intrus.io
Mining

Pentest for Mining

Security audit of mine operation systems, autonomous fleets, processing plants and railway logistics.

Schedule a technical mine visitSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Mining mixes heavy OT (autonomous trucks, crushers, conveyors) with corporate IT and critical dam systems. Each failure can become an environmental tragedy with regulatory and criminal consequences for executives.

Applicable regulation

ANMLei 14.066/2020 (Barragens)IBAMAISO 27001IEC 62443

/attack-surface

Vectors we test in mining

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Autonomous fleet

Autonomous trucks and drills, V2X communication, dispatch systems.

02

Dam monitoring

Instrumentation systems, piezometers, inclinometers, alerts.

03

Crushing and processing

Plant DCS, crusher and classifier PLCs.

04

Railway logistics

Loading systems, wagon dispatch and weighing.

05

Underground mine

Ventilation systems, gas sensors, underground communication.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

ArcelorMittal client — large-scale steel/mining.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Mining

Do you cover dam monitoring?

Yes. We audit dam monitoring systems per Law 14.066/2020.

Is autonomous fleet a focus?

Yes. We test V2X communication, dispatch systems and segregation between manned and autonomous fleets.

/contact

Ready for a serious pentest in mining?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers