main logo icon

Who We Are

Simulating Cyber Attacks to Strengthen Your Defenses

Recognized. Proven. Trusted.

Stingrai specializes in offensive security, led by researchers, exploit developers, certified pentesters and powered by a cutting edge penetration testing as a service (PTaaS) platform.

  • Experienced Security Researchers: Our team frequently presents research at world-class conferences, including DEF CON, BSides, and NATO Locked Shields.
  • Top-Tier Credentials: Our team hold the industry's most rigorous certifications, including OSCP, OSCE³, OSWE, OSEP, and CREST CRT.
  • AI-Powered PTaaS Platform: Real-time reporting, native ticketing integrations, and instant retests that eliminate the friction of traditional pentest workflows.

Our Mission & Values

Cyber attacks are accelerating, and annual compliance checks alone no longer keep pace. Our mission is to help organizations move from one-time testing to continuous, expert-led security validation.

  • World-class Pentesters: Active security researchers with dozens of published CVEs and zero-day disclosures across major commercial and open-source platforms.
  • Snipe, Continuous Pentesting Agent: Instead of point-in-time checks, you are protected by our AI-powered pentesting agent with human pentesters in the loop throughout the year.

Validated Findings

Every vulnerability is manually checked with a working proof of concept and prioritized remediation guidance, not scanner noise.

Human-Led, AI-Accelerated

Automation expands coverage while humans manually validate, chain, and catch advanced security vulnerabilities missed by scanners.

World-Class Expertise

Experienced certified pentesters only, holding OSCE³, OSWE, and CREST CRT. No hand-offs to juniors.

Leadership & Advisory

Arafat Afzalzada photo

Arafat Afzalzada

Founder

11 years of experience in offensive security, leading penetration testing engagements for start-ups, mid-market, and enterprises across healthcare, financial services, government, and other regulated sectors.

Certifications
CISSPPCNSECCNAITIL
Accomplishments
Speaker at MAX Cybersecurity (Art of Attack and Defense) and ISACA Toronto Chapter.
linkedin iconView LinkedIn Profile
Eldon Sprickerhoff photo

Eldon Sprickerhoff

Advisory Board

Founder of eSentire, a pioneering Managed Detection and Response (MDR) company that grew from a bootstrapped startup into a billion-dollar cybersecurity leader protecting 2,000+ organizations across 80+ countries.

Recognition
J.W. Graham Medal in Computing & Innovation (University of Waterloo). Waterloo Region Entrepreneur Hall of Fame inductee. Author of Committed: Startup Survival Tips and Uncommon Sense for First-Time Tech Founders.
linkedin iconView LinkedIn Profile

Penetration Testing Team

Ivan Spiridonov photo

Ivan Spiridonov

Team Lead Penetration Tester

16 years of experience in penetration testing, red teaming, and exploit development.

Certifications
OSCE³OSEDOSWEOSCPCRTLOSEPCRTECRTO
Accomplishments
10 published CVEs across commercial and open-source software, including CVE-2025-50674 and CVE-2024-32136.
linkedin iconView LinkedIn Profile
Armaan Pathan photo

Armaan Pathan

Senior Penetration Tester

11 years of experience in penetration testing, red teaming, and exploit development.

Certifications
OSCPCMSE
Accomplishments
Bug Bounty Hall of Fame (400+ reported): Apple, Facebook, Google, Yahoo, US Department of Defense. Speaker at BSides Ahmedabad and null Dubai.
linkedin iconView LinkedIn Profile
Moaaz Taha photo

Moaaz Taha

Senior Penetration Tester

11 years of experience in penetration testing, red teaming, and vulnerability research.

Certifications
GCPNOSEPOSCPOSWPCrest CRTeWPTXCRTO
Accomplishments
5 published CVEs (e.g., CVE-2021-32076, CVE-2021-34249). Bug Bounty Hall of Fame: Google, Dell, T-Mobile, Aruba, Esri.
linkedin iconView LinkedIn Profile
Utku Yildirim photo

Utku Yildirim

Senior Penetration Tester

7 years of experience in penetration testing, red team operations, and offensive security research.

Certifications
OSCEOSWEOSWPCRTO
Accomplishments
Speaker at DEF CON and BSides Oslo on UAV/GPS spoofing, 5G jamming, and SS7 exploitation. Research featured at NATO Locked Shields.
linkedin iconView LinkedIn Profile
Omar Hamdy photo

Omar Hamdy

Senior Penetration Tester

7 years of experience in penetration testing, red teaming, and bug bounty research.

Certifications
OSCPeWPTXCrest CRTCRTEOSWP
Accomplishments
Bug Bounty Hall of Fame: US Federal Reserve, PaySafe, Zynga, and other enterprise programs.
linkedin iconView LinkedIn Profile
Victor Villar photo

Victor Villar

Senior Penetration Tester

6 years of experience in penetration testing, red teaming, and exploit development.

Certifications
OSCE³OSEPOSEDOSWEOSCP
Accomplishments
3 published CVEs in commercial software: CVE-2024-32369, CVE-2024-32370, and CVE-2024-32371.
linkedin iconView LinkedIn Profile

What Our Clients Say

quote icon

Stingrai uncovered vulnerabilities our vulnerability program had missed and helped us harden critical systems with practical guidance. We were impressed with their personalized, transparent approach and delivery against our timelines.

— Manager, IT, 30 Forensic Engineering

quote icon

The team spent time and effort to understand the business cases and uncover vulnerabilities unique to our business. Testing was completed within the promised timeline and within the budget which is very competitive compared to the market.

— CTO, NetNow Financial Inc.