SLM Stratum is a read-only, offline Windows endpoint auditor that surfaces hidden credentials, SSH keys, developer backdoors, and data exposure risks that antivirus, EDR, and vulnerability scanners cannot detect.
There is no other tool on the market that combines read-only, air-gapped, offline endpoint auditing with this depth of data exposure detection in a single portable executable — no installation, no network connection, no configuration.
Patent Pending GB2610997.5 · SLM AI Solutions Ltd · United Kingdom
21 detection modules. Every finding is genuine, verified, and actionable. Zero false-positive noise.
Reveals every USB storage device ever connected to the endpoint — device name, serial number, last connection time, and whether it was connected outside business hours. Flags unknown or unauthorised devices. Critical for data loss prevention and compliance audits.
Locates unprotected SSH private keys stored on endpoints — a direct route to servers and infrastructure.
Detects orphaned scripts with hardcoded credentials, authentication bypasses, and obfuscated execution — left by contractors years ago.
Finds hardcoded passwords, API keys, and cloud credentials written directly into configuration files and scripts.
Detects ngrok, frp, chisel, and other tools that create hidden outbound tunnels bypassing firewalls.
Identifies TCP ports actively listening on non-standard ports that don't belong to any known legitimate service.
Detects unknown root CAs installed in the Windows trust store — enabling silent SSL interception of all traffic.
Hunts for private keys, certificate bundles, .pfx files, .env files, and cloud credential files left on endpoints.
Detects fileless WMI event subscriptions — a favourite persistence technique that survives reboots without files on disk.
No installation. No network access. No configuration. Just run it. Typically completes in under 10 minutes.
Purchase online. Your licence key and executable arrive by email instantly.
No installation required. Copy the exe to a USB drive. Plug in to the target endpoint.
Right-click, run as administrator. The audit typically completes in under 10 minutes.
PDF, HTML, Excel and JSON reports generated automatically. Hand the PDF straight to your client.
Stratum retrieves the complete USB device connection history from the Windows registry — every storage device ever connected, its serial number, device name, and the exact date and time it was last used.
Connections made outside normal business hours are automatically flagged. If an employee is copying data at 11pm on a Sunday, Stratum will find it. Essential for GDPR compliance, data loss prevention, and insider threat investigations.
One licence. One device. 30 days. Buy as many as you need.
Need multiple licences? Add to basket multiple times or contact us.
Stratum never modifies, deletes, or alters any file on the scanned device. Completely safe to run on live production systems.
Runs entirely offline after a one-time activation. No internet connection needed on the target device. Suitable for air-gapped environments.
SLM Stratum is a proprietary forensic architecture developed by SLM AI Solutions Ltd. Patent Pending GB2610997.5.
SLM Stratum is Extended Validation (EV) code signed. Windows and Microsoft SmartScreen instantly trust the executable with no warnings.
No. Stratum is a single portable executable. Copy it to a USB drive, plug in, run as administrator. Nothing is installed on the target machine.
Stratum is read-only and uses no offensive techniques. It reads files and registry keys the same way any administrator would. SLM Stratum is EV code signed — Windows and Microsoft SmartScreen trust it instantly with no warnings or prompts.
No. The audit runs entirely offline. The only network call is a one-time licence activation when you first run it. No scan data, file contents, or findings are ever transmitted.
Each licence covers one device for 30 days, starting from the moment it is first activated on that device. The key is single-use and device-locked. You can purchase licences in bulk and hold them in reserve — the 30-day clock only starts when the key is first used. Unused keys do not expire.
After the audit, four report files are saved to the same folder as the executable — PDF (client-facing executive summary), HTML (full technical detail), Excel (filterable data), and JSON (for integration). Email the PDF to your client.
Licence delivered by email. Running in minutes.
Get Your Licence →