The attack you can survive.
Let's scope
your engagement.
Tell us what you're shipping and what keeps you up at night. Every intake is treated as confidential, and a 0block engineer responds within one business day.
Request a quote
Encrypted intake received
A 0block engineer will respond within one business day. For an active critical finding, escalate directly to disclosure@0block.org.
What
happens next.
No black boxes. From the moment your intake lands, here is exactly how the engagement runs — six steps, ending in a free verified retest.
Scoping call
A 0block engineer responds within one business day to map targets, threat model, and constraints.
SOW & rules of engagement
Fixed scope, timeline, and price in a signed statement of work with written rules of engagement and authorization.
Kickoff & access
Credentials, environments, and points of contact confirmed. We align on safe-testing windows before a single packet flies.
Testing
Hands-on offensive testing against the agreed scope. Critical findings are flagged to you within 24 hours — never held for the report.
Read-out & report
A technical report plus an executive read-out: reproducible findings, ranked risk, and prioritized remediation.
Free verified retest
Once you've remediated, we re-test the findings at no extra cost and confirm each fix actually holds.
What to
prepare.
Have these ready before the scoping call and we'll quote faster — but don't wait on them to reach out. We'll fill the gaps together.
Targets & scope
Domains, IP ranges, repos, apps, contracts, or hardware. What's in — and what's explicitly out.
Environments
Where we test — production, staging, or a dedicated test env — and any data-handling sensitivities.
Timing windows
Blackout dates, change freezes, and any off-hours windows for high-impact testing.
Points of contact
A technical lead and an escalation contact reachable during the engagement for critical-finding alerts.
Compliance drivers
Any audit you're testing against — SOC 2, PCI DSS, HIPAA, or MiCA — so the report maps to your controls.
Prior reports
Earlier pentest or audit findings, if any. Not required — it just helps us avoid re-walking old ground.
Three
offices.
Canadian-headquartered, founded in 2020. Operating across Waterloo, London, and Calgary — remote-first delivery, on-site when the engagement calls for it.
Waterloo, ON
305 King St W, Suite 400Waterloo, ON N2J 2L9
Canada
Mon–Fri 09:00–18:00 ET · 24/7 for active-engagement clients
London, ON
255 Queens Ave, Suite 1100London, ON N6A 5R8
Canada
Mon–Fri 09:00–18:00 ET · 24/7 for active-engagement clients
Calgary, AB
421 7th Ave SW, Suite 1500Calgary, AB T2P 4K9
Canada
Mon–Fri 09:00–17:00 MT · 24/7 for active-engagement clients
Secure contact
Secure email
secure@0block.orgPGP encryption available — wrap anything sensitive to the fingerprint below.
PGP fingerprint
1308 F3CD 8A84 6F97 7817 B39C F975 019B 912B CA1E
Signal available on request for time-sensitive coordination.
Responsible disclosure
disclosure@0block.orgCoordinated disclosure, every time. We do not condone unauthorized access.
security.txt
0block.org/.well-known/security.txtOur machine-readable contact & policy, per RFC 9116.
How fast
we move.
Every intake gets a human response — and a scoping quote — within one business day.
Critical issues are flagged to your contacts within 24h of discovery during a live engagement.
Mark the intake form URGENT in your message for immediate escalation to an on-call engineer. For an active critical finding, email disclosure@0block.org directly.
Contact
FAQ.
The questions we field most before an engagement starts. Don't see yours? Put it in the intake form.
Do you sign NDAs?
Yes — always, and before any scoping detail changes hands. We'll sign your mutual NDA or provide ours, and every engagement runs under a signed statement of work with explicit written authorization. Findings, credentials, and client identity stay confidential.
Do you do incident response or emergencies?
We focus on offensive testing rather than full DFIR retainers, but we triage active breaches fast. If you're mid-incident, mark the intake form URGENT or email disclosure@0block.org — an on-call engineer escalates immediately and can stand up emergency testing or advise alongside your responders.
Do you work with startups or only enterprise?
Both. We scope tightly so a seed-stage team can afford a single high-value test, and we scale up to continuous, full-scope programs for enterprise. Tell us the budget and the risk — we'll recommend the right starting point rather than overselling scope.
Remote or on-site?
Remote-first — the vast majority of testing is delivered securely from our Waterloo, London, and Calgary teams. On-site is available across Canada and beyond when the engagement requires it: physical red-team, hardware work, or air-gapped environments.
How is pricing structured?
Fixed-fee per engagement, quoted up front from the agreed scope — no surprise hourly overruns. Continuous / PTaaS programs run on a monthly retainer with unlimited retests. Every fixed-scope engagement includes a free verified retest. You'll have the number within one business day of scoping.
Pick a
starting point.
Mention a tier in your message, or just describe the problem — we'll recommend the right scope. Every tier ends with a free retest.
Tactical
One application, network, or contract. Fast turnaround when you need a single thing tested right.
Get a quoteComprehensive
Full-scope across web, infra, and identity, with threat modeling and an executive readout.
Get a quoteRed Team
Adversary simulation with optional physical and social-engineering scope.
Get a quoteContinuous
Retainer-based PTaaS, unlimited retests, and a live findings dashboard.
Get a quote