NewAI Security Practice — securing the AI systems your business now depends on.
Illumant logo — Security assessments & compliance
( Featured Service · 01 / 05 )Since 1999 · 800+ clients· Perimeter Security Assessment

Find the weaknesses in your perimeter before hackers do.

External pen testing that finds what scanners miss. Meets PCI pen testing and compliance requirements too.

Explore PSA Get a Quote

Featured offerings

Compliance

Need to satisfy an auditor?

PCI, HIPAA, SOC, NERC CIP, CJIS, OCIE — built for the regs you actually face.

See compliance

Pen Testing

Need a pen test?

External, internal, web app, wireless, social engineering — pick the surface.

Find a test

Catalog

Assessment overview

21 assessment services across 6 categories — browse the full menu.

Browse assessments

Firm

About Illumant

Founded 1999. 800+ clients. Boutique senior team. Real CVE research.

About us 
> exploit/windows/local/cve-2019-8452
[*] Started reverse handler on 10.0.0.42:4444
[*] Triggering symlink race in vsmon.exe...
[+] SYSTEM shell obtained.
C:\WINDOWS\system32> whoami
nt authority\system
C:\WINDOWS\system32>
CVE-2019-8452 · PoCIllumant Labs

Zero-Day · Disclosed by Illumant

Local privilege escalation in CheckPoint ZoneAlarm.

Illumant researchers discovered and responsibly disclosed a 0-day in CheckPoint's ZoneAlarm endpoint product — a symlink race in the vsmon service that let any local user escalate to NT AUTHORITY\SYSTEM. CheckPoint patched it as CVE-2019-8452.

Boutique firms don't usually publish CVEs. We do. Real research is what makes our pen testers sharper than the firm down the street running someone else's scanner.

See our adversary-style pen tests Read the disclosure

Trusted by 800+ organizations

A few of our clients.

Illumant clients
Illumant clients
Illumant clients

Illumant helps organizations navigate the security and threat landscape.

Delivering confidence in all aspects of information security through assessment and penetration testing.

Contact Us

Why Illumant

Four things you'll only get from a real boutique security firm.

#1

We're the best

We're not just making this up. Our clients tell us we're the best pen-testing firm they've worked with. And we have some great clients.

#2

Awesome deliverables

Reports auditors recognize and executives can act on. Prioritized findings, reproducible evidence, and remediation guidance — not a 200-page Nessus dump.

Request a sample
#3

Zero-days

Our researchers find and disclose real CVEs — like CVE-2019-8452 in CheckPoint ZoneAlarm. Boutique firms don't usually publish 0-days. We do.

See our research
#4

Friendly, expert hackers

Senior testers — no rotating juniors, no offshore hand-offs. They explain what they found, why it matters, and how to fix it without making your team feel small.

Meet the team

Catalog

21 assessments. 5 compliance practices. 4 verticals.

View all assessments →

PSA

Perimeter Security Assessment & Penetration Testing

BVEA

Blind Visibility and Exposure Analysis

DDOS

Distributed Denial of Service Assessment

O365SA

Office 365 Security Assessment

WSA

Wireless Security Assessment

WASA

Web Application Security Assessment

CloudSA

Cloud Security Assessment

CASA

Critical Asset Security Assessment

New practice

Your AI is already deployed. Is it secure?

Visit our dedicated AI Security Practice — built around the OWASP LLM Top 10 and the new OWASP Agentic Top 10.

Explore AI Security →

25+

Years of practice

800+

Clients served

21

Assessment offerings

7

Compliance practices