About Us
Home > About Us
Offensive Security, Engineered with Precision | Defending What Matters Most
Spakto Cyber Labs is a specialist offensive security and penetration testing firm headquartered in Kolkata, India with operations spanning the EU and Asia-Pacific. We exist for one purpose: to find and exploit security weaknesses in our clients' infrastructure before real-world adversaries do. Our engagements simulate the tactics, techniques, and procedures (TTPs) of advanced persistent threats, giving organisations a ground-truth view of their risk posture.
Our assessment team comprises OSCP, OSCE, and CRTP certified security engineers with deep expertise across network penetration testing, web and mobile application security, cloud infrastructure (AWS, Azure, GCP), Active Directory attack paths, and red team operations. Every engagement is backed by original research — from zero-day discovery and custom exploit development to proprietary tooling that goes beyond off-the-shelf scanners. We operate with full-scope rules of engagement, delivering actionable intelligence that security teams can act on immediately.
Spakto is also at the forefront of AI-augmented security. We integrate large language models into our reconnaissance workflows, leverage RAG-based knowledge bases for rapid threat correlation, and develop AI-assisted fuzzing and exploit generation pipelines. This allows us to operate at a speed and depth that traditional consultancies cannot match — identifying complex attack chains across hybrid environments in a fraction of the time.
By the Numbers
Impact That Speaks for Itself
Real results from real engagements — no inflated metrics, just verified outcomes from our offensive security operations.
Operating Countries
Security Professionals
Engagements Delivered
Critical Vulns Found
Our security journey
Born in 2026 with one obsession — stay ahead of every adversary. We built Spakto to close the gap between theoretical security and real attack readiness. Every tool, every engagement, every line of research moves that mission forward.
Day Zero — Spakto Founded
Spakto Cyber Labs incorporated with a singular mandate: build the most capable offensive security platform for enterprises. Core team assembled — all veterans of red team operations, adversary simulation, and critical infrastructure defence.
BAS Platform Goes Live
Launched Spakto's full Breach & Attack Simulation (BAS) toolset — continuous, automated adversary emulation mapped to MITRE ATT&CK. Enterprises can now validate their defences against real attack chains 24/7, not just once a year.
First Enterprise Clients
Onboarded our first enterprise clients across BFSI and critical infrastructure. Delivered full-scope red team operations, uncovering critical attack paths that had evaded existing controls for years.
The Standard — Global Expansion
Scaling across EU, Asia-Pacific, and the Middle East. Expanding our platform with AI-augmented threat correlation, managed red team services, and the ambition to set the global benchmark for attack-ready enterprises.
Certifications & Compliance
Industry-Recognised Standards
Our delivery processes are aligned with ISO 27001 and SOC 2 Type II standards, ensuring every engagement meets the highest security and compliance benchmarks.
How We Work
Our Engagement Methodology
A proven five-phase approach that delivers actionable results from day one.
Scoping
Define attack surface, objectives, threat model & rules of engagement with stakeholders.
Reconnaissance
AI-augmented OSINT, target enumeration, attack surface mapping & infrastructure fingerprinting.
Exploitation
Manual penetration testing, custom exploit development & complex multi-step attack chain discovery.
Reporting
Detailed findings with CVSS scoring, business-impact prioritisation & executive summary.
Remediation
Hands-on guidance, verification retesting & ongoing advisory support for your security team.
Stay Informed
News & Upcoming Events
Trusted by Leading Organisations Worldwide
We collaborate with top-tier technology vendors and enterprises to deliver comprehensive security assessments.
Transforming Vision into Impact
delivered since 2026
discovered and disclosed
protected across sectors
across 02 countries
in Eastern India
Our Global Reach
Beyond India, Spakto operates across the EU and Asia-Pacific — helping enterprises in financial services, critical infrastructure, and government understand their true exposure. International clients tap into our offensive research capabilities and AI-augmented tooling to gain an attacker's perspective on their most critical systems.
Meet the team behind
Spakto Cyber Labs
We hire exceptional security minds
and give them the autonomy, tools, and challenges
to do career-defining work.
Chandan Mondal
Founder & CEO
Former Red Team lead at Wipro and Ciklum. OSCP-certified offensive security engineer with 8+ years in penetration testing and adversary simulation.
Srijon Marjit
Lead Software Engineer
Full-stack engineer specialising in secure application development, DevSecOps pipelines, and internal security tooling.
Amélie Laurent
Head of Product & Design
Leads client-facing product design and security dashboard UX. Brings 10+ years of experience crafting enterprise SaaS interfaces.
Riley O'Moore
Senior Security Researcher
Specialises in cloud infrastructure exploitation, Active Directory attack paths, and zero-day vulnerability research.
Our Values
THE HEART OF SPAKTO CULTURE
Our core values drive every engagement, every line of code, and every vulnerability we uncover.
One Team
We rely on each other
Security is a team discipline. We break down silos between offensive researchers, engineers, and analysts — fostering transparency, knowledge sharing, and collective ownership of every engagement.
Care Deeply
We create positive change
We lead with empathy for our clients, their end-users, and the broader security community. Every vulnerability we report helps protect real people — and we never lose sight of that responsibility.
Customer Centric
We drive business impact
Every finding we deliver is prioritised by real-world exploitability, not theoretical risk scores. We translate technical vulnerabilities into business language so leadership can make informed, confident decisions.
Forward Thinking
We shape the future
We invest heavily in R&D — from AI-augmented reconnaissance to custom exploit frameworks. Staying ahead of adversaries means constantly evolving our tools, techniques, and thinking.