TRINETRA / Services Practice ledger · 04 disciplines + Vision product

Four
practices.
One evidence
standard.

Each practice runs offensive, surface, forensic, or signal work. Same operators. Same closure standard. Different surface area.

Disciplines04 + product

Engagement depths03

Standards mapped06

Retest cadenceINCLUDED

[01] · OFFENSIVE

VAPT & Red Team

Continuous vulnerability assessment, safe exploitation paths, and executive-ready risk narratives.

Web, API, mobile, cloud, internal network — scoped to your release cadence. We run OWASP-informed methodology with hands-on validation; not a checklist scan dressed up as a pen test. Every finding ships with a reproducible proof-of-issue your engineers can replay locally.

[01]Executive summary with business impact and risk priority.
[02]Technical evidence pack with reproducible proof-of-issue per finding.
[03]Fix recommendations mapped to owner, effort, and sprint capacity.
[04]Closure statement after retest — audit and insurer ready.

SURFACEWeb · API · Mobile · Cloud · Internal

DEPTHManual + automated · validated exploit

METHODOLOGYOWASP ASVS · MITRE ATT&CK · OSSTMM

EVIDENCEReproducible POI · video + payload

REPORTExec summary + technical + remediation

RETESTIncluded · critical/high revalidated

TIMEFRAME5 days targeted · 12 weeks program

COMPLIANCESEBI · RBI · CERT-In aligned

[02] · SURFACE

Brand Protection

Domain abuse, phishing kits, fake apps, and credential leaks — monitored and escalated with legal-ready artifacts.

Trinetra runs continuous monitoring against your brand surface — lookalike domain registrations, phishing-kit fingerprints, fake app listings, and public credential corpora matched against your domain. Findings ship with the artifacts your counsel needs to move on takedowns without re-investigation.

[01]Lookalike domain inventory with registrar + WHOIS pack.
[02]Phishing kit fingerprints, hashed for cross-incident correlation.
[03]Credential-leak match counts (without exposing credentials).
[04]Takedown coordination pack — counsel-ready artifacts.

MONITORLookalike DNS · CT logs · app stores

CADENCEContinuous · 24h re-scan

ARTIFACTSRegistrar · WHOIS · timestamped capture

ESCALATIONCounsel-ready · takedown pack

COVERAGEGlobal TLDs · India-first prioritization

LEAKSPublic corpora · counts only

KIT FAMILIESFingerprinted · attributed when possible

REPORTMonthly · ad-hoc on critical signal

[03] · FORENSIC

Investigations

Deep traces across infrastructure and identity — structured timelines your counsel and insurers can follow.

Insider misuse, fraud, account takeover, ransomware post-mortems. Trinetra runs DFIR-grade investigations producing timeline-first artifacts — chain-of-custody preserved, identity-provider logs correlated with infrastructure events, narrative written so counsel and insurers can act without re-asking the basics.

[01]Reconstructed incident timeline with evidence anchors.
[02]Actor profile — TTPs, infrastructure, observed dwell time.
[03]Counsel-ready narrative with citation back to source artifacts.
[04]Insurer-aligned impact statement for renewal/claim conversations.

SCOPEInsider · ATO · ransomware · fraud

SURFACESIdentity · cloud · endpoint · network

EVIDENCEChain-of-custody preserved

CADENCEDaily standup · weekly written update

OUTPUTTimeline + actor profile + impact ledger

REVIEWERSCounsel · insurer · regulator

TIMELINE2–6 weeks typical

CONFIDENTIALNDA · scoped access · need-to-know

[04] · SIGNAL

Threat Intel

Curated, India-skewed feed for situational awareness — sector-tagged, low-noise.

Trinetra Intel aggregates from public leak-site disclosures, regulator filings, and verified industry disclosures. We do not ingest paid threat feeds; everything you see can be triangulated against open sources. Sector-tagged so your team only sees relevant signal.

[01]Live victim feed cross-referenced with regulator filings.
[02]Adversary group dossiers with TTPs and lineage tracking.
[03]Active CVE leaderboard tagged for India-stack relevance.
[04]India breach timeline — chronological, regulator-anchored.

SOURCESLeak sites · CERT-In · regulator filings

CADENCEDaily refresh · live UTC clock

SCOPERansomware · brand · CVE leaderboard

INDIA FOCUSSector-tagged · IN-first prioritization

NO PAID FEEDAll sources triangulable openly

ACCESSWeb · API · monthly digest

INTEGRATIONSlack · SIEM · email digest

LINEAGECrew rebrands tracked across affiliates

↗

[PRODUCT] · CONTINUOUS INTELLIGENCE

Vision Platform

Trinetra's SaaS intelligence layer — live ransomware tracking, patch radar, breach monitoring, and domain surface on one dashboard. Built for defenders, zero setup.

Vision is the platform Trinetra operators use internally — now licensed as a standalone product. It aggregates ransomware victim disclosures, active CVE alerts from CISA, India breach events, and brand-surface signals into a single sector-tagged view. No integrations required. Access from day one without talking to a salesperson.

VISION · INTEL DASHBOARD

LIVE

Ransomware groups

↑ 3 new this week

Active KEVs

1,247

Patch deadline alerts

India breaches 2026

Regulator-anchored

Victims this month

2,841

Cross-sector global

● RANSOMWARE LockBit 3.0 · new victim confirmed · BFSI sector · India 2m ago

● PATCH CVE-2025-1234 · Microsoft Exchange · due 2026-05-22 · CRITICAL 1h ago

● BREACH State Bank · credential exposure · 1.2M records · CERT-In confirmed 3h ago

[01]Live ransomware victim feed — 47 groups tracked with sector and geo tags.
[02]CISA KEV patch radar — 1,200+ CVEs with due-date countdown and India-stack weighting.
[03]India breach timeline — every confirmed breach, chronological, regulator-anchored.
[04]Domain exposure check — one-click DNS, header, and subdomain scan for any domain.

Explore Vision Platform → Request demo →

TYPESaaS · licensed product

ACCESSWeb dashboard · zero install

INTEL SOURCESRansomware sites · CISA · CERT-In

GROUPS TRACKED47 ransomware families + affiliates

CVE COVERAGE1,200+ KEVs · patch deadline alerts

REFRESHContinuous · live UTC timestamp

INDIA FOCUSSector-tagged · BFSI, health, govt

PLANSStarter · Team · Enterprise

Pick the depth

Same evidence,
different perimeter.

Trinetra runs three depths against any practice. Same operators, same closure standard — just different surface area and reporting cadence. Pick depth by how much of your stack you want under observation.

Depth · 011 SPRINT

Targeted assessment

5–10 day engagement against a defined surface — one product, one network segment, or a single high-risk feature.

> 5–10 business days
> Single deliverable
> Retest included

Depth · 02QUARTERLY

Program engagement

Rolling-scope engagement — pre-release audits, infrastructure drift checks, and retest windows aligned to your release train.

> Quarterly cadence
> Board-ready summaries
> Compliance aligned

Depth · 0312-MONTH

Embedded operator

A Trinetra operator embedded with your security or platform team — runs the program, reports to CISO/board on cadence.

> 12-month contract
> Vendor risk managed
> CISO/board reporting

Standards mapped

Audit-grade
paperwork, by default.

01OWASP ASVS & Top 10 · application security verification mapped per finding for web, API, and mobile.App · API
02MITRE ATT&CK · TTP-based reporting for red-team engagements; SOC-ingestible.Red team
03CERT-In · India incident-reporting alignment, 6h window-ready filing template.India
04SEBI/RBI VAPT formats · accepted by regulators and listing committees.BFSI
05NIST 800-115 / 800-53 · technical guide for testing and assessment, control mapping.Enterprise
06ISO 27001/27002 · evidence pack aligned to information security control sets.Audit

Process

Scope to closure
in five steps.

Brief

You send context · scope, surface, urgency.

Scope

We return a one-page scope · access list, windows, evidence plan.

Assess

Hands-on testing with validated exploit paths.

Remediate

Findings written PR-ready · owner + effort mapped.

Close

Retest · closure statement · audit-ready artifacts.

Scope it the way
your team will ship it.

Tell us the surface, the constraints, and the timeline. We come back with a one-page scope you can forward to engineering.

Start a brief →

Fourpractices.One evidencestandard.