Database

Active Directory trust review, Kerberos assessment, and delegation risk analysis for authorized assessments

IAM policy analysis and least privilege assessment for authorized security assessments

MFA coverage assessment and bypass risk detection for authorized security assessments

Privilege escalation path detection in cloud and enterprise environments for authorized assessments

Role trust boundaries, cross-account access, and federation security review for authorized assessments

Secret sprawl detection, key rotation assessment, and vault configuration review for authorized assessments

Alias clustering, language patterns, infrastructure reuse, and confidence-rated attribution

P2P abuse monitoring, wallet-linked fraud, smart contract risk, and cross-platform correlation

Correlate domains, certificates, IPs, and ASNs across adversary campaigns

Transform raw security alerts into actor hypotheses, motives, next steps, and containment guidance

Merge public web, breach data, passive DNS, social graph, and code repository intelligence

Endpoint visibility gap analysis, rogue device detection, and EDR coverage assessment for internal networks

Lateral movement path analysis, credential relay, and pivot detection for authorized internal network assessments

Legacy protocol risk assessment for SMBv1, LLMNR, NetBIOS, Telnet, and other deprecated services

Network segmentation validation, VLAN hopping, firewall rule review, and micro-segmentation testing

Domain trust enumeration, shared service abuse, and cross-boundary attack path analysis for authorized assessments

App transport security assessment, certificate pinning validation, HSTS enforcement, and TLS configuration review

Mobile local storage security review, keychain/keystore assessment, and sensitive data exposure detection

Mobile API interception, proxy configuration, request manipulation, and backend API security testing

APK and IPA decompilation, binary analysis, obfuscation review, and tampering detection assessment

Mobile token persistence analysis, session management review, and authentication state security

Host availability detection and network segmentation mapping for authorized security assessments

Exposure validation and firewall rule assessment for authorized security assessments

Port discovery and service detection with nmap for authorized security assessments

Protocol fingerprinting and unusual service detection for authorized security assessments

Packet capture interpretation, cleartext detection, and traffic analysis with tcpdump and Wireshark

Secure tunneling validation, proxy path review, and VPN configuration checks for authorized assessments

Credential attack techniques for authorized assessments including password spraying, Kerberoasting, NTLM relay, and credential dumping

Testing detection coverage through AMSI bypass, process injection, and living-off-the-land techniques for detection validation

Initial access techniques for authorized penetration tests including phishing, exposed services, and credential attacks

Lateral movement techniques for authorized assessments including pass-the-hash, WMI, PSExec, and RDP pivoting

Custom payload development for authorized assessments including AV/EDR testing and C2 framework usage

Persistence mechanism testing for authorized assessments covering scheduled tasks, registry keys, services, and DLL side-loading

Windows and Linux privilege escalation techniques for authorized penetration testing including kernel exploits, misconfigurations, and token abuse

Active Directory attack path analysis using BloodHound, Certify, and Rubeus for authorized security assessments

Attack infrastructure setup including redirectors, domain fronting assessment, and phishing infrastructure for authorized engagements

Command and control framework setup and operation for authorized penetration tests with OPSEC considerations

Cloud exploitation techniques for authorized assessments covering metadata abuse, SSRF to cloud, and IAM role assumption

Client debrief methodology, remediation validation, retest procedures, and knowledge transfer for penetration testing engagements

Professional penetration test report writing covering executive summary, technical findings, risk ratings, and remediation guidance

Rules of engagement definition, scope documentation, authorization validation, and legal compliance for penetration testing

External network penetration testing methodology aligned with PTES for authorized security assessments

Internal network penetration testing and assumed breach methodology for authorized security assessments

Physical penetration testing methodology including access control bypass, tailgating assessment, and social engineering for authorized engagements

Purple team exercise methodology for cooperative adversary simulation and detection validation in authorized engagements

Red team engagement methodology covering objective-based adversary simulation and stealth assessment for authorized operations

Web application penetration testing aligned with the OWASP Testing Guide for authorized security assessments

Wireless network penetration testing covering WPA/WPA2/WPA3 assessment and rogue access point detection for authorized engagements

ASN/IP range awareness, WHOIS lookups, and BGP route analysis for authorized security assessments

Asset discovery, DNS enumeration, and subdomain mapping for authorized security assessments

External attack surface mapping, forgotten asset detection, and domain drift analysis for authorized assessments

Certificate transparency analysis, SSL/TLS review, and cert chain validation for authorized assessments

Open source intelligence collection, data leak checks, and metadata extraction for authorized assessments

Service inventory and technology fingerprinting for authorized security assessments

Compliance framework alignment including CIS, NIST, ISO 27001, SOC 2, PCI DSS, and HIPAA

Executive summary writing and non-technical security communication

Clear vulnerability findings documentation with reproducible steps and evidence handling

Remediation mapping, fix prioritization, and timeline estimation

CVSS scoring, risk rating methodology, and business impact assessment

Change safety guardrails for security testing, do-not-touch asset protection, and rollback planning