We don’t do penetration tests.
We simulate the adversary.


Scoping and discovery

We’ll start by working out where and how you could be attacked, and discussing the breaches you are most concerned about.

We’ll help you set a realistic, high-impact breach objective, and work across your attack surface to achieve it.

Attack Specialists

Adversary simulation

Using the same techniques as criminal hackers and advanced persistent threats, we attempt to breach our clients’ organisations.

We realistically simulate data breaches, theft of information, fraud, defacement, long-term persistence and data exfiltration.


Long term follow-up

Afterwards, we’ll tell you how we did it, and we’ll keep working with you over the long term.

And we’ll keep your work grounded, focussed and effective by giving our perspective as attackers.

Throughout our work, you’ll be able to guide us based on the kinds of threats you’re most concerned about

Technical work

Our team carry out technical attacks from the simple to the sophisticated. Using a variety of techniques, we find and exploit vulnerabilities that allow us to breach systems.

Social engineering

We use social engineering tactics, ranging from simple mass phishing attempts to carefully tailored spear phishing against high-privileged staff and very attacked persons.


We find and make use of information about your organisation and its services by monitoring and curating confidential data from a variety of open intelligence sources.

Physical operations

We can support our other work by carrying out attacks on physical locations, such as accessing private premises or gaining access to wired or wireless networks.

We’ll help you spend your time and money on things that will make a difference

After the adversary simulation, we’ll visit you regularly and work together to make your organisation more secure and your teams more capable.

We'll help you to use the findings of the simulation effectively and with maximum impact, working closely with your teams to develop your security culture and capability.

Our visits are structured so that you know how we'll add value, what to expect, and what to prepare


One of our hacking team will sit with one of your technical staff to work through the findings in a report in detail. We’ll explain the vulnerabilities we found, review code, help you fix issues and discuss opportunities for further improvement.


One of our friendly hackers will pair with one of your team to review a codebase or component in detail. We’ll go through the code or configuration line by line, looking for problems and hardening opportunities, making improvements as we go.

Security assessment

One of our team will visit you and carry out reconnaissance and vulnerability analysis. They’ll do work similar to an adversary simulation, but instead of a report they’ll create tasks in your backlog and discuss the issues with your team there and then.

General advisory

We’ll come to visit your team and provide feedback or advice on your work from our perspective as attackers. Usually, this consists of a day of meetings! We’ll agree an agenda to ensure we can prepare and send the right member of our team.

Talk to Us

Talk to us about your security

Get in touch