01 — Offensive Security

Penetration Testing

Abstract network diagram illustrating attack path analysis across interconnected nodes

What this engagement covers

We test your systems the way an attacker would — starting with what's visible from the internet and, where in scope, moving into your internal network. The goal is to find what's actually exploitable, not generate a list of CVEs from a scanner.

All testing is conducted under explicit written authorisation agreed before day one. If we discover something critical mid-engagement, we flag it immediately rather than waiting for the final report.

Scope options

Most engagements are one of these, or a combination:

  • External perimeter — IP ranges, exposed services, VPN gateways, remote access infrastructure
  • Web application — authentication, authorisation, business logic, OWASP Top 10, API endpoints
  • Internal network — lateral movement, Active Directory, segmentation, privilege escalation paths
  • API and mobile backend — REST/GraphQL endpoint security, authentication tokens, data exposure

How we work

Reconnaissance and information gathering first. Manual exploitation of what looks promising, automated tools used selectively where they add signal rather than noise. We document every finding with reproduction steps, impact description, and a remediation recommendation.

The final report has two sections: a technical findings document written for developers and IT teams, and a one-to-two page executive summary written for people who don't work in security. Both are included by default.

Honest note on scope and limitations

A one-time pentest shows your security posture at a point in time. It doesn't replace ongoing monitoring, vulnerability management, or patch hygiene. We'll tell you what we found, but what changes after that is in your hands. If you want help prioritising the remediation work, we can discuss a follow-up assessment.

We won't test production environments during business hours without a specific reason agreed in advance. We don't offer "unlimited retesting" — this is usually a sales gimmick that incentivises finding superficial issues.

Deliverables

  • Technical findings report with CVSS scoring and reproduction steps
  • Executive summary (1–2 pages, no technical jargon)
  • Prioritised remediation checklist
  • Debrief call with your technical team
  • NDA and written engagement authorisation as standard

Also available

Compliance & Audit

Use pentest findings to build your NIS2 or ISO 27001 compliance case at the same time.

View service →

Also available

Security Training

Follow up with targeted training for the staff behaviours that enabled the findings.

View service →