Home / Process

Engagement process

A disciplined process behind disciplined attacks.

Offense without rigor is just risk. Every engagement runs the same predictable lifecycle — so you always know what is happening, who is doing it, and what comes next.

Scoping & Rules of Engagement

Week 0

A 30-minute call turns your concern into a testable objective. We agree the targets, timing windows, escalation contacts, and a signed authorization-to-test before a single packet is sent.

  • Signed RoE & authorization
  • Crown-jewel definition
  • Emergency stop protocol

Reconnaissance & Mapping

Days 1–2

We build the same picture an attacker would: exposed assets, technologies, identities, and trust relationships. Passive first, then targeted active enumeration within scope.

  • Attack-surface inventory
  • Technology fingerprinting
  • Identity & trust mapping

Exploitation & Chaining

Days 3–8

Hands-on-keyboard testing. We validate every issue, then chain low-severity findings into the realistic paths a determined adversary would actually walk to your objective.

  • Verified exploitation only
  • Privilege-escalation paths
  • Objective pursuit

Live Critical Alerting

Continuous

If we confirm a critical issue, you hear about it within 48 hours — never buried in a final report weeks later. You can start remediating while testing continues.

  • <48h critical notification
  • Secure out-of-band channel
  • Interim mitigation guidance

Reporting & Debrief

Week 2–3

You receive a board-ready executive summary and a deep technical report with reproduction steps and fix-first remediation. We walk your team through it line by line.

  • Executive + technical report
  • Live walkthrough session
  • Developer Q&A

Remediation Retest

Week 6–8

Once your team has applied fixes, we re-test the remediated findings at no extra cost and issue an updated attestation suitable for auditors and customers.

  • Free verification retest
  • Updated attestation letter
  • Closure tracking
Common questions

What clients ask before signing.

Will testing disrupt our production systems?

Our default posture is non-disruptive. Any potentially intrusive action — denial-of-service testing, destructive payloads, mass account actions — is explicitly opt-in and scheduled inside an agreed window with a named contact on standby.

How do you handle data you encounter?

We minimize collection, prove access with the least sensitive evidence possible, and store engagement data encrypted on isolated infrastructure. All data is destroyed on a defined schedule and certified in writing.

Can you work under our compliance framework?

Yes. We regularly map engagements to PCI DSS, SOC 2, HIPAA, ISO 27001, DORA, and sector schemes such as TIBER-EU and CBEST. Tell us the framework during scoping and the report is structured to satisfy your assessor.

Who actually performs the work?

Named, certified operators on our staff — never anonymous offshore contractors. You will know your lead consultant before the engagement begins and can review redacted samples of their prior reporting.

Ready to start at phase one?

Scoping is free and usually takes a single call.

Book a scoping call →