FAQ

Last modified: Nov 10 2021

Basics

You can contact us, through our Contact Us page. Also, you can email us directly at [email protected]. Once contacted, within 48 hours, we will reply and provide the information you enquired for.
We also have a WhatsApp for Business, where we will not accept any phone calls from strangers; only text messages. Once we have established communication for services with a client, only then will we accept direct phone or WhatsApp calls from the clients.
If you are or were a client who received our services, then yes; you will have dedicated support through established communication. But if you require us to come on-site or engage in remote support, this may or may not require payment, depending upon the nature of the support in question.
Durations varies with different clients as each may have different scales of hardware/software present in an organization. Usually, a vulnerability and risk assesment engagement lasts between one day to one week.
Durations varies with different clients as each may have different scales of hardware/software present in an organization. Usually, a penetration test engagement lasts between one to two weeks. But for larger scale organizations, it can take up to a month.

Defensive & Offensive Services

Yes, everybody can do social media and open sourced investigations. But with our services, we offer industry experience along with tools, techniques, technologies, and data that will not be easily accessible by an average person browsing the internet.
Yes, it does cover ransomware.

And if you're worried that your organization maybe target by ransomware, contact us; we can setup offline backups to recover instantly if ever an attack occured.
We keep details about the client's technology stack, list of services used, types of vulnerabilities and mitigations for future reference if the client decide to engage in our services again. This information will not be shared with any third party and will not be accessible on the internet. It will only serve to help us to remember a client organization's infrastructure if ever our services are required again. And also warn a client if a new vulnerability is being exploited in the wild depending on the services our clients uses.
Yes, we are as paranoid as our clients. Prior to engagement with a client's network, web application, APIs, or any of the services; we will ask the client if they would like a NDA to ensure security and discretion, for both from CovertBay and the clients. Also, client NDA will be accepted, too.
Yes, prior to any kind of engagement with a client requesting for services. CovertBay will provide a scope of engagement or even if the client already has a scope of engagement, CovertBay will follow it to the letter without question. This scope of engagement shall be reviewed by the client to either edit to restrict certain tests or edit to add certain tests for the engagement.

Visibility & Training Services

We are just starting out free lancing, so once we have enough funding to build an infrastructure to support the Visibility services, we will announce it to all our clients and offer it on our website with more details.
We are currently working on outlining and creating the training materials, virtual labs, also both live and pre-recorded videos for our training services.
Of course! We will provide training all our clients who use our visibility services and provide continuous support for the duration clients usage of our visibility services.