Skip to content
SecLab Indonesia

Our work

Proven across high-stakes environments.

Since 2011 our team has helped organizations in Indonesia's most demanding, heavily-regulated sectors — banking, telecommunications, government and energy — withstand real adversaries.

Recognition

Distinctions, quietly earned.

National recognition

A national "Attack & Defense" competition with BSSN

The only cyber security company in Indonesia to create and run a national-level Attack & Defense competition together with Badan Siber dan Sandi Negara (BSSN).

OffSec learning partner

Indonesia's only OffSec learning partner

The only Offensive Security (OffSec) learning partner in the country — our trainers are officially OffSec-certified.

Officially listed

Listed Security Testing Provider (ASPI)

Officially registered as a Security Testing Provider, recognized for penetration testing, vulnerability assessment and red teaming.

Ref. Sek.ASPI/STT/061/IX/2024

Proven at scale

Telecom-scale adversary simulation

Experience running large-scale adversary-simulation exercises for one of Indonesia's largest telecommunications providers.

Capabilities

What we do at the sharp end.

Red teaming

Full-scope, blended, stealthy adversary simulation following MITRE ATT&CK® — including custom beacon hardware that calls back to our command-and-control.

Penetration testing

Two services in one — autonomous testing for continuous coverage, and manual testing by OffSec-certified experts across web, API, network, cloud, wireless and IoT.

Cyber Patrol

Continuous, offensive security operations — attack-surface monitoring, threat discovery and controlled exploitation that measure real, exploitable risk.

Secure code review

Static and manual source-code review against the OWASP Top 10 and business-logic flaws, across many languages.

Human development

Hands-on technical training from OffSec-certified trainers that builds competent security teams.

Security Testing Suite

One platform to centrally manage vulnerability assessment, autonomous penetration testing and Cyber Patrol — unified visibility and continuous validation.

Sector experience

Trusted in regulated, high-stakes sectors.

Out of respect for our clients' confidentiality, the work below is described by sector rather than by name.

Banking & finance

Multi-year security testing and red-team adversary simulation for banks and financial institutions.

Telecommunications

Large-scale IT security testing and adversary simulation for a major national telecom provider.

Government & public sector

External security testing for public-sector digital services (SPBE) and national institutions.

Energy & oil and gas

Penetration testing across sensitive operational environments where safety and uptime are paramount.

Certifications

A deeply certified team.

Our team holds 90+ professional certifications across offensive security, application security and management.

OSCP certification badge

OSCP

OffSec Certified Professional

OSWE certification badge

OSWE

OffSec Web Expert

OSEP certification badge

OSEP

OffSec Experienced Pentester

OSCE certification badge

OSCE

Offensive Security Certified Expert

Burp Suite Certified Practitioner badge

Burp Suite

Certified Practitioner

CRTP certification badge

CRTP

Certified Red Team Professional

eWPT certification badge

eWPT

Web App Pentester

eWPTX certification badge

eWPTX

Web App Pentester eXtreme

eMAPT certification badge

eMAPT

Mobile App Pentester

CISSP certification badge

CISSP

Information Systems Security Professional

CISM certification badge

CISM

Information Security Manager

PMP certification badge

PMP

Project Management Professional

Industry recognition

Presenters at Black Hat.

Our research reaches the Black Hat stage. At Black Hat Asia 2025 Arsenal our team presented Foundpy — an open-source, Foundry-like interface for interacting with Ethereum applications in Python — and team members have spoken in the Black Hat MEA Briefings. What we develop in the field goes straight back to the global security community.

Black Hat Asia 2025 · Arsenal

Foundpy

An open-source, Foundry-like interface for interacting with Ethereum applications in Python — presented by our team member Bill Elim.

Black Hat MEA 2024 · Briefings

Deep Dive into LNK File Abuses

A Briefings talk presented in Riyadh by our senior pentest team lead, Isfa Hany.

Research

Research that feeds the field.

Our continuous research in offensive security, reverse engineering and tooling feeds directly back into our engagements and training. We publish openly and take part in the international security community.

Visit research.seclab.id ↗

By the numbers

A track record built since 2011.

0+
Years (since 2011)
0+
Team certifications
OffSec Learning Partner
The only one in Indonesia

Culture

Rooted in the community.

Competitive CTF play, a bug-bounty mindset and open knowledge-sharing are core to how our team grows and stays sharp. We learn in public, hunt for the non-obvious, and bring everything we discover back into the work we do for clients — so the people defending your environment are the same people pushing the edge of the field.

Discuss an engagement.

Whether you need an adversary-grade red team, continuous assessment, a secure code review or a team that can train your own — let's talk about what high-stakes looks like for you.

Get in touch