Expert Penetration Testers in Canada

Trusted Partners

Stingrai is a premier offensive cybersecurity firm specializing in expert-led penetration testing and real-time vulnerability management. Headquartered in Toronto, Canada, with a European hub in London, United Kingdom, we serve a global clientele from high-growth SaaS and Fintech startups to large-scale enterprises.

What truly sets Stingrai apart is our team of elite white-hat hackers and security researchers. Our experts are not just practitioners; they are pioneers who have identified and reported critical vulnerabilities to the majority of Fortune 500 companies, including leaders like Google, Apple, IBM, and Oracle.

Published CVEs: Our researchers hold dozens of published CVEs, finding and reporting exploits discovered in global software.

Industry Leadership: Our team frequently presents research at world-class conferences, including DEF CON, BSides, and NATO Locked Shields.

Top-Tier Credentials: Our team hold the industry's most rigorous certifications, including OSCP, OSCE³, OSWE, OSEP, and CREST CRT.

Our Mission & Values

Our mission is to move organizations beyond "point-in-time" security snapshots by providing a dynamic defense strategy through our innovative Penetration Testing-as-a-Service (PTaaS) platform. We specialize in two core pillars of offensive security:

Annual Compliance-Driven Pentests: Rigorous, expert-led assessments designed to satisfy regulatory requirements (SOC2, PCI DSS, HIPAA, etc.) with actionable, audit-ready reporting.

Continuous Penetration Testing: A proactive, 365-day security model that integrates directly into your DevOps pipeline, ensuring every code change or infrastructure update is validated against real-world attack vectors.

Meet Our Experts

Arafat Afzalzada

Founder

Bachelor’s degree in Computer Science with over 11 years of experience in Penetration Testing.

Certifications

CISSPPCNSECCNAITIL

Accomplishments

Presented talks at MAX Cybersecurity (Art of Attack and Defense) and at ISACA Toronto Chapter.

Ivan Spiridonov

Team Lead Penetration Tester

Bachelor’s degree in Information Technology with over 16 years of experience in Penetration Testing, Exploit Development and Red Teaming.

Certifications

OSCE³OSEDOSWEOSCPCRTLOSEPCRTECRTO

Published Vulnerabilities

(10 CVEs): CVE-2025-50674, CVE-2024-32136, CVE-2023-0830, CVE-2024-0365, CVE-2024-0399, CVE-2024-0405, CVE-2024-0566, CVE-2024-30240, CVE-2024-31370, CVE-2024-33911

Ugur Koc

Senior Penetration Tester

Master’s degree in Cybersecurity with over 14 years of experience in web, mobile, network penetration testing, and red-team operations.

Certifications

OSWEOSCEOSCPOSWPGMOBC-AI/MLPenCREST-CPSA

Published Vulnerabilities

(10 CVEs): CVE-2015-2347, CVE-2015-2346, CVE-2015-6929, CVE-2015-4912, CVE-2015-8687, CVE-2016-4392, CVE-2017-1279, CVE-2017-1204

Bug Bounty Hall of Fame

Bug Bounty Hall of Fame (500+ vulnerabilities reported): Oracle, IBM, HP, Kaspersky, Nokia, Alcatel-Lucent, Huawei, ZTE, Bosch, Adobe and more.

Armaan Pathan

Senior Penetration Tester

Master’s degree in Information Technology with over 11 years of experience in penetration testing, red teaming, and exploit development.

Certifications

OSCPCMSE

Accomplishments

Presented talks at BSides Ahmedabad (Exploiting BurpSuite Upstream Proxy) and at null Dubai (Attacking postMessage).

Bug Bounty Hall of Fame

Bug Bounty Hall of Fame (400+ vulnerabilities reported): Apple, Facebook, Google, Yahoo, US Department of Defense, Quora, Imgur, Ubiquiti, Glassdoor, and more.

Moaaz Taha

Senior Penetration Tester

Bachelor’s degree in Electronics Engineering with over 11 years of experience in Penetration Testing, Exploit Development and Red Teaming.

Certifications

GCPNOSEPOSCPOSWPCrest CRTeWPTXCRTO

Published Vulnerabilities

CVEs: CVE-2021-32076, CVE-2020-25905, CVE-2020-25362, CVE-2021-34249, CVE-2020-24862

Bug Bounty Hall of Fame

Bug Bounty Hall of Fame: Google, Dell, T-Mobile, Aruba, Esri

Utku Yildirim

Senior Penetration Tester

Master’s degree in Cybersecurity with over 7 years of experience in Web, Mobile, Network Penetration Testing, and Red-Team operations.

Certifications

OSCEOSWEOSWPCRTO

Accomplishments

Delivered talks at global cybersecurity conferences such as DEF CON and BSides Oslo, covering topics like UAV/GPS spoofing, 5G jamming, LTE redirecting, and SS7 exploitation. His research and contributions have been featured at NATO Locked Shields.