OSINT investigations, digital footprint sanitization & personal cyber defense, consulting, research, data intelligence, API access, training, VPN, digitization, evidence & duplication, print services, web and mobile development, RF & physical security, and lead generation -- every Net Works service, described in plain language. Jump to the one you care about or read straight through.
Bespoke investigations using the same data stack, methodology, and tradecraft behind our published research. Applied, not theoretical. Every engagement is scoped individually, sourced exclusively from public records and open-source intelligence, and delivered with full source trails so counsel or counterparties can verify the work.
Coworker location, witness background, counterparty due diligence, asset tracing. Asbestos case research (ship rosters, cruise books, company histories), probate / estate support, IP litigation fact-finding.
Anonymous handle to real identity. GitHub commit metadata, noreply email resolution, GPG key recovery, timezone correlation across 17K+ repos, cross-platform username enumeration, Gravatar pipeline (116K hashes collected, 30K emails cracked).
Executive, counterparty, acquisition-target, or vendor background packages. Public filings, corporate structure, litigation history, regulatory enforcement, reputation signal, infrastructure footprint. Written dossier with annotated sources.
Archival pulls, obituary and genealogy correlation, family lead enrichment, name-uniqueness ranking (SSA cohort + multi-Census surname averaging). Documented methodology behind 1,900 LA Probation name dedup and Kirch V5 family-lead enrichment.
Jurisdictional profile for market entry, vendor evaluation, or geopolitical risk. Infrastructure, credential exposure ecosystem, regulatory enforcement patterns, local vendor ratings. Built on Carmen Sandiego corpus (260 countries, 5.5M domains).
EXIF analysis, file metadata extraction, PDF forensics, reverse image search (CLIP), authorship correlation. Contested-document and synthetic-media analysis for legal, journalism, and evidentiary workflows.
Every investigation is bounded by what's legally collectible. We do not pretext, compromise accounts, purchase breach data, or engage adversarial platforms. What we deliver stands up in a deposition because the source trail is part of the deliverable.
Read full details → Brief us on the subject →The defensive counterpart to our investigations practice. We spend our days finding people through public data, breach archives, and OSINT corpora -- which means we know exactly what's exposing you. This service reverses that: data broker takedowns, breach remediation, search result suppression, personal device hardening, family office protection, and ongoing monitoring so the next person who tries to dox, stalk, pretext, or wire-fraud you walks into a wall. Designed for executives, founders, public figures, high-net-worth individuals, and the families and staff around them.
Submitted, tracked, and verified removals across 150+ people-search sites (Spokeo, BeenVerified, WhitePages, MyLife, RocketReach, FastPeopleSearch, Radaris, Intelius, and the long tail). Re-submission on every reappearance. Quarterly re-sweep.
Full audit against the same breach corpus our investigations team uses (~3M dev emails + commercial breach archives). Every credential exposure surfaced, prioritized, and a forced-rotation plan delivered. Optional ongoing breach-watch with same-day alerts.
Google "remove personal info" requests for doxxing, harassment, and stalking-related results. GDPR / CCPA / PIPEDA right-to-be-forgotten filings where jurisdiction allows. Forum and old social-media comment hygiene where the host platform cooperates.
Privacy-by-default audit and reconfiguration of LinkedIn, Facebook, Instagram, X, Reddit, GitHub, and the dozen other surfaces an OSINT investigator pivots through. Photo metadata stripping, location-history scrubbing, friend-list visibility review.
Email aliases (per-vendor address per service), masked phone numbers, masked credit cards, virtual mailing addresses, domain WHOIS redaction. Architectural fixes so future exposure is bounded by design, not discovered after the fact.
Quarterly automated re-scan against all 150+ broker sites, plus alerts when a new breach surfaces your credentials or a new data broker appears. Removal action is included on detection, not just notification.
Laptop, phone, and home-network audit and lockdown. EDR deployment, password manager rollout, hardware MFA keys, encrypted backup, home WiFi segmentation, IoT inventory and scrub. Same controls a Fortune 500 deploys for execs, scaled to a household.
Business email compromise (BEC) is the #1 financial threat to family offices. We harden domain authentication (SPF / DKIM / DMARC enforcement), implement out-of-band wire verification, run social-engineering simulations against staff, and build incident playbooks before a $500K wire goes wrong.
Executive travel briefings (jurisdictional cyber risk, hostile-network avoidance, lost-device protocols), spouse and dependent privacy posture, social media audits for adult children, and minor-child digital footprint protection. Quiet, privacy-respecting, no surveillance.
Always-on private-line for the principal and their inner circle: suspicious email triage, "is this real?" phone calls, real-time wire verification, post-incident response, and quarterly executive briefings on emerging threats relevant to the principal's industry, location, and public profile.
We don't sell single-shot opt-outs that re-list within 90 days, and we don't sell off-the-shelf "executive cyber" packages. Initial sweep + 12 months of monitored maintenance is the minimum engagement because that's what actually moves the needle. Same OSINT stack we use to find people, run in reverse to keep them found-resistant -- combined with the personal-cybersecurity practice that protects the principal once their public surface is contained.
Read full details → Request a footprint audit →Senior-led engagements. Small number of projects per year, each one owned end-to-end by the operators who scoped it. No subcontractors, no junior handoffs, no mystery billable hours.
Cross-reference a client's domain and subsidiaries against public credential exposure corpora. Produce a ranked rotation plan grouped by privilege. Optional monitoring retainer.
Dossier for market entry, vendor selection, or risk exposure in a specific jurisdiction. Infrastructure, credential exposures, regulatory enforcement patterns, vendor risk ratings.
Licensed forks of our in-house tooling with air-gapped deployment, per-analyst licensing, and periodic updates driven by client feedback. Annual renewal with multi-year path.
Everything we sell traces back to public writing our operators have done. Research grounds the work: if we claim expertise in a domain, the record is on the internet. Published on Substack, Medium, and LinkedIn.
Full-stack intelligence operations against foreign government and commercial infrastructure. 18+ jurisdictions. Methodology from initial recon through deliverable.
Cross-referencing breach datasets against enterprise and government domains. 3,000+ domains mapped, 2.9M+ exposures tracked, 70 countries covered. Methodology, not raw data.
How adversary infrastructure reveals adversary intent. Topology mapping, ASN analysis, BGP route leaks, data-center inventories. Pairs with our 6,000+ global DC cartography.
TLE localization, commercial satellite tracking, and the US UDL vs peer-nation alternatives arms race. Explainers on SpaceMapper (Chinese UDL equivalent) and orbital regime analysis.
Production-grade infrastructure without third-party clouds. Proxmox patterns, Cloudflare tunnel topologies, hardening checklists, secret-rotation discipline.
Building and maintaining device fingerprint databases (Fingerbank pipelines, DHCP fingerprinting, MAC vendor enrichment). Attribution work at the IP/device layer without overclaiming.
Active CFP submissions across DEFCON, BSides, RSA Innovation Sandbox, and regional conferences. Press inquiries to [email protected] — 72-hour turnaround or we say no.
Read full details → Ask for current article links →Curated intelligence datasets collected from publicly accessible sources. Access is restricted to verified organizations with a documented use case. All data governed by our Terms of Service.
Data collection is exclusively from publicly accessible sources. No breach data, no stolen credentials, no unauthorized access. Collection methods comply with US federal and state law; CCPA public-data exemption applies.
Read full details → Request access →Programmatic access to the corpus. Structured JSON responses, rate-limited endpoints, full documentation on approval. bcrypt-hashed API keys with nw_sk_ prefix.
Private workshops for teams. Custom curriculum built around your team's actual skill gaps -- not a generic bootcamp. We design the content, build the labs, and deliver on-site or remote. Every course traces back to real operations.
Penetration testing (network, web, API), red team, incident response and forensics, security architecture review, threat modeling, infrastructure hardening. NDA signed before scoping.
OSINT tradecraft, offensive security, threat intelligence, custom tool development, dark-web investigation, deanonymization and attribution. On-site or remote. Half-day to multi-day.
We don't publish rates. Every engagement is scoped individually. Initial scoping call is free; written proposal follows with fixed or capped pricing. Government and nonprofit rates available on request.
Read full details → Tell us the skill gap →Encrypted VPN service on dedicated infrastructure. Military-grade encryption, multi-region exit nodes, zero logs. Built by the same operators who run the rest of our platform. Nodes going live in phases; join the waitlist below.
Minimal attack surface, modern codebase. Fast, auditable, and lean.
Exit nodes in EU (Finland, Scotland), US, and LATAM. More regions as demand grows.
No traffic logs, no connection logs, no DNS logs. Period.
Automatic traffic blocking if the VPN connection drops. No leaks, no fallback to clearnet.
Multiple layers of network protection at every node. Defense in depth, not security theater.
Not shared hosting. Dedicated VPS nodes that we configure, harden, and maintain. Your traffic doesn't share pipes with strangers.
Your traffic enters through our gateway, passes through an encrypted tunnel to your selected exit node, and exits through a clean IP. No residential IPs. No shared consumer VPN infrastructure.
Read full details → Join the waitlist →Every document format a client can ship us -- loose paper, bound books, oversized records, glossy photos, fragile manuscripts. Our Toshiba e-STUDIO 3055c ADF handles high-volume loose sheets; our CZUR ET overhead scanner handles everything bound, delicate, oversized, or glossy. All scans flow into the same chain-of-custody OCR pipeline.
High-volume ADF scanning of flat paper. Duplex at rated speed, up to 600 DPI color, hundreds of pages per batch. Scan-to-SMB or direct-to-forensic-folder.
Overhead laser curve-flattening scans bound books, photo albums, family Bibles, periodicals, and antique materials without unbinding or pressing spines.
A3+ (420 x 297 mm / 18.89" x 14.17") blueprints, engineering drawings, maps, large art, oversized legal records. Flat or book format handled identically.
Magazines, laminated ID cards, medical imaging prints, glossy photos. Side-light attachment eliminates glare that flatbed scanners cannot handle.
Industry-best OCR with 180+ language support. Materially stronger than Tesseract for multi-column layouts, tables, and non-English scripts. Searchable-PDF / Word / Excel output.
Hash-verified scan-to-SMB with audit trail. Auto-filename with timestamp, SHA-256 on every output, logged handoff. Court-admissible digitization of evidentiary paper.
Send us your shoebox of old family tapes -- VHS, VHS-C, Hi8, Mini-DV, Betamax, even 8mm reels. Returned as MP4 on USB stick, external drive, or private cloud download. Tapes shipped back with the digital copies; we don't keep your originals.
Vinyl LPs, cassette tapes, reel-to-reel, and 8-track audio digitized to lossless WAV + MP3. Photo prints, 35mm slides, and negatives scanned at archival resolution. Bundle pricing for full boxes -- send the whole closet.
Paper-to-searchable-corpus turnaround measured in hours, not weeks. Same intake works for law firms digitizing bound ledger books, estate planners handling family archives, historical societies, architecture / engineering firms scanning drawing sets, companies migrating paper files to searchable storage, and individuals shipping us a box of old family videos, photos, or records to preserve before they degrade further.
Read full details → Ship us a box →Litigation-grade physical media production. A Vinpower SharkCopier 1:11 tower burns eleven verified discs at a time from an HDD-cached master. Every disc is numbered, hash-verified sector-by-sector, and delivered in tamper-evident sleeves with the master's SHA-256 printed on the chain-of-custody sheet.
Numbered, hash-verified, tamper-sealed DVDs for discovery delivery. Master cached once, burned N times, every disc verified post-burn. Chain-of-custody manifest included.
Hospital-to-hospital DICOM transfer on DVD for facilities that cannot accept digital uploads. Patient-portable copies for personal records and second-opinion workflows.
Software installers / updates on DVD for environments forbidden from USB or network delivery. SCIF, industrial control, aviation, healthcare-compliant.
Rip family or archival master once, burn identical copies for multiple heirs or record custodians. Family photos, home videos, heirloom CDs.
Small-run (11 to 500 copies) DVDs for churches, trade schools, compliance-training vendors. Off-line delivery for environments where streaming is not acceptable.
100 to 500 unit CD-R runs for indie artists and local labels. Physical merch for album launches, tour merch tables, and local releases.
100 to 500 unit DVD runs for filmmakers, documentarians, wedding videographers, and film festival submissions. Menu-navigation DVD-Video format with chapter markers, loop-thumbnail intros, and region-free mastering on request.
Make 5 copies of grandma's wedding video for the cousins. Press 20 memorial-service DVDs for the family. Burn 50 wedding-favor CDs. Small-run personal duplication with printed disc faces and tamper-free sleeves. No minimum order.
Send us a playlist or audio files; we burn polished CD-R copies with printed tracklists and disc art. Perfect for road trips, retro gifts, party favors, or anyone who still has a CD player in the truck.
Production-grade color and B&W printing on the same Toshiba e-STUDIO 3055c color MFP that drives our digitization bureau. Same machine, second pipeline -- in addition to scanning thousands of pages a day, it lays down high-quality color, finishes booklets, and runs short-to-medium runs faster and cheaper than the local print shop. Drop off a USB or upload a PDF, pick up the same day on most jobs.
Business cards, postcards, rack cards, tri-fold brochures. 32 lb to 110 lb cover weight. Same-day on standard stock; specialty stock 24-48 hr.
Single-sheet flyers, event posters, real estate one-sheets, restaurant menus. Up to 11x17 (tabloid) on the 3055c; larger formats outsourced and price-matched.
Saddle-stitched and folded booklets up to ~80 pages. Recital programs, funeral programs, wedding programs, conference handouts, indie zines, comic ashcans.
High-volume B&W and color document runs. Court packets, contracts, training packets, HOA notices, medical forms. Duplex, collated, stapled, hole-punched on request.
Pairs with our duplication tower (NW-EVD-*). Printed disc surfaces, custom sleeves, J-cards, and digipack inserts so your run looks finished, not homemade.
Need 12 of something nobody else will print? Wedding seating charts, custom certificates, gift coupons, costume props, fundraiser auction sheets. We take small jobs the chains won't touch.
Drop off a USB or email us a PDF; pick up same-day for most short runs. We handle the print jobs the chain shops route through three managers and a 5-day queue. No monthly minimums, no design contracts, no upsell.
Read full details → Send us a PDF →Custom websites and mobile apps for clients who want builders who also understand security. We run 37+ production sites self-hosted on our Proxmox stack, ship custom Go / Python / Rust tooling, and operate eight Discord workflow bots in production today. Every delivery ships with the same hardening baseline we run on our own infrastructure.
Next.js, Express, static, or full-stack. Self-hosted on our Proxmox + Cloudflare Tunnel stack, or deployed to client-chosen infrastructure. CSP, HSTS, rate limiting, and secure sessions baked in from day one.
Native (Swift / Kotlin), React Native, or Flutter. App store submission, code signing, TestFlight / Play Console setup, push notification and auth infrastructure included.
Go / Python / Rust scanners, scrapers, pipelines, Discord bots. Same code patterns behind Blackout, Credential Hunter, and our eight production bots. Deployed to your infra or ours.
REST, WebSocket, webhook, or serverless endpoints. bcrypt auth, rate limiting, audit logging, Stripe / billing integration where needed. Documented and handed over clean.
Host your project on our 56-container Proxmox stack behind Cloudflare Tunnel. Daily backups, monitoring, and uptime SLA. Zero cloud-vendor lock-in.
Every delivery includes CSP, HSTS, rate limiting, bcrypt auth, CSRF protection, secure session handling, and hardening aligned to the same checklist we run on networks-corp.com. Handover includes audit notes.
Why pick a security firm to build your app? Because most dev shops ship OWASP top-ten vulnerabilities by default and most security firms cannot ship working code. We do both, and we ship the hardening as a deliverable, not a billable extra.
Read full details → Scope a build →Drone detection, RF-environment audits, and executive-protection sweeps. Our AirFence Ranger hardware is in transit from China (ordered 2026-03-27); these services unlock the day it lands. Join the waitlist below and we'll notify the queue in order when deployment begins.
Active RF surveillance of UAS bands during events, at data centers, at executive residences. Real-time alerting and post-event reports on detected airframes and operator-suspect positions.
Map a client facility's RF environment. Identify rogue transmitters, unauthorized BLE beacons, suspicious wireless activity. Delivered as a baseline report plus a monitoring feed for change detection.
Bug sweeps plus drone detection for personal residences, hotel suites, meeting rooms, and sensitive negotiations. On-demand scheduling, tight NDA, no retained data after the engagement ends.
Pairs with our WiFi Mothership wardriving corpus (164K+ infrastructure points) for a real-time plus historical RF picture. First step toward physical + RF + cyber bundled assessments.
Read full details → Join the waitlist →Custom prospect lists built from our OSINT corpus -- 2.9M email records, 5.5M domains across 260 countries, 3,000+ credential-audit surfaces, and the same GitHub-derived developer dataset that powers our API. Lists scoped to your ideal customer profile, enriched with context, and delivered CAN-SPAM / GDPR-aware with jurisdiction-flagged opt-out hygiene.
Filterable by language, framework, project type, commit recency, and public-repo activity. Ideal for devtool vendors, DevSecOps platforms, API startups, and security-tool companies targeting practitioners.
Custom scopes by TLD, country, hosting provider, company size, technology stack. 5.5M domains / 260 countries available -- pick the slice that matches your ICP.
Security teams, MSPs, law firms, healthcare providers, financial services, government, education. Delivered with firmographic enrichment -- company size, revenue band, technology footprint.
Bring us your flat list -- we enrich with title, seniority, likely buying authority, LinkedIn footprint, and company intel. Add signal to an existing database before you touch outreach.
Identify companies using a competitor's product from public technology signals -- job postings, stack disclosures, repo imports, infrastructure fingerprints. Switch-prospect lists grounded in technical evidence.
CAN-SPAM and GDPR-aware by default. Jurisdiction flagged per record, unsubscribe / opt-out hygiene applied, public-source documentation preserved. Lists you can actually use without wrecking your sender reputation or your legal team's weekend.
All data is sourced from publicly accessible channels -- no breach data, no stolen credentials, no scraped private platforms. Collection methods comply with US federal and state law, and the CCPA public-data exemption applies. Delivery includes a use-case attestation and documented source trail per record.
Read full details → Scope a list →Describe the problem. We'll tell you if we're the right fit and what it would look like to work together.
Start the conversation