will need to make contact to confirm the scope, testing boundaries, authorization process, deliverables, and any follow-up retesting arrangements.

Pros and Cons

The main advantage is the consultant’s strong background. The site mentions experience in reverse engineering, penetration testing for financial institutions, application security for banks and central banks, and black-box testing in the automotive industry. Its security philosophy also emphasizes continuous processes and monitoring rather than relying on one-off tools. The drawbacks are the limited transparency typical of an individual consultant model and the lack of commercial details. Project capacity, long-term support, response times, and localization capabilities cannot be determined from the site content.

Who It’s For

This is better suited to SMEs, financial organizations, or technology companies that already have some security awareness and want customized offensive and defensive assessments. It can also serve as an external assessment resource for organizations in the early stages of building a security strategy. If you need large-scale managed security operations, a 7x24 SOC, or complex compliance audits, a team-based service provider may be a better fit.

Access from China, Payment, and Alternatives

The site does not state how accessible it is from China, nor does it disclose payment methods. If cross-border communication, contracting, or payment becomes an obstacle, Chinese users can compare it with domestic providers such as Qi An Xin, Venustech, NSFOCUS, DBAPPSecurity, and Chaitin Tech. For high-end international penetration testing services, NCC Group, Bishop Fox, and Trail of Bits are also worth considering.