Identify Threats. Emulate Attacks. Strengthen Cybersecurity.
Our Mission is Tactical
Identify Real-World Vulnerabilities
We continuously uncover critical vulnerabilities: CVE-2025-23061, CVE-2024-53900, CVE-2021-39226, and counting.
Enhance OPSWAT’s Vulnerability Detection
We strengthen the capabilities of products like MetaDefender Endpoint SDK, MetaDefender Endpoint, MetaDefender Kiosk, MetaDefender Core, MetaDefender OT Security to detect CVEs
Test and Harden OPSWAT Products
We ensure our products continue to stop known and unknown threats
Simulate Advanced Threat Scenarios
We outpace and outthink adversaries targeting OPSWAT and its customers with internal and confidential simulations
Strengthen Customer Environments
We provide confidential results and actionable advice to mature our customers’ cybersecurity defenses
Key Contributorsto Osmedeus
50+ Zero-DayVulnerabilities
Top RankedContributor
Critical Vulnerabilities Disclosed
Unit 515 CVE Discovery Database
Why Unit 515?
OPSWAT’s elite red team goes beyond checkbox testing. By emulating real-world attackers and focusing on critical infrastructure environments, Unit 515 delivers deep insights that help organizations stay secure.
Uncover and Fix Critical Vulnerabilities
Stay ahead of threat actors targeting critical environments.
Gain Adversary-Level Insight
Leverage threat emulation based on real-world TTPs from known APT groups.
Drive Proactive Security Across Your Ecosystem
Inform internal teams and third-party vendors with actionable findings that extend beyond traditional pen testing.
Reduce Risk Exposure
Identify and remediate threats before they disrupt operations or compromise sensitive systems.
An Elite Team of Recognized Adversarial Simulation Experts
thanhlocpanda
- Top-ranked ethical hacker for the U.S. Department of State
- Discovered CVEs in major enterprise platforms including Schneider Electric and SuiteCRM
- Credited security vulnerability disclosures to Atlassian
- OSCP, OSWE certified
theblackturtle
- Reported 150+ security vulnerabilities for Apple, Yahoo, Snapchat, Walmart, Amazon, Adobe, OPPO, American Airlines, Sony, Ford, and more
- Identified critical CVE for Grafana
- Open-source security tools author & contributor: GoSpider (2.4k stars) & Osmedeus (5.6k stars)
- OSWE certified
Pen Testing Services
This package is ideal for startups, mid-sized businesses, and enterprise teams looking for a fast, effective way to validate the security of their web applications without navigating complex service tiers.
- OWASP Top 10 vulnerability testing (manual + automated)
- Business logic flaw identification
- Role-based access control (RBAC) and privilege testing
- API testing (REST/GraphQL endpoints)
- Authentication and session management validation
- File upload testing and security header review
- CSRF, IDOR, and rate-limiting checks
- SSL/TLS configuration review
- Detailed report with findings, impact, and recommendations
- Post-test review session with our security experts
Expose Vulnerabilities Before Attackers Do
Powered by OPSWAT’s elite internal research team comprised of world-class cybersecurity professionals, Unit 515 has been behind several high-impact vulnerability discoveries in industrial control systems and operational technology platforms.
Their expertise in ICS, OT, and embedded device security is now available to support your organization’s mission to stay ahead of threats.
This offering is ideal for security-conscious organizations looking to reinforce their cyber defenses and gain confidence in their security posture — especially in industries where uptime and resilience are non-negotiable.
