Being safe is not feeling safe.

One conversation is usually enough to see the difference.

You'll find human expertise, not an AI

The essentials, made excellent.

01 · Intact Ecosystem

An email that looks like it's from your supplier. A vulnerability no one noticed. It doesn't take a major attack to bring a company to a halt: the overlooked details are enough. The Intact ecosystem covers exactly those details, one by one.

IntactMail

Your mail, properly defended.

What's included

Cloud mailbox 20 GB, storage shared at domain level
Cloud anti-spam and antivirus, DNS protection (SPF, DKIM, DMARC)
Mail, calendar and contacts synced on every device (ActiveSync, Outlook connector)
Human analysis of phishing missed by automated systems, with community alerts
Offsite backup, DNSSEC on webmail, GDPR-compliant archiving

IntactBackup

Your last line of defense.

What's included

Encrypted cloud and on-premise backup, for workstations and servers
Retention of 120 days or more on request, with daily checks and reports
Hot DB backup, virtual machine backup, Bare Metal Restore
System support for post-incident recovery, on request

IntactSecurity

Every device, continuously protected.

What's included

Managed antivirus with behavioral scanning (BitDefender engine)
Patch management and vulnerability scan (operating system and third-party software)
Web filter, cloud VPN, end-to-end encrypted password and card manager
Managed remote support: remote reboot, recordable sessions
No dedicated hardware required.

IntactWeb

Your digital presence, never left unguarded.

What's included

Domain management with transfer-lock and Whois anonymization
Protected DNS: geographic redundancy, DNSSEC, high availability
Managed Tier III+ hosting on NVMe: firewall, SSL, one-year backup retention
Script and uptime monitoring with real-time alerts and status page
Encrypted connection and DNSSEC across all services

SOC Tailored

Your dedicated Security Operations Center.

What's included

Security event monitoring and correlation, tailored to your perimeter
Detection and response handled by our team, not by automation
Orchestrates all Intact services into a single defensive command
Reporting and periodic review with decision-makers

The full list of services, with all prices. Download the price list (PDF) ↓

For those who already understand.

02 · Who it's for

The security that matters isn't found on a shelf, or handed to whoever comes along. The people who come to us have usually stopped settling for less.

You know what you've built deserves protection to match.
You're looking for someone who answers for their work, not just another vendor.
You want a real, competent person who speaks your language.

We're not for everyone. But if that sounds like you, chances are we're for you.

Twenty years. Same clients.

03 · Trust

Two decades of continuity

Security managed without interruption, as the threats keep evolving.

Relationships that last

Those who join the Intact ecosystem stay: defense becomes an integral part of the company.

People who answer

A human voice that knows your infrastructure and grasps its nuances. Never an anonymous ticket.

Defense by those who know how to attack.

04 · Research & Innovation

Our offensive research lives on international stages and in the public vulnerability registries. The same knowledge we use to find flaws is what we use to protect our clients.

DeepSec Vienna 2025

∞ Day at Scale: Hijacking Registrars, Defeating 2FA and Spoofing 17,000+ Domains Even with DMARC

Alessandro Bertoldi, co-author Enrico Bertoldi · Bertoldi Cybersecurity

When the weakest point in the chain is the registrar, downstream defenses are not enough. The research, carried out between 2018 and 2025, shows how systemic failures in credential recovery, 2FA bypass and email spoofing allow persistent exploitation even on domains with SPF, DKIM and DMARC properly configured. These are forever-day vulnerabilities affecting over 17,000 domains, including cross-tenant spoofing in N-Able Mail Assure and the identity-recovery procedures of Register.it: full control of client panels with zero credentials, using only PDF forms and social engineering. The proposal is defensive: a Reliability Scoring system for registrars and a trust mark for end users, based on RDAP and aligned with the NIS2 directive.

Technical paper + PoC ↗ CVE-2025-68624 ↗ CVE Advisory ↗ IETF Internet-Draft ↗

Our offensive work at bcsec.io ↗

To you, your work. The rest, to us.

05 · How we work

We come from systems and code. Security came later, as a natural consequence: a discipline that is ours, not a suit worn for the occasion. Craft done right, for the love of doing it right.

01
We get to know each other.
A meeting, remote if you prefer, to understand how you work and whether we're the right people for you.
02
We choose what's essential.
You don't need everything, and we won't propose it. Only what matters, with a clear, honest quote.
03
We make it secure.
We configure, protect, set things right. You never have to deal with the technical side.
04
We stay close.
A real person when you call, constant care, and honest advice on the choices that matter: a point of reference for your systems, not just another vendor.

Let's talk.

06 · Contact

An introductory conversation, no commitment, by appointment only: in half an hour we'll know if and where we can help.

+39 0185 799079 Write to us

BERTOLDI Cybersecurity, Security Boutique
Passo dei Maggioli 11
16036 Avegno (GE), Italia
P. IVA IT01070790991
Email [email protected]
PEC (certified email) [email protected]

Discovery analysis by appointment

The remote-control software is provided by TeamViewer and used under its own terms. The connection happens only at your request and in your presence: during the session our technician can view and operate on your device, so close any files or data unrelated to the support first. You declare that you are entitled to authorise access and, by proceeding, to accept these conditions.

TeamViewer QuickSupport ↗ TeamViewer Host ↗