REAL ENGAGEMENTS.
REAL OUTCOMES.
Every case below is actual client work: a breach contained, systems built from scratch, and real money back in the owner's pocket.
BREACH CONTAINED.
BUSINESS SECURED.
Construction · Kelowna, BC, Canada — a Business Email Compromise, reconstructed evidence-by-evidence. Scroll to unseal the case file.
- 01DetectionBreach ConfirmedSTAGE 01/06
Business Email Compromise — Undetected
Fraudulent wire transfers surfaced across multiple vendor payments. Mailbox telemetry confirmed the account had been silently controlled for weeks before discovery.
evidence.log01case_idTRM-BEC-2024-041702vectorcredential_phish → token_replay03dwell_time~31 days04impactvendor_wire_fraud - 02ForensicsAttacker TracedSTAGE 02/06
Attack Path Reconstructed
We reconstructed every sign-in, token grant, and message event. The session trail resolved cleanly to a single hostile origin — a leased VPS operating out of Ukraine.
evidence.log09src_ip185.246.128.4410geoUA · Kyiv11asnAS204957 / vps-host12authlegacy_imap · mfa_bypass13uaMozilla/5.0 (X11; Linux x86_64) - 03The 12 RulesPersistence FoundSTAGE 03/06
Twelve Hidden Inbox Rules
The attacker had planted twelve concealed inbox rules to auto-delete vendor replies, hide fraud alerts, and quietly forward financial threads — keeping the compromise invisible to the user.
00Hidden inbox rules
documented & removedevidence.log17rule_01move:Banking → RSS/Deleted18rule_04fwd:invoices@ → ext_drop19rule_07del:subject~"wire"20rule_11mark_read:"payment failed"21…+ 8 more documented - 04ContainmentCompromise SeveredSTAGE 04/06
Every Point of Compromise Eliminated
Sessions revoked, credentials rotated, every hidden rule removed, and all attacker-created persistence destroyed. The intruder lost access in a single coordinated lockout.
evidence.log25sessions_killedall_active26creds_rotated100%27rules_removed12 / 1228persistenceeradicated - 05HardeningEnvironment AuditedSTAGE 05/06
Full Security Audit & Remediation
A complete environment audit followed — identity, email, endpoints, and cloud. Legacy auth disabled, conditional access enforced, and phishing-resistant controls deployed across the org.
evidence.log33legacy_authdisabled34mfaenforced · phish_resistant35conditional_accessdeployed36audit_scopeid · mail · endpoint · cloud - 06ManagedMonitoring LiveSTAGE 06/06
24/7 Managed Security
The client now runs on a fully managed security stack with round-the-clock monitoring — so the next anomaly is caught in minutes, not weeks.
evidence.log41monitoring24/7/36542detectionreal_time43status● SECURED
BUILT. UNIFIED. DELIVERED.
One System. $60K Saved. Company Value Built.
A pavement contractor was running the business across a tangle of disconnected tools, with no single place to see what was happening. Tremodi built a complete custom system from scratch: an integrated CRM, job-management platform, marketing website, and AI office assistant, all wired into QuickBooks and Ramp. Cutting the overlapping subscriptions freed up $60,000 a year. And because the system is theirs, it adds real value to the company itself.
Three Systems Unified.
A multi-location painting franchise had its most important numbers trapped in three systems that couldn't talk to each other: CRM, field operations, and financial reporting. Tremodi connected the data and turned on Microsoft 365 reporting, giving the owners one clear view across every location for the first time.
NO PRESSURE.
JUST A PLAN.
Cybersecurity gap, IT problem, or just not sure where to begin? We'll listen first, recommend second, and only propose what actually serves you.