Is Macksofy CERT-In empanelled?

Yes — Macksofy Technologies is a CERT-In empanelled Information Security Auditor under MeitY, Government of India. Our reports are accepted by SEBI, RBI, UIDAI, IRDAI and other Indian regulators without rework.

Where does Macksofy operate?

Headquarters in Bandra Kurla Complex (BKC), Mumbai. Service delivery across India and the United Arab Emirates. We have engagements with BFSI, fintech, government and SaaS clients in Mumbai, Bangalore, Hyderabad, Delhi NCR, Pune, Dubai and Abu Dhabi.

What cybersecurity services do you offer?

Penetration testing, VAPT, SOC setup (Wazuh + ELK + Splunk + Sentinel), Web/API security testing, cloud security (AWS/Azure/GCP), red teaming, digital forensics & incident response, malware analysis, and threat intelligence.

Which trainings do you offer?

CEH v13 (EC-Council ATC), OSCP exam-prep bootcamp, SOC Analyst, Web Application Security, and customized Corporate Training programs.

How do I request a quote?

Use the contact form on this page (we reply within a few business hours), WhatsApp +91 99308 24239, or email services@macksofy.com. For typical engagements we send a fixed-price proposal within 48 hours.

CERT-In EmpanelledEC-Council ATCISO 27001 Certified20,000+ professionals trained200+ engagements / yrMumbai · Dubai · Hyderabad · Muscat · TorontoCERT-In EmpanelledEC-Council ATCISO 27001 Certified20,000+ professionals trained200+ engagements / yrMumbai · Dubai · Hyderabad · Muscat · Toronto

CERT-In Empanelled · India + UAE

Securingbusinesses.Trainingcyberwarriors.

CERT-In empanelled cybersecurity consulting firm with an advanced training division. We deliver
for India’s top BFSI, fintech and government clients.

Book Consultation Enroll Now +91 99308 24239

0+

Learners trained

0+

Enterprise clients

0+ yrs

In business

0

Countries served

// live · macksofy ops

Engagements active

0 eps

PENWeb pentest · 23 findings · 4 critical

REDDA in 4h · CrowdStrike bypass

AUDITRBI SAR submitted · 12 working days

MDR12.4K events/sec · 0 P1 incidents

ISO27001 certified · zero findings stage 2

OSCPCohort 47 · 17/18 passed

All assessments live · auto-refresh

Scroll to explore

What we do

Cybersecurity services that find what others miss.

Manual + tooled offensive security, defensive engineering and regulator-grade audits — by an OSCP / OSWE / OSEP-certified team out of Mumbai.

Penetration Testing

Goal-oriented penetration testing across infrastructure, web, mobile, cloud and Active Directory. We chain low-severity findings into business-impacting compromises — and deliver a report your engineering team can actually fix.

Banking & Financial ServicesInsurance & InsurTechHealthcare & HealthTech

Vulnerability Assessment & Penetration Testing (VAPT)

VA finds the inventory of weaknesses; PT proves which ones an attacker can actually exploit. Macksofy delivers both as a single engagement, in the format Indian regulators expect.

BFSI · NBFC · Brokers · AMCsPayment AggregatorsHealthcare

SOC Setup & SIEM Engineering (Wazuh + ELK)

We design, build and operationalize Security Operations Centers — from your first SIEM rollout to a fully tuned 24×7 detection capability. Wazuh + ELK (open-source, India data-residency friendly), Splunk or Microsoft Sentinel — we work in your stack, not ours.

BFSIFintechHealthcare

Web Application Security Testing

Browser-side web application pentesting by OSWE-certified consultants. XSS, CSRF, SSRF, file-upload abuse, deserialization, OAuth client flows, session and cookie handling, business-logic flaws — found by hand, exploited end-to-end, reported in language a developer can act on.

Fintech & PaymentsSaaS / ProductBFSI

API Security Testing

Dedicated API security testing for REST, GraphQL and gRPC surfaces. BOLA, BFLA, mass-assignment, JWT and OAuth server-side flows, rate-limit and resource-consumption abuse, GraphQL introspection and depth attacks — by OSWE-certified consultants who treat the API as the product, not the website’s backend.

Fintech & PaymentsSaaS / Product (multi-tenant)BFSI

Mobile Application Security Testing

Manual + tooled penetration testing for Android (APK / AAB) and iOS (IPA) apps. We decompile, instrument with Frida, intercept TLS, abuse the backend the app talks to, and prove which findings actually move money or PII — not just which ones the scanner flagged.

Mobile Banking & UPIFintech wallets & paymentsHealthcare / patient portals (HL7 / NDHM)

Explore all 9 services

The Authority

The audit your regulator
will accept on the first read.

Macksofy is empanelled by the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology. Our reports are accepted by SEBI, RBI, UIDAI, IRDAI and every major Indian regulator without rework.

See our CERT-In authority page

Government of India · Ministry of Electronics & IT

CERT-In Empanelled
Information Security Auditor

Authorized to perform regulator-grade audits in India·SEBI · RBI · UIDAI · IRDAI accepted

Frameworks we cover

Macksofy maps controls across Indian and global frameworks in a single engagement — saving you months of redundant audit cycles.

CERT-In

Information security audit empanelled by Indian CERT

RBI CSF

RBI Cyber Security Framework + System Audit Reports

SEBI CSCRF

Cybersecurity & Cyber Resilience Framework for capital markets

ISO 27001

ISMS implementation, internal audit and certification support

PCI-DSS

Payment card industry — ASV scans, internal audit, pentest

GDPR

Article 32 controls, DPIA, data flow mapping

HIPAA

Healthcare data protection (relevant for India + UAE health-tech)

UAE NESA / SIA

UAE National Electronic Security Authority compliance

Methodology

Six phases from scoping to sign-off.

Every Macksofy engagement follows a tested methodology — refined over a decade of CERT-In audits and BFSI red-team operations. Click through the phases or watch them auto-advance.

Phase 01
Scoping
Phase 02
Reconnaissance
Phase 03
Exploitation
Phase 04
Post-Exploitation
Phase 05
Reporting
Phase 06
Retest

Phase 01

Day 1–2

Scoping & Pre-engagement

Mutual NDA · Rules of Engagement · Crown-jewel identification

Every Macksofy engagement begins with a tight scoping call. We agree on assets in/out of scope, define the Rules of Engagement, identify your crown jewels, and align on success metrics before a single packet leaves our infrastructure.

Key activities

Mutual NDA + authorization letter
Asset inventory + scope freeze
Crown-jewel and high-impact target identification
Communications and emergency-contact protocol

Tools / artifacts

Engagement LetterAuthorization DocRisk RegisterSlack/Teams bridge

Deliverable

Signed scope document + authorization letter

01 / 06

Training

Career-grade certifications. Mentor until you pass.

EC-Council, OffSec, CompTIA authorized programs plus our own SOC Analyst and Web App Security career tracks. 100% practical labs.

Certified Ethical Hacker (CEH v13) — AI-Powered

Learn to think like the attacker.

40 hours 4 career roles

OSCP — Penetration Testing with Kali Linux (PEN-200)

Try harder. Pass with proof.

12-week bootcamp + 90-day OffSec lab + 24-hour exam 4 career roles

₹1,70,588₹1,45,00015% OFF

Computer Hacking Forensic Investigator (CHFI v11)

EC-Council

Intermediate

CHFI v11

Computer Hacking Forensic Investigator (CHFI v11)

Investigate. Reconstruct. Testify.

40 hours 3 career roles

CompTIA Cybersecurity Analyst (CySA+)

Vendor-neutral. Globally recognized. DoD compliant.

40 hours 2 career roles

Macksofy SOC Analyst — Career Track (8 weeks)

Detect what attackers hope you'll miss.

8 weeks 4 career roles

Web Application Security Specialist — Career Track

Break web apps. Help builders fix them.

10 weeks 3 career roles

₹65,000

Pan-India delivery · UAE / GCC

Cybersecurity engagements across India’s metros + UAE.

From our Mumbai BKC headquarters and Hyderabad regional hub, we deliver pentests, audits and training engagements to BFSI, fintech, government and SaaS clients across India and the UAE.

Testimonials

From CISOs, security managers,
and the alumni who’ve built careers with us.

“We've worked with three Big 4 firms before Macksofy. None found what their team did in our payments stack. The most actionable report we've received in a decade.”
AK
Aisha Khan
Information Security Manager · Listed Fintech · BKC, Mumbai

01 / 06

India · UAE · GCC

0+

Professionals trained

Web · API · network · cloud

0+

Pentests delivered

CERT-In · RBI · SEBI · ISO

0+

Audits per year

Founded 2014 · Mumbai HQ

0+

Years in business

Talk to us

Get a fixed-price proposal in 48 hours.

Tell us about your security need — pentest, audit, training or a wider engagement. A senior consultant will reply within a few business hours.

CERT-In Empanelled

Information Security Auditor · India

CERT-In Empanelled
EC-Council ATC · CompTIA Authorized
20,000+ professionals trained
India + UAE engagements

Securingbusinesses.Trainingcyberwarriors.

Cybersecurity services that find what others miss.

Penetration Testing

Vulnerability Assessment & Penetration Testing (VAPT)

SOC Setup & SIEM Engineering (Wazuh + ELK)

Web Application Security Testing

API Security Testing

Mobile Application Security Testing

The audit your regulatorwill accept on the first read.

Six phases from scoping to sign-off.

Scoping & Pre-engagement

Career-grade certifications. Mentor until you pass.

Certified Ethical Hacker (CEH v13) — AI-Powered

OSCP — Penetration Testing with Kali Linux (PEN-200)

Computer Hacking Forensic Investigator (CHFI v11)

CompTIA Cybersecurity Analyst (CySA+)

Macksofy SOC Analyst — Career Track (8 weeks)

Web Application Security Specialist — Career Track

Cybersecurity engagements across India’s metros + UAE.

From CISOs, security managers,and the alumni who’ve built careers with us.

Get a fixed-price proposal in 48 hours.

The audit your regulator
will accept on the first read.

From CISOs, security managers,
and the alumni who’ve built careers with us.