Skip to main content

Blackbox Intelligence Group

Operators for SMB teams that need real answers - not slide decks.

Veteran-owned. CEO-led. We validate what attackers can actually do, then help you fix what matters first.

Veteran Owned Business OSCP Certified

Who we serve

U.S. SMB and mid-market teams - roughly 20–250 endpoints - with lean IT or MSP support and real compliance pressure.

Problem we solve

Most organizations do not fail from missing tools. They fail because nobody validates what attackers can actually do.

Why Blackbox

Offensive-first operators. CEO-led engagements. Dev + cyber under one roof. Meet the team →

Start here

The Security Reality Check

Our recommended first engagement. Know what attackers see, what to fix first, and where you actually stand - before you spend on a full pen test.

Step 1 - Reality Check

Validated assessment. Prioritized roadmap.

Operator-reviewed coverage of your external attack surface, identity layer, and high-value systems. You leave with a remediation plan your IT team can execute.

Deliverables

  • Executive summary (board-ready)
  • Prioritized remediation roadmap
  • Validated findings - not a scanner dump
  • 30-day retest option

Timeline

  • Scoping call: 1 day
  • Active assessment: 5–10 business days
  • Reporting & debrief: 3–5 days

Then validate. Then defend.

Prove what an attacker can actually do - then keep watch 24/7.

Step 2 - Pen Test

Penetration Testing

Real exploitation chains by OSCP-certified operators - not automated scans repackaged as findings.

  • External, internal, web app, API & AD scopes
  • CEO-led debrief with evidence package
  • Standalone or paired with a Reality Check
Step 3 - Defend

BlackboxEDR - 24/7 Defense

Endpoint and identity defense run by people who think like attackers. MSP-friendly. Coexists with Microsoft Defender.

  • 24/7 SOC triage & response, <15-min target
  • Identity threat detection (ITDR) included
  • Remote containment, isolation & recovery

Specialized offers

CMMC Readiness

Gap assessment, SSP & POA&M, evidence prep for small primes and subs - assessor-ready, no theater.

CMMC details →

Private AI Automation

Operator-supervised AI workflows for compliance, helpdesk, and reporting - inside boundaries you control.

Private AI details →

MSP Partner Program

White-label or co-branded pen testing, EDR, and CMMC support. We don't poach your clients.

Partner program →

Proof, not promises

What an engagement actually produces.

95%
of clients close all Critical findings within 30 days
Source: BBIG engagement tracker, 2024–2026 client cohort.
<15 min
target alert response time on BlackboxEDR
Source: BBIG SOC SLA target; measured monthly.
100%
written-authorization testing - zero unsolicited engagements
Source: BBIG engagement policy.
0
unplanned outages caused during testing to date
Source: BBIG operations log, founding to present.
Case Study - Anonymized

Regional Healthcare: 142 Endpoints, 3 Critical, Zero Downtime

A regional healthcare client preparing for a HIPAA review engaged a Security Reality Check after their cyber insurer flagged a gap. Within ten business days we delivered a prioritized roadmap of 27 validated findings.

  • Discovered: exposed RDP, stale domain admin accounts, M365 legacy auth still active.
  • Outcome: 100% of Critical and High findings remediated in 27 days.
  • Next: scoped internal pen test, then BlackboxEDR.

"Blackbox didn't just find vulnerabilities - they showed us exactly how an attacker would exploit them."

- IT Director, regional healthcare organization (NDA)

Read full case study →

What an attack path looks like

ATTACK PATH - Internal Pen Test (excerpt) [1] Foothold Phish-bypass via legacy auth on M365 → mailbox access [2] Lateral OAuth token replay → SharePoint doc cache → discovered hard-coded creds in onboarding doc [3] Privilege escalation Stale on-prem admin acct (last login 412d ago) Pass-the-Hash to DC02 → Domain Admin [4] Impact Demonstrated read access to PHI share \\fs01\patients No exfiltration performed (out of scope). Total dwell-time achieved: 4h 12m

Sample only. Live reports include full chain-of-evidence and ranked remediation.

Alexander Morrow, CEO & Founder
Led by an operator

Alexander Morrow

Owner & CEO · OSCP · U.S. Military Veteran

Every Blackbox engagement is led by the CEO. You get the operator's read on your environment - not a sanitized PowerPoint after a handoff.

U.S. company. U.S. citizen operators only. Written authorization only. We coordinate with your MSP - we don't replace them.

Full founder profile → · How we operate →

Optional intro - unmute for the full message from the team.

Dev services

Also build what you need to run

Practical AI workflows, custom software, and a free privacy-forward browser - under the same operator roof.

Frequently asked questions

For decision-makers, not just technicians.

We serve U.S. SMB and mid-market organizations with roughly 20–250 endpoints - especially teams with lean IT or MSP support, compliance pressure, and regulated data. Our strongest fit is in healthcare, finance, legal, manufacturing, government contracting, and professional services.

We deliver dev services (AI integration, custom software, Onyx Browser) and cybersecurity services (Security Reality Check, penetration testing, BlackboxEDR 24/7 defense, CMMC readiness). Every engagement is CEO-led by Alexander Morrow. See our capability statement for a one-page overview.

CEO-led delivery - you are not handed off after signature. Offensive-first operators who validate findings, not checkbox auditors. Veteran-owned with U.S.-only operators. Dev and cyber under one roof. We explain what findings mean for your business, not just what a scanner flagged. Learn more about how we operate.

For most organizations, the right entry point is a Security Reality Check. It's faster and lower-cost than a full pen test, and it produces a prioritized remediation list. Once Critical and High findings are closed, a penetration test becomes a true validation rather than a list of low-hanging fruit.

A Security Reality Check identifies and prioritizes weaknesses through scanning plus operator validation. A penetration test goes further - we actively attempt to exploit those weaknesses and chain them together to prove what an attacker could actually accomplish. Reality Check finds unlocked doors; pen testing walks through them.

Always. We operate exclusively under written authorization with a clearly defined scope. We do not perform any unsolicited scanning, testing, or "free assessments." You retain full control of what is in scope, when, and how.

We design engagements to minimize disruption - off-hours work for sensitive systems, named emergency contacts, and constant communication. To date we have caused zero unplanned outages.

Yes. BlackboxEDR is MSP-friendly and coexists with Microsoft Defender. For assessments and pen tests, we coordinate scope and access with your team. We complement IT - we don't compete with it.

Security Reality Check: ~2 weeks end-to-end. Penetration Testing: 2–4 weeks for standard scopes. BlackboxEDR onboarding: 1–2 weeks, then continuous. We confirm a specific timeline during the fit call.

Ready to talk?

Book a 20-minute fit call. No pressure, no canned pitch - an honest read on whether we are the right partner.

Book a 20-Min Fit Call

Prefer email? aesa@blackboxgroup.io