BERTOLDISecurity Boutique

Being safe is not feeling safe.

Knowing us is already seeing the difference.

Let's talk for 30 minutes
You'll find human expertise, not an AI

The essential, made excellent.

01 — Intact Ecosystem

An email that looks like it's from your supplier. A vulnerability no one noticed. It doesn't take a major attack to bring a company to a halt: the overlooked details are enough. The Intact ecosystem covers exactly those details, one by one.

IntactMail

Your mail, unbreachable.

What's included
  • Cloud mailbox 20 GB, storage shared at domain level
  • Cloud anti-spam and antivirus, DNS protection (SPF, DKIM, DMARC)
  • Mail, calendar and contacts synced on every device (ActiveSync, Outlook connector)
  • Human analysis of phishing missed by automated systems, with community alerts
  • Offsite backup, DNSSEC on webmail, GDPR-compliant archiving

IntactBackup

Your last line of defense.

What's included
  • Encrypted cloud and on-premise backup, for workstations and servers
  • Retention of 120 days or more on request, with daily checks and reports
  • Hot DB backup, virtual machine backup, Bare Metal Restore
  • System support for post-incident recovery, on request

IntactSecurity

Every device, always protected.

What's included
  • Managed antivirus with behavioral scanning (BitDefender engine)
  • Patch management and vulnerability scan (operating system and third-party software)
  • Web filter, cloud VPN, end-to-end encrypted password and card manager
  • Managed remote support: remote reboot, recordable sessions
  • All with no dedicated hardware

IntactWeb

Your digital presence, never left unguarded.

What's included
  • Domain management with transfer-lock and Whois anonymization
  • Protected DNS: geographic redundancy, DNSSEC, high availability
  • Managed Tier III+ hosting on NVMe: firewall, SSL, one-year backup retention
  • Script and uptime monitoring with real-time alerts and status page
  • Encrypted connection and DNSSEC across all services

SOC Tailored

Your dedicated Security Operations Center.

What's included
  • Security event monitoring and correlation, tailored to your perimeter
  • Detection and response handled by our team, not by automation
  • Orchestrates all Intact services into a single defensive command
  • Reporting and periodic review with decision-makers
The full list of services, with all prices. Download the price list (PDF) ↓

For those who already understand.

02 — Who it's for

The security that matters isn't found on a shelf, or left to whoever comes along. The people who come to us have usually stopped settling for less.

  • You know that what you've built deserves protection worthy of it.
  • You're looking for someone who answers for their work, not one more vendor.
  • You want a real, competent person who speaks your language.

We're not for everyone. But if you recognized yourself in that, chances are we're for you.

Twenty years. Same clients.

03 — Trust
20+ years in business

Two decades of managed security, as the threats kept evolving.

Near-total retention

Those who join the Intact ecosystem stay: defense becomes part of the company.

100% human-run

Real people who know your infrastructure, not anonymous tickets.

Defense by those who know how to attack.

04 — Research & Innovation

Our offensive research lives on international stages and in the public vulnerability registries. The same knowledge we use to find the flaws is the one we use to protect our clients.

DeepSec Vienna 2025

∞ Day at Scale: Hijacking Registrars, Defeating 2FA and Spoofing 17,000+ Domains Even with DMARC

Alessandro Bertoldi — co-author Enrico Bertoldi · Bertoldi Cybersecurity

When the weakest point in the chain is the registrar, downstream defenses are not enough. The research, carried out between 2018 and 2025, shows how systemic failures in credential recovery, 2FA bypass and email spoofing allow persistent exploitation even on domains with SPF, DKIM and DMARC properly configured. These are forever-day vulnerabilities affecting over 17,000 domains, including cross-tenant spoofing in N-Able Mail Assure and the identity-recovery procedures of Register.it: full control of client panels with zero credentials, using only PDF forms and social engineering. The proposal is defensive: a Reliability Scoring system for registrars and a trust mark for end users, based on RDAP and aligned with the NIS2 directive.

Technical paper + PoC ↗ CVE-2025-68624 ↗ CVE Advisory ↗ IETF Internet-Draft ↗
Our offensive work at bcsec.io ↗

To you, your work. The rest, to us.

05 — How we work
  1. 01

    We get to know each other.

    A meeting, remote if you prefer, to understand how you work and whether we're the right people for you.

  2. 02

    We choose what's essential.

    You don't need everything, and we won't propose it. Only what matters, with a clear, honest quote.

  3. 03

    We make it secure.

    We configure, protect, set things right. You never have to deal with the technical side.

  4. 04

    We stay close.

    Constant care, a word when it's needed, and a real person who answers when you call.

Let's talk.

06 — Contact
+39 0185 799079 Write to us

BERTOLDI Cybersecurity — Security Boutique
Passo dei Maggioli 11
16036 Avegno (GE) — Italia
P. IVA IT01070790991

Discovery analysis by appointment

By downloading and starting the remote-control software you accept the following. The software is provided by TeamViewer and is used under its own terms. The connection takes place only at your request and in your presence: during the session our technician can view and operate on your device, so please close any files or data unrelated to the support beforehand. You declare that you are entitled to authorise access to the device. By proceeding you declare that you have read and accepted these conditions.

TeamViewer QuickSupport ↗ TeamViewer Host ↗