intrus.io
Law Firms

Pentest for Law Firms

Offensive security in full-service firms, boutiques and legal departments handling sensitive cases.

Schedule a confidential meetingSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Law practice deals with attorney-client privilege. Leaks of M&A processes, billion-dollar litigation or criminal cases can void deals, expose strategy to opposing counsel and risk OAB and client exposure. Boutiques are preferred targets — high-value data, low security maturity.

Applicable regulation

LGPDLei 8.906 (EOAB)OAB Provimento 205/2021ISO 27001

/attack-surface

Vectors we test in law firms

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Legal document management

Repository for case files, contracts, opinions and strategy.

02

Case management software

Tikal, ASTREA, integration with courts and OAB.

03

Client communication

Email, encrypted messaging, client portal.

04

Lawyer endpoint

Notebook, mobile, loss/theft, OneDrive/Drive corporate.

05

Criminal cases and targeted threats

Hardening against motivated adversary, OPSEC, encrypted communication.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements with full-service firms and boutiques.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Law Firms

Do you maintain absolute confidentiality?

Yes. Reinforced NDA, air-gapped environment when required, zero data retention after engagement closure.

Do you serve sensitive criminal operations?

Yes. OPSEC hardening, encrypted communication, protection against directed adversary.

/contact

Ready for a serious pentest in law firms?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers