intrus.io
Consortium Administrators

Pentest for Consortium Administrators

Audit of member portals, assembly systems and integrations with credit bureaus.

Request a proposalSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Consortium administrators hold financial and asset data of thousands of members, with sensitive integrations to registries, banks and Detrans. A breach or assembly fraud destroys trust instantly.

Applicable regulation

BACEN Resolução 4.893Lei 11.795/2008LGPD

/attack-surface

Vectors we test in consortium administrators

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Member portal

IDOR in balance queries, bids, allocation and quota transfers.

02

Assembly system

Manipulation of drawing, bidding and digital minutes.

03

Banking integrations

Direct debit authorization, lien recording, invoice settlement.

04

Mobile app

Member app analysis, secrets, certificate pinning.

05

Collections BPO

Outsourced operator access to data of delinquent members.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Deep knowledge of the Brazilian consortium market.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Consortium Administrators

Do you know BACEN consortium regulations?

Yes. We work with Law 11.795/2008 and Resolutions 4.893 and other BACEN rules for consortium administrators.

Can you test the drawing system?

Yes. We audit RNG integrity, assembly manipulation, digital minutes and audit logs.

/contact

Ready for a serious pentest in consortium administrators?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/seguros

Insurance & Brokers

/igaming

iGaming, Casinos & Betting