Frequently Asked Questions

The simplest way is to fill out our contact form on the home page - describe what you need in as much or as little detail as you're comfortable sharing at this stage. We'll get back to you to schedule a free, no-obligation consultation call.

During that call we'll discuss your requirements, target environment, timeline constraints, and any specific questions you have.

Yes, completely. The first consultation is a no-obligation conversation. We're happy to discuss your requirements, explain how we approach a particular type of engagement, and give you a rough sense of scope and timeline before any agreement is in place.

We only start billing once a written proposal has been agreed and signed by both parties.

For the initial consultation, you only need a general description of what you're trying to achieve. Things that are helpful to know early: the type of service you're interested in (e.g. custom loader, BOF development, red team infrastructure), your general target or deployment environment (OS versions, EDR products in use), approximate timeline requirements, and whether source code delivery is needed.

We'll ask the technical questions during the scoping phase once a mutual NDA is in place if required.

No, we don't require an NDA to have an initial conversation. If you'd like one in place before sharing specific details about your environment, tooling stack, or internal systems, we're happy to sign a mutual NDA before the consultation call.

For all delivery engagements a written agreement covering confidentiality, deliverable scope, and authorisation is standard before work begins.

It depends on the service. For most development engagements (loaders, BOFs, custom tools, stagers), source code delivery is available and can be included as part of the engagement scope. We'll confirm this during the proposal stage.

For particularly sensitive capabilities such as kernel rootkits and BYOVD solutions, full source code transfer is available but is covered by a separate licensing agreement reflecting the investment and sensitivity of the capability. We'll discuss this openly during scoping.

Yes. The services page describes our most commonly requested capabilities, but our work isn't limited to that list. If you have a specific offensive or defensive security requirement not covered - reach out and describe it. If it falls within our expertise, we'll scope it. If it doesn't, we'll tell you plainly.

It means you receive a compiled, tested artifact ready to use in an operation without needing to compile or modify anything. It includes any configuration parameters (e.g. C2 listener addresses, sleep timers) baked in or passed at runtime, and has been tested against the detection environment we agreed on during scoping.

If you request source code in addition, you receive both.

Yes. For clients who need tooling kept up-to-date as EDR vendors push updates, or who want ongoing access to new techniques as they're developed, we offer retainer arrangements covering updates, new requests within scope, and priority engagement scheduling.

Retainer terms are negotiated on a per-client basis. Contact us to discuss.

Timeline varies enormously depending on the scope, complexity, and specific requirements of your project. There is no fixed estimate we can give upfront — every engagement is different.

Once you provide details about your project during the scoping phase, we will assess what is involved and include a realistic delivery timeline in the written proposal before any work begins.

Our deliverables include evasion testing against the EDR versions and configurations specified during scoping. We don't provide open-ended guarantees against future vendor updates, EDR vendors push signature and behavioural updates frequently.

However, if you require long-term viability, a maintenance retainer covers ongoing updates and re-testing as the threat landscape evolves. We can also scope a specific update engagement separately if an unexpected vendor change impacts the delivered capability.

Absolutely. We are fully able to work alongside internal red teams, whether that means delivering custom tooling that your operators use directly, consulting on technique selection, or providing and maintaining infrastructure while your team runs the engagement.

If you have a specific collaboration model in mind, reach out and we can discuss how to structure the engagement around your team's workflow.

We sell exclusively to registered legal entities: companies, corporations, government agencies, and accredited research institutions. Sales to private individuals acting outside an organisational capacity are not permitted.

By engaging with us, you represent that you are acting on behalf of a legally registered organisation.

EntropyKit is based in Poland and operates under EU law, including applicable export control regulations (EU Dual-Use Regulation 2021/821). We do not sell, license, or deliver capabilities to individuals or organisations in countries subject to EU, UN, or other applicable sanctions.

If you're unsure whether your organisation qualifies, contact us and we'll confirm before proceeding.

All capabilities we deliver are intended for use in environments where you hold explicit written authorisation from the system owner.

We don't verify how clients use delivered tooling operationally, but we make no exceptions on the contractual requirement, and we cooperate fully with law enforcement in cases of suspected misuse.

For routine communication the contact form and standard email are sufficient. For sensitive discussions - sharing environment details, target information, or technical specifications - we support PGP-encrypted email. Our public PGP key is available in the footer of this site.

We're also available on secure messaging platforms on request. Ask during the initial contact and we'll arrange the channel that works best for your OPSEC requirements.

Yes. All client information - environment details, EDR stack, engagement scope, and any other sensitive data shared with us - is treated as strictly confidential. We don't discuss, share, or reference client engagements publicly.

All working engagements are covered by a confidentiality clause in the agreement. If you require a standalone NDA before the consultation, please let us know.