Pentest for Residential and Commercial Buildings
Security validation for access control, cameras, remote concierge, resident app and outsourced administration.
Why now
The real pain
Buildings are a treasure of personal data — address, license plate, photo, biometrics, routine — and operations are outsourced to cheap, misconfigured systems that are never tested. Hacked cameras, gates bypassed by tag replay, remote concierge with password 1234. When it leaks, the building manager is on the hook.
Applicable regulation
/attack-surface
Vectors we test in condomínios e edifícios
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Remote concierge
Authorization bypass, call replay, third-party gate control, release fraud.
TAG/biometric access control
RFID cloning, NFC replay, fingerprint fraud and contractor credential abuse.
CCTV cameras
Exposed DVR/NVR, default credentials, improper retention, unnecessary WAN exposure.
Resident app
IDOR on packages, common area reservations, communication with administrator, visitor data.
Metering and telemetry
Individualized water, gas, electricity — reading manipulation, fraud in cost apportionment.
Network and contractors
Shared Wi-Fi, segregation between admin and residents, outsourced IT firm access.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Highly fragmented market with rapid tech adoption; total lack of independent validation.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/faq
FAQ — Condomínios e Edifícios
Who contracts: building manager or administrator?
Both. Managers often request after an incident; professional administrators are starting to offer pentest as a competitive differentiator.
Will it disrupt daily operations?
No. We work in agreed windows. RF tests (tag cloning) use client-provided tags returned at the end.
/contact
Ready for a serious pentest in condomínios e edifícios?
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.