// GDPR & CYBER ESSENTIALS COMPLIANCE SUPPORT

The audit provides forensic-grade evidence to support GDPR Article 32 requirements and Cyber Essentials assessments. It identifies credential exposures, API tokens, SSH keys, browser password stores, developer debris, and persistence mechanisms that traditional RMM and EDR tools do not detect. The audit also includes full USB device forensics, showing every storage device ever connected to the endpoint, along with timestamps and usage patterns. Any USB activity outside normal working hours is highlighted — helping identify potential data exfiltration, insider-threat behaviour, and unauthorised personal devices. This gives MSPs clear, defensible evidence for GDPR compliance, HR investigations, incident response, and zero-trust endpoint reviews — all without installing agents, without cloud access, and without modifying the system.

// PATENT PENDING TECHNOLOGY

This audit tool is built on proprietary, patent-pending methods for detecting credential exposures, persistence mechanisms, and USB device activity. Unlike open-source scripts or generic scanners, the audit uses a protected approach to identify risks that traditional RMM and EDR platforms cannot see. The patent-pending engine is fully offline, agentless, and read-only, making it suitable for GDPR, Cyber Essentials, and regulated environments where data cannot leave the endpoint. This gives MSPs a unique, defensible audit process they can rely on for compliance reporting, incident response, and client assurance.

// USB DEVICE FORENSICS & OUT-OF-HOURS ACTIVITY DETECTION

The audit provides a complete forensic history of every USB storage device ever connected to the endpoint. This includes device names, vendor IDs, serial numbers, timestamps, and repeated usage patterns. Any USB activity outside normal working hours is automatically highlighted, helping identify potential data exfiltration, insider-threat behaviour, staff misuse, and unauthorised personal devices. This gives MSPs clear, defensible evidence for GDPR compliance, HR investigations, Cyber Essentials assessments, and zero-trust endpoint reviews. The audit runs fully offline, requires no agents, and does not modify the system, making it suitable for restricted environments.

// YOUR SECURITY STACK IS BLIND TO THIS

Your security stack is blind to this — Stratum isn't.

// IF A CLIENT SUFFERS A BREACH

If a client suffers a breach, this is the forensic evidence you'll wish you had.

// ONE ENDPOINT CAN EXPOSE AN ENTIRE ORGANISATION

One endpoint can expose an entire organisation — audit it before someone else does.

// FIND THE CREDENTIAL LEAKS

Find the credential leaks, SSH keys, and backdoors your RMM and EDR silently miss.

// CATCH LATE-NIGHT USB ACTIVITY

Catch late-night USB activity, rogue devices, and insider-threat behaviour in seconds.

// TURN EVERY SCAN INTO A BILLABLE SECURITY AUDIT

Turn every scan into a billable security audit — MSPs resell findings for £500–£1,500 per endpoint.

// DESIGNED FOR ZERO-TRUST ENVIRONMENTS

Designed for zero-trust environments — no installation, no footprint, no network access.

// PATENT-PENDING FORENSIC TECHNOLOGY

Patent-pending forensic technology trusted by MSPs who need defensible results.

// NO OTHER TOOL COMBINES THIS DEPTH OF DETECTION

No other tool combines offline, read-only, agentless auditing with this depth of exposure detection.

// YOUR CLIENTS ASSUME YOU CAN SEE EVERYTHING

Your clients assume you can see everything — this proves you actually can.

// DATA EXPOSURE AUDITOR FOR MSPs

Find what every other
security tool misses.

SLM Stratum is a read-only, offline Windows endpoint auditor that surfaces hidden credentials, SSH keys, developer backdoors, and data exposure risks that antivirus, EDR, and vulnerability scanners cannot detect.

Get a Licence → Enquiries →

There is no other tool on the market that combines read-only, air-gapped, offline endpoint auditing with this depth of data exposure detection in a single portable executable — no installation, no network connection, no configuration.

Patent Pending GB2610997.5  ·  SLM AI Solutions Ltd  ·  United Kingdom

SLMStratum.exe — Administrator
[✓] Administrator privileges confirmed
[✓] Licence valid — 30 days remaining
Starting Data Exposure Audit...
  [========================================] 100% All modules complete
[!] 51 SSH Private Keys detected on endpoint
[!] 9 Developer backdoor scripts found
[!] 6 Tunnelling tools installed (ngrok, frp)
[!] 9 Hidden network listeners on non-standard ports
[!] 2 Unknown root certificate authorities
[!] 6 WiFi profiles using weak/open security
AUDIT COMPLETE — 114 findings | 4m 22s | Reports saved.
 
// DETECTION MODULES

What Stratum finds

21 detection modules. Every finding is genuine, verified, and actionable. Zero false-positive noise.

🔌

USB Device History & Audit Trail

Reveals every USB storage device ever connected to the endpoint — device name, serial number, last connection time, and whether it was connected outside business hours. Flags unknown or unauthorised devices. Critical for data loss prevention and compliance audits.

HIGH — Data Loss Prevention
🔑

SSH Private Key Detection

Locates unprotected SSH private keys stored on endpoints — a direct route to servers and infrastructure.

CRITICAL
💀

Developer Backdoors

Detects orphaned scripts with hardcoded credentials, authentication bypasses, and obfuscated execution — left by contractors years ago.

CRITICAL
🔐

Credential Exposure

Finds hardcoded passwords, API keys, and cloud credentials written directly into configuration files and scripts.

CRITICAL
🌐

Tunnelling Tools

Detects ngrok, frp, chisel, and other tools that create hidden outbound tunnels bypassing firewalls.

HIGH
📡

Hidden Network Listeners

Identifies TCP ports actively listening on non-standard ports that don't belong to any known legitimate service.

HIGH
🛡️

Rogue Certificate Authorities

Detects unknown root CAs installed in the Windows trust store — enabling silent SSL interception of all traffic.

CRITICAL
📁

Sensitive File Exposure

Hunts for private keys, certificate bundles, .pfx files, .env files, and cloud credential files left on endpoints.

HIGH
⚙️

WMI Persistence

Detects fileless WMI event subscriptions — a favourite persistence technique that survives reboots without files on disk.

CRITICAL
+ 12 more detection modules including scheduled task persistence, authentication token assessment, WMI persistence, and API token detection.
// HOW IT WORKS

Designed for MSPs

No installation. No network access. No configuration. Just run it. Typically completes in under 10 minutes.

1

Receive your licence

Purchase online. Your licence key and executable arrive by email instantly.

2

Copy to a USB drive

No installation required. Copy the exe to a USB drive. Plug in to the target endpoint.

3

Run as Administrator

Right-click, run as administrator. The audit typically completes in under 10 minutes.

4

Deliver the report

PDF, HTML, Excel and JSON reports generated automatically. Hand the PDF straight to your client.

100%
Offline — no data ever leaves the device
21
Detection modules
<10 min
Typical full endpoint audit time
0
Files modified on target device
// USB AUDIT TRAIL — KEY COMPLIANCE FEATURE

Know exactly what's been plugged in — and when.

Stratum retrieves the complete USB device connection history from the Windows registry — every storage device ever connected, its serial number, device name, and the exact date and time it was last used.

Connections made outside normal business hours are automatically flagged. If an employee is copying data at 11pm on a Sunday, Stratum will find it. Essential for GDPR compliance, data loss prevention, and insider threat investigations.

// LICENSING

Simple, transparent pricing

One licence. One device. 30 days. Buy as many as you need.

PER DEVICE LICENCE
£250
per device / 30 days from first activation
  • One device, one audit
  • All 21 detection modules
  • PDF, HTML, Excel & JSON reports
  • Licence delivered by email instantly
  • 100% offline — no data transmitted
  • 30 days starts on first device activation — stock up and use as needed
Total: £250
1 licence × £250

£250 per licence regardless of quantity.

Returning customer?

The process is identical to your previous purchase. Simply complete the checkout above and your renewal key will be delivered automatically to your registered email address within minutes — no software re-download required. Your device is already configured; just paste the new key at the activation prompt and you are ready to go.

Need volume pricing or have a question? Call 07988 952955  ·  WhatsApp Us  ·  Email Us
🔒

Read-only by design

Stratum never modifies, deletes, or alters any file on the scanned device. Completely safe to run on live production systems.

✈️

Air-gap compatible

Runs entirely offline after a one-time activation. No internet connection needed on the target device. Suitable for air-gapped environments.

⚖️

Patent pending

SLM Stratum is a proprietary forensic architecture developed by SLM AI Solutions Ltd. Patent Pending GB2610997.5.

🏅

EV Code Signed

SLM Stratum is Extended Validation (EV) code signed. Windows and Microsoft SmartScreen instantly trust the executable with no warnings.

// FAQ

Common questions

Does it need to be installed?

No. Stratum is a single portable executable. Copy it to a USB drive, plug in, run as administrator. Nothing is installed on the target machine.

Will it trigger antivirus or EDR?

Stratum is read-only and uses no offensive techniques. It reads files and registry keys the same way any administrator would. SLM Stratum is EV code signed — Windows and Microsoft SmartScreen trust it instantly with no warnings or prompts.

Does any data leave the device?

No. The audit runs entirely offline. The only network call is a one-time licence activation when you first run it. No scan data, file contents, or findings are ever transmitted.

What does the licence cover?

Each licence covers one device for 30 days, starting from the moment it is first activated on that device. The key is single-use and device-locked. You can purchase licences in bulk and hold them in reserve — the 30-day clock only starts when the key is first used. Unused keys do not expire.

How do I get the reports to my client?

After the audit, four report files are saved to the same folder as the executable — PDF (client-facing executive summary), HTML (full technical detail), Excel (filterable data), and JSON (for integration). Email the PDF to your client.

// GET STARTED TODAY

Ready to find what's hiding on your clients' endpoints?

Licence delivered by email. Running in minutes.

Get Your Licence →