Welcome. By using our site or services you accept these terms, insha’Allah.
1. Services
We provide:
- Cybersecurity training (recorded + live + labs + PDFs).
- Penetration testing & red-team (scoped, authorized engagements).
- SOC services & incident monitoring (24/7 or scheduled).
- Endpoint investigation & digital forensics (trusted evidence handling).
Deliverables depend on the chosen package (reports, remediation plans, alerts, dashboards).
2. Roles & Expectations
Our team includes pentesters, endpoint investigators, and SOC analysts. They act as independent experts under Khlybalak Security and adhere to our ethical code and Islamic values.
3. Authorization & Scope (Critical)
- No testing without written authorization. Client must sign a Statement of Work (SoW) and a signed Authorization to Test before any offensive activity.
- Tests are strictly limited to the agreed scope, targets, and time window. Any out-of-scope activity is prohibited.
- Clients are responsible for obtaining internal approvals (third-party assets, cloud providers, ISPs). Khlybalak Security is not liable if the client fails to secure required permissions.
4. Ethical & Legal Use
- All offensive techniques are taught and used only for lawful, authorized purposes.
- You must not use our training or findings for illegal activity. Misuse voids refunds and may be reported to authorities.
5. Confidentiality & Data Handling
- We treat client data and investigation artifacts as confidential.
- Forensic evidence, logs, and raw data are kept secure and returned or destroyed per the SoW.
- We may anonymize findings for marketing only with explicit client consent.
6. Reporting & Remediation
- Penetration tests and investigations include a written report with prioritized findings and recommended fixes.
- SOC services provide alerts, triage, and recommended mitigation steps. Response SLA (if purchased) will be in the SoW.