• Scoping & Engagement: Define objectives, rules of engagement, assets, and sensitivity levels in following the NCSC guidance
• Information Gathering: Passive & active reconnaissance to collect intel on systems, networks, and applications.
• Threat Modelling: Identify likely entry points and exploit paths using an appropriate threat modelling framework
• Vulnerability Assessment: Automated and manual scanning to uncover weaknesses
• Exploitation: Attempt controlled exploitation to validate real-world impact and risk.
• Post-Exploitation & Lateral Movement: Assess severity, pivot capabilities and persistence potential.
• Reporting & Debrief: Provide structured output—executive summary, technical findings, threat ratings (e.g. CVSS), and remediation guidance—following NCSC & CREST reporting standards.
• Retest: To verify completed remediation only, as applicable.

Certified to Industry Standards

Our testers carry the following highly regarded industry certifications by the Global Information Assurance Certification:

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Examiner (GCFE)

Deliverables You’ll Receive

• Comprehensive technical report with prioritised findings and CVSS-based severity levels
• Executive summary tailored to board-level visibility
• Evidence packages: screenshots, logs
• Remediation roadmap
• Retest report post-remediation, if applicable