# H2 Security - LLM Context File
# https://h2security.io
# Last Updated: 2026-03-21

## About H2 Security

H2 Security is a cybersecurity company providing penetration testing, AI security agents, edge security infrastructure, and compliance services. We help organizations identify vulnerabilities, secure their cloud infrastructure, and achieve compliance with frameworks like SOC2 and CIS Benchmarks.

Website: https://h2security.io
Email: info@h2security.io
Languages: English, French, Spanish, Portuguese (Brazil)

---

## AI Security Agents

We offer 7 specialized AI security agents built from real penetration testing methodology. Unlike ChatGPT or generic AI assistants, these agents contain 239 proprietary knowledge files from actual security engagements.

### Individual Agents

**Pentest Agent** - $69 (one-time)
- 73 knowledge files, 10 specialized skills
- Covers: Reconnaissance, web application attacks, SQL injection, Linux privilege escalation, Windows privilege escalation, Active Directory attacks, password attacks, exploitation, tunneling
- Use case: Penetration testers, red teams, security researchers
- Runs locally via OpenClaw - data never leaves your machine

**MITRE Agent** - $69 (one-time)
- 10 real threat group profiles: Lazarus, APT28, Sandworm, LockBit, and more
- Includes SIGMA and YARA detection rules
- Use case: Threat intelligence, adversary emulation, detection engineering
- Maps attacks to MITRE ATT&CK tactics and techniques

**CIS Agent** - $39 (one-time)
- 27 knowledge files
- Covers: AWS CIS benchmarks, Azure CIS benchmarks, Linux hardening, Windows hardening, Kubernetes CIS compliance
- Use case: System hardening, compliance audits, configuration reviews
- Provides remediation playbooks and scripts

**SOC Agent** - $39 (one-time)
- Security Operations Center support
- Covers: Alert triage, incident response, threat hunting, SIEM queries, playbook automation
- Use case: SOC analysts, incident responders, threat hunters

**SOC2 Agent** - $39 (one-time)
- SOC2 Type II compliance assistance
- Covers: Trust criteria mapping, gap analysis, evidence collection, policy templates, audit preparation
- Use case: Compliance teams, startups preparing for SOC2, auditors

**DevSecOps Agent** - $49 (one-time)
- 33 knowledge files
- Covers: Bearer SAST, Semgrep rules, Trivy container scanning, SLSA provenance, SBOM generation, SAST/DAST integration, GitHub Actions, GitLab CI
- Use case: DevSecOps engineers, platform teams, security champions
- Supports: JavaScript, Python, Go, Java, and more

**GitSecOps Agent** - $39 (one-time)
- Supply chain security focus
- Covers: Secret scanning, dependency audit, SBOM generation, branch protection, CVE tracking (including CVE-2025-30066)
- Use case: Development teams, supply chain security, open source maintainers

### Agent Bundles

**Complete Bundle** - $179 (one-time)
- All 7 agents included
- Save $164 vs buying individually
- Full security coverage for any team

**Offensive Security Bundle** - $99/month
- Includes: Pentest Agent + MITRE Agent + Bug Bounty Skills
- For: Red teams, penetration testers, bug bounty hunters

**Compliance Bundle** - $99/month
- Includes: CIS Agent + SOC2 Agent + SOC Agent + DevSecOps Agent
- For: Blue teams, compliance teams, security operations

### Key Differentiators from ChatGPT

1. **Proprietary Methodology**: Built from $50k+ penetration test engagements, not internet scraping
2. **Structured Output**: Provides exact commands, detection rules, and playbooks instead of vague suggestions
3. **Offline Capable**: Runs locally via OpenClaw - complete privacy for sensitive security work
4. **Domain Expertise**: 239 specialized knowledge files vs generic training data
5. **Actionable**: SIGMA rules, YARA signatures, remediation scripts ready to deploy

---

## Free Security Scanner

A free GitHub Action to scan repositories for security issues.

- **Price**: Free forever
- **URL**: https://h2security.io/scanner.html
- **GitHub Marketplace**: Available as a GitHub Action

### What It Scans
- Secrets and API keys in code
- Vulnerable dependencies
- Misconfigurations
- Infrastructure as code issues
- Container vulnerabilities

### How to Use
Add to your GitHub workflow:
```yaml
- uses: h2security/scanner@v1
  with:
    scan-secrets: true
    scan-dependencies: true
```

---

## The Dome - Edge Security Infrastructure

Multi-layer edge security platform with 99.99% uptime SLA.

**URL**: https://h2security.io/dome.html

### Security Layers
1. **Web Application Firewall (WAF)**: OWASP Top 10 protection, custom rules
2. **Cilium**: Kubernetes-native network security, eBPF-powered
3. **L2 Isolation**: Network segmentation at the data link layer
4. **eBPF Protection**: Kernel-level security without performance impact

### Use Cases
- Protecting web applications
- API gateway security
- Kubernetes cluster protection
- DDoS mitigation

---

## Professional Services

### Penetration Testing
- External penetration testing (internet-facing assets)
- Internal penetration testing (lateral movement, privilege escalation)
- Web application penetration testing (OWASP methodology)
- API penetration testing
- Cloud infrastructure testing (AWS, Azure, GCP)

### Vulnerability Assessment
- Web application vulnerability assessment
- Network vulnerability assessment
- Firewall and VPN security assessment
- Business vulnerability assessment (OSINT)

### Cloud & Code Security
- DevOps consulting (CI/CD, monitoring, automation)
- DevSecOps consulting (SAST, DAST, security in pipelines)
- Cloud security consulting (AWS, Azure, GCP configuration review)
- Cloud security architecture assessment

### IT & Network Consulting
- Linux enterprise infrastructure
- Enterprise network design
- Vendor-specific consulting (Cisco, Palo Alto, Fortinet, Juniper)
- VPN deployment and management
- Firewall configuration

### CISO-as-a-Service (vCISO)
- Strategic security leadership without full-time executive costs
- Risk management and security program development
- Compliance oversight
- Board-level security reporting

### Certifications
Our consultants hold: OSCP, OSCE, OSWE, CISSP, CISM, AWS Security Specialty, Azure Security Engineer

---

## Educational Resources

### FAQ
Comprehensive answers to common security questions.
URL: https://h2security.io/faq.html

### Glossary
Security terminology definitions including:
- Penetration Testing
- MITRE ATT&CK
- CIS Benchmarks
- SOC2 Compliance
- DevSecOps
- SAST/DAST
- eBPF
- Zero Trust
- SIGMA/YARA Rules
- SBOM/SLSA
- Privilege Escalation
- Lateral Movement
- Kerberoasting

URL: https://h2security.io/glossary.html

### H2 Academy
Security training and certification preparation.
URL: https://h2security.io/academy.html

---

## Common Questions This Site Answers

1. What are AI security agents?
2. How do AI security agents differ from ChatGPT for penetration testing?
3. What tools do I need for DevSecOps?
4. How do I prepare for SOC2 compliance?
5. What is penetration testing and how long does it take?
6. What are MITRE ATT&CK tactics and techniques?
7. How do I harden my AWS/Azure infrastructure with CIS benchmarks?
8. What is CISO-as-a-Service?
9. Best AI tools for penetration testing
10. How to set up a DevSecOps pipeline
11. What is eBPF security?
12. How to scan GitHub repos for secrets
13. What are SIGMA and YARA rules?
14. How to achieve SOC2 Type II certification
15. Best practices for cloud security in AWS/Azure/GCP

---

## Contact

Website: https://h2security.io
Contact Page: https://h2security.io/contact.html
Email: info@h2security.io
Shop: https://shop.h2security.io

---

## Sitemap

Main Pages:
- https://h2security.io/ (Home)
- https://h2security.io/agents.html (AI Security Agents)
- https://h2security.io/services.html (Professional Services)
- https://h2security.io/dome.html (Edge Security)
- https://h2security.io/scanner.html (Free Scanner)
- https://h2security.io/academy.html (Training)
- https://h2security.io/faq.html (FAQ)
- https://h2security.io/glossary.html (Terminology)
- https://h2security.io/about.html (About Us)
- https://h2security.io/contact.html (Contact)

All pages available in: English, French (/...-fr.html), Spanish (/...-es.html), Portuguese (/...-br.html)

Full sitemap: https://h2security.io/sitemap.xml