intrus.io
Schools (K-12)

Pentest for Schools

Offensive security in school systems, parent portals, learning platforms and protection of minors' data.

Request an assessment for your schoolSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Children's and adolescents' data is ultra-sensitive under LGPD. Leaks of grades, photos of underage students or family-school communications generate fines, civil suits and reputational crises capable of closing the unit.

Applicable regulation

LGPD (dados de crianças)ECAMECISO 27001

/attack-surface

Vectors we test in schools (k-12)

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Academic system

Electronic gradebook, grades, attendance, communications.

02

Parent portal

Unauthorized access to other students' data, family-school messaging.

03

Learning platform

LMS, online activities, integration with Google Classroom/Microsoft Teams.

04

Cameras and access control

CCTV, biometric turnstiles, gate control.

05

Tuition payment

Boleto, direct debit, acquirer integration.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements with school networks and educational institutions.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Schools (K-12)

Do you cover minors' data?

Yes. Special handling per LGPD article 14 and ECA, with mapping of findings against child/adolescent protection.

Can you audit school CCTV?

Yes. NVR, IP cameras, network segregation, retention and image access.

/contact

Ready for a serious pentest in schools (k-12)?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers