Our services

Catalog by service line

Six work areas: offensive testing, application security, defense and awareness, cloud security, vulnerability management, and operational support. Each section has detail on scope, deliverables, and modality.

Start here

What's your priority?

Three fast paths based on what you need now. Many organizations combine both.

For methodology depth, see Capabilities. Capabilities.

Filter by surface
Flagship line

Offensive testing

Exposure discovery, line-by-line pentesting, specialized scenarios, and black, gray, and white box modalities.

6 services
View section

Exposure and reconnaissance

  • Attack surface management (ASM)

Business surfaces

  • AppSec and modern stack

Infrastructure and cloud

  • Enterprise infrastructure
  • Cloud

High criticality and novelty

  • Emerging technology
  • Specialized
6 services

AppSec across the SDLC

Secure design, code, and integration before and during development — complements manual pentest.

  • Threat Modeling
  • Secure design review
  • Code review
  • IaC & pipeline review
  • +2 more
View section
2 services

Defense & awareness

Exercises that test response, roles, and communication without production impact. Measurable training with controlled campaigns and metrics by team or role.

  • Tabletop IR
  • Phishing as a Service + Metrics
View section
2 services

Cloud security

Cloud posture and privileges — complements offensive cloud pentest.

  • Cloud posture review
  • IAM/PAM assessment
View section
5 services

Vulnerability management

Discovery, prioritization, and ongoing tracking aligned to risk and compliance.

  • Infrastructure and perimeter analysis
  • Configuration baseline assessment
  • Risk-based prioritization
  • Regulatory compliance and ASV scans
  • +1 more
View section
1 services

Operational support

Recurring sessions to close findings with your engineering or infra team — pair remediation, prioritization, and knowledge transfer.

  • Office hours remediation
View section

How we work

  • Frozen scope, in writing
  • Senior operators, no opaque subcontracting
  • Executive + technical report, retest under SOW

Before choosing a line

Five questions that often come up in the briefing

Short answers aligned to authorized-scope pentesting, the engagement cycle, and how we work with your operations team.