- NAME
asec, adversarial security engineering for software, infrastructure, cloud, and autonomous platforms
- SYNOPSIS
asec [--engagement TYPE] [--target SCOPE] [--report SEVERITY-FILTER]
- DESCRIPTION
ASEC is a Toronto-headquartered offensive-security consultancy founded in 2015. The firm runs adversarial assessments against web and API surfaces (GraphQL specialist), cloud and infrastructure stacks, physical perimeters, mobile and IoT product lines, and the autonomous systems lane no other Canadian shop credibly claims: drone, UAV, and robotics. ASEC also operates a continuous-testing platform that codifies pentests as Nuclei templates.
- OPTIONS
- SEE ALSO
damn-vulnerable-drone(7), black-hat-graphql(7), black-hat-bash(7), dc416(7), cansec(7), cadsi(7), acdc(7)
ASEC, Aleks Security Cyber Intelligence Inc.
Positioning
Capabilities
- drwxr-xr-x1asecstaff4.0K2026-05-23drone-uav-robotics-adversarial/<< canada-first
- drwxr-xr-x1asecstaff4.0K2026-05-23graphql-api-security/
- drwxr-xr-x1asecstaff4.0K2026-05-23web-api-pentest/
- drwxr-xr-x1asecstaff4.0K2026-05-23cloud-aws-azure-gcp/
- drwxr-xr-x1asecstaff4.0K2026-05-23network-infra-pentest/
- drwxr-xr-x1asecstaff4.0K2026-05-23physical-redteam/
- drwxr-xr-x1asecstaff4.0K2026-05-23mobile-application/
- drwxr-xr-x1asecstaff4.0K2026-05-23iot-smart-building/
- drwxr-xr-x1asecstaff4.0K2026-05-23consulting-vciso/
- drwxr-xr-x1asecstaff4.0K2026-05-23incident-response-forensics/
- drwxr-xr-x1asecstaff4.0K2026-05-23training-offensive/
- drwxr-xr-x1asecstaff4.0K2026-05-23platform-continuous-testing/
Engagement model
ASEC engages the way an operator engages: scope is written by people who have run the attack, not by people who have only sold it. Every assessment opens with a threat-model conversation that asks what would actually hurt, not what would tick the checkbox. From there, we work in the open with your team. No black-box theatre, no PDFs lobbed over a wall.
We are unusual in one specific way: we care about the fix. Findings ship with reproducible payloads, exploit context, and remediation guidance written for the engineer who will pick it up Monday morning. When you patch, we re-test. As many times as it takes. That is what "Security-Testing-as-Code" means around here.
Where we get loud: drone, UAV, and robotics. The same hands that wrote Black Hat GraphQL and Black Hat Bash built Damn Vulnerable Drone, the simulator the rest of the industry trains on. If your platform flies, drives, or carries an autonomous payload, this is the rare Canadian shop that has already broken it in a lab.
Manual page for ASEC engagements
Industry memberships
| Package | Architecture | Version | Status | Description |
|---|---|---|---|---|
| cadsi/canada | 2026.05 | [stable] | Canadian Association of Defence and Security Industries | |
| acdc/canada | 2026.02 | [stable] | Alliance of Canadian Defence Companies | |
| cctx/canada | 2017.onwards | [stable] | Canadian Cyber Threat Exchange | |
| in-sec-m/canada | 2017.onwards | [stable] | Canadian Cybersecurity Cluster |
Speaking and training catalogue
- 2148speak --venue "BSides Toronto" --title "Weapons of a Pentester"
- 2316speak --venue "SecTor" --title "(multi-year speaker)"
- 2402speak --venue "GraphQL Summit, San Diego" --title "Offensive GraphQL Security Testing" --with "Dolev Farhi"
- 2417keynote --venue "MapleSEC, IT World Canada" --title "Five Core Principles of Fighting Back in Security"
- 2554train --venue "CanSecWest, Vancouver" --dojo "Foundational + Advanced Offensive GraphQL Security Training" --with "Jared Meit"
- 2589launch --venue "DEF CON 32, No Starch booth" --title "Black Hat Bash launch + signing"
- 2643speak --venue "US drone-security event (venue tbd)" --title "Drone, UAV adversarial security"
- 2710host --venue "DC416" --note "monthly speaker + organizer"
Contact
- Domain:
- asec.io
- Registrant:
- Aleks Security Cyber Intelligence Inc.
- Founded:
- 2015-08
- HQ:
- 18 King Street East, Suite 1400, Toronto, Ontario M5C 1C4, CA
- Phone:
- +1-877-411-1337
- Email:
- contact@asec.io
- NameServer:
- Nick Aleks · Chief Hacking Officer
- Repos:
- github.com/nicholasaleks/Damn-Vulnerable-Drone (402 stars) · graphql-threat-matrix (361) · CrackQL (346)
- Status:
- active · accepting engagements