Is Your Data Being Sold on the Deep Web Right Now?
Data leak assessment: continuous monitoring of criminal marketplaces, exposed credential validation, exposure mapping via public APIs and shadow assets.
Why now
The real pain
Leaks aren't a matter of "if" anymore — only of "when do you find out". Corporate credentials in Telegram combo lists, customer bases resold in Russian forums, database dumps on BreachForums. Companies usually find out only when the journalist calls or the customer complains. Mapping first gives 30 days of advantage before public damage.
References and threat actors
/attack-surface
Vazamento de Dados
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Threat intel on criminal marketplaces
Monitoring on RaidForums successors, BreachForums, XSS.is, Exploit.in, criminal Telegram channels, IRC.
Credential stuffing exposure
HaveIBeenPwned, Dehashed, LeakIX, IntelX — corporate credentials in combo lists, manual validation.
GitHub leaks and secret scanning
Trufflehog, gitleaks across full history, GitGuardian, advanced GitHub search.
Shadow assets and ASM
Subdomain enumeration, certificate transparency, SHODAN/Censys, GCP/AWS/Azure public exposures.
Leaked database validation
Validation if claimed dump is real, data scope, dating, likely origin vector.
Insider and third-party leak
Analysis whether leak came from employee, third party, software vendor or marketing agency.
Notification runbook
Protocol for ANPD (up to 2 business days per ANPD Res. 15/2024), data subjects, BACEN, ANS, market, press.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Incident response in finance and healthcare, preventive mapping in fintechs and listed companies.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/faq
FAQ — Vazamento de Dados
One-time or continuous service?
Both. Point-in-time assessment (snapshot): BRL 18-45k. Continuous monitoring with alert in up to 4h: BRL 4-12k/month depending on company size and number of brands/domains monitored.
Do you do takedown?
Not directly. We refer to specialized takedown partners (with OAB) when the request is well-founded. Our delivery is detection + forensic evidence + recommendations.
How do you know if a dump is real?
Sample matching: we test credentials in controlled environments (with authorization), compare schemas with official bases, date by artifacts. We never buy from criminals.
Do you cover deep and dark web?
Yes. We operate in Tor forums, criminal IRC, Telegram, specific marketplaces. Without paying criminals — monitoring only.
/contact
Map my exposure now
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.