External attack surface
Subdomain enumeration, port mapping, service fingerprinting, exposed admin panels, dangling DNS / subdomain takeover, vulnerable edge services, leaked credentials.
// network VAPT
External attack-surface assessment and internal network pentest with full Active Directory attack chains. From DNS to domain admin, with evidence-backed exploitation and reports designed for both your security team and your Western customers' auditors.
Choose external, internal, or both. We follow the PTES standard and document every step so your team can reproduce and verify.
Subdomain enumeration, port mapping, service fingerprinting, exposed admin panels, dangling DNS / subdomain takeover, vulnerable edge services, leaked credentials.
LLMNR / NBT-NS poisoning, SMB relay, weak Kerberos, SCCM abuse, file-share exposure, internal CA mis-configurations, segmentation bypass.
Kerberoasting, AS-REP roasting, NTLM relay, BloodHound path analysis, ACL abuse, unconstrained delegation, ADCS (ESC1-15) misconfigurations.
Lateral movement, credential theft (LSASS/SAM/DPAPI), persistence techniques, data exfil simulation, domain takeover where in-scope.
Nmap, Naabu, Masscan, RustScan, subfinder, dnsx, httpx, Nuclei, Shodan / Censys queries.
Metasploit, NetExec / CrackMapExec, Impacket suite, Responder, mitm6, BloodHound, Certipy, Rubeus, Mimikatz / Pypykatz (read-only PoC).
Risk posture, attack-chain narrative, remediation priorities for leadership.
Per-finding write-ups with CVSS, reproducible commands, screenshots, MITRE ATT&CK mapping.
BloodHound / hand-drawn diagrams showing the chain from initial access to objective.
Validate fixes after your team patches. Sign-off letter and attestation on request.
A free 30-minute scoping call. We'll talk through your estate, your AD topology, and your compliance goals.