For government & enterprise · testing, tooling & embedded specialists
SID — Security Innovation & Development is the security practice founded by Stephan Botes. We help government and enterprise teams secure what matters — through penetration testing, custom tooling, code audits, and senior specialists embedded directly inside your organisation. Real testing, plain-language reporting, and outcomes your team can act on.
// how we help
Seven focused services — from one-off assessments to a specialist embedded inside your organisation. Every engagement is scoped to your goals, authorized in writing, and delivered with evidence you can act on, not a PDF full of scanner noise.
Bespoke offensive tooling built for your targets and rules of engagement — recon frameworks, exploit chains, C2 and detection-bypass tooling, written in Rust, Go, C and Python.
Manual, security-focused source review — not just a linter. We hunt logic flaws, auth bypasses, injection, unsafe crypto and supply-chain risk, with reproducible findings and concrete fixes.
Independent black-box and white-box assessment of third-party products and appliances before you trust them in production — so procurement decisions are based on evidence, not marketing.
Custom security automation tailored to your environment — detection engineering, SIEM/EDR pipelines (Wazuh, Elastic), DFIR tooling, and hardening automation for Linux and Windows fleets.
Deep audits of the open-source dependencies and tooling your business relies on — from a team that has authored and reverse-engineered 280+ security projects. We read the code others assume is safe and give you a clear path to remediate or replace.
Take back control of your data. We help you cut dependence on foreign clouds and SaaS — migrating to self-hosted, auditable infrastructure (mail, office, storage, identity) so sensitive data stays inside your jurisdiction and under your control.
Some work has to happen inside your team — on your systems, within your security boundary, under your direction. For government departments and regulated organisations that need senior security capability in-house but don't want the cost, delay or commitment of a permanent hire, we deliver vetted specialists embedded in your team through a clean professional-services contract.
You engage a single accountable supplier and pay for services delivered — not headcount. Our engineers work alongside your internal staff for the agreed scope and duration, then hand over and exit. It slots into your existing procurement and framework vehicles, keeps sensitive work confidential and in-house, and gives you elite capability exactly when and where you need it.
// the arsenal
A selection from 280+ public repositories spanning recon, exploitation, C2, malware analysis and blue-team automation. All tools are published for authorized testing and research.
Modular offensive-security framework in Rust — a memory-safe, modern exploitation toolkit in active development.
github.com/s-b-repo/rustsploit ↗Advanced command, control & communications (C3) framework — resilient, multi-channel infrastructure for modern red-team operations.
github.com/s-b-repo/artic-c3 ↗Rust-based command-and-control server leveraging Firefox-based exploitation primitives.
github.com/s-b-repo/firec2 ↗Model Context Protocol server for OnlyOffice — lets AI assistants create, edit and audit self-hosted documents, sheets and slides programmatically.
github.com/s-b-repo/onlyoffice-mcp ↗Turn a Raspberry Pi into a turnkey SOC sensor — a portable detection & logging stack for small environments and field deployments.
github.com/s-b-repo/pi2soc ↗Independent zero-day vulnerability research targeting the I2P anonymous-network stack.
github.com/s-b-repo/i2p-zero-exploits ↗ICMP covert C2 / data-exfiltration channel — built to help defenders write detection signatures.
github.com/s-b-repo/ping0-exfil ↗Advanced traceroute tool built for offensive reconnaissance and network mapping workflows.
github.com/s-b-repo/stalkroute ↗// how it works
We define targets, rules of engagement and success criteria in writing before anything is touched.
Manual testing backed by custom tooling tailored to your environment — not a one-size scan.
Findings with business impact, severity, reproducible steps and concrete remediation.
Once you've fixed, we verify the fixes actually closed the gap.
// credentials
Verifiable on Credly and verify.CompTIA.org (Candidate ID COMP001021877443).
Core security operations & risk. Nov 2022.
Network architecture & defense. Jul 2022.
Endpoint & systems foundation. Aug 2021.
Secure Infrastructure Specialist stack.
IT Operations Specialist stack.
Secure Email Gateway product certification. 2025.
+ Pentest+, Jr Penetration Tester & Web Fundamentals paths.
Cloud architecture, identity & governance. 2026.
// about
SID is led by founder Stephan Botes, who has studied offensive security and ethical hacking since he was sixteen and spent 3+ years working professionally as a cyber security engineer — running authorized web and network penetration tests, purple-team exercises, email-security hardening and secure network design for clients.
Before founding SID he worked as an OSINT analyst on asset-tracing and due-diligence investigations — so the team knows how to find what people don't want found, and how to handle sensitive work responsibly.
What sets the work apart is the tooling and the bench: Stephan has authored 280+ public security projects across recon, exploitation, malware analysis, DFIR and protocol-level research in Rust, Go, C and Python, and SID draws on a network of vetted specialists and contracting partners — so we can embed the right person for the job. When an off-the-shelf scanner can't reach it, we build the thing that can.
Direct, honest, and focused on measurable security outcomes. Every engagement is authorized and scoped in writing.
// start an engagement
A penetration test, code audit, custom tooling, or a specialist embedded inside your team. Send a short brief and we'll reply with scope, timeline and next steps — usually within 1–2 business days.
stephanbotesIT@proton.meEncrypted ProtonMail · replies within 1–2 business daysAuthorized testing only. We require written authorization before any assessment begins.