Details & Pricing
Transparent Pricing. No Surprises. Choose the engagement level that fits your security requirements.
External & Phishing Test
$495
External Reconnaissance – Subdomain enumeration, DNS/WHOIS analysis, and OSINT-based employee/email exposure
Network Perimeter – Open port and service scanning, exposed protocols, VPN/remote access endpoints, and firewall rule gaps
Web Application & API Surface – Admin panel exposure, API endpoint discovery, injection flaws, broken authentication, and WAF/CORS misconfigurations
Cloud & Credential Leakage – Misconfigured public buckets, exposed secrets, and breach database checks
Email Security – SPF, DKIM, and DMARC configuration, email spoofing susceptibility, and mail server enumeration
Initial Access & Phishing Simulation – Spear phishing campaigns targeting key personnel, credential harvesting pages, malicious attachment delivery, and account takeover.
Starting Price
Cloud configuration
$1495
Identity & Access Management – Overly permissive IAM roles and policies, cross-account trust misconfigurations, service account key exposure, privilege escalation paths, and enforcement of least privilege across all cloud identities
Storage & Data Exposure – Publicly accessible buckets and blob storage, misconfigured access control lists, versioning and logging gaps, unencrypted data at rest, and sensitive data discovery across storage services
Network & Perimeter Controls – Security group and firewall rule review, exposed management ports, VPC peering and routing misconfigurations, load balancer security policies, and absence of network segmentation
Logging, Monitoring & Alerting – CloudTrail, Azure Monitor, or GCP Audit Log completeness, detection gaps for privilege escalation and data exfiltration, retention policy review, and SIEM integration validation
Compliance Benchmarking – CIS benchmark assessment across cloud provider services, drift detection from secure baselines, secrets management review, and misconfigured or disabled security services
Internal & Wireless Test
$995
Reconnaissance – Active host discovery, network topology mapping, and service/version fingerprinting across all segments
Active Directory & Identity – AD enumeration, privilege escalation paths, and GPO misconfigurations
Lateral Movement & Segmentation – VLAN hopping, inter-segment routing gaps, SMB relay attacks, credential reuse across systems, and trust relationship abuse
Internal Services & Vulnerabilities – Unpatched systems, exposed internal admin panels, insecure file shares, database access controls, and legacy protocol usage.
Wireless Security – WPA2/WPA3 configuration review, rogue access point detection, evil twin attacks, SSID enumeration, guest network isolation, and deauthentication attack susceptibility
Starting Price
APT & Red Team Testing
$1995
Command & Control Infrastructure – C2 framework deployment and callback testing, domain fronting and traffic blending, DNS and HTTPS-based exfiltration channels, and detection evasion against deployed security tooling
Persistence & Defense Evasion – Scheduled task and registry-based persistence, living-off-the-land techniques, log tampering and event suppression, EDR and AV bypass methods, and fileless malware simulation
Lateral Movement – Pass-the-hash and pass-the-ticket attacks, token impersonation, exploitation of misconfigured services, domain privilege escalation, and movement across network segments and trust boundaries
Data Exfiltration Simulation – Sensitive data location and staging, encrypted exfiltration over allowed protocols, cloud sync abuse, DLP control validation, and detection timing measurement from exfil trigger to alert
Objectives & Impact Simulation – Ransomware deployment simulation, business-critical system access demonstration, domain dominance achievement, and full attack chain documentation.
Starting at
Starting Price
Starting at
Starting at
Web & Mobile application
Starting at
$1495
Authentication Testing – Login bypass attempts, session token entropy and fixation, MFA implementation gaps, password policy enforcement, and secure cookie attributes across all user roles
Authorization & Access Control – Horizontal and vertical privilege escalation, insecure direct object references, forced browsing to restricted resources, and role boundary enforcement between user tiers
Input Validation – SQL, NoSQL, command, and LDAP injection, cross-site scripting, XML/XXE processing, and server-side template injection across all input fields
API & Business Logic Testing – REST/GraphQL endpoint enumeration per role, mass assignment vulnerabilities, rate limiting and abuse controls, workflow bypass, and transaction manipulation testing
Starting Price
Starting at
Starting at
Custom Engagements
Starting at
Contact Us
Continuous Penetration Testing – Ongoing adversarial testing across evolving attack surfaces, monthly or quarterly scoping cadence, regression testing of remediated findings, and integration with vulnerability management and ticketing workflows
Password Auditing & Credential Analysis – Active Directory password hash extraction and cracking, policy enforcement validation, common and breached password identification, password reuse analysis across systems, and MFA gap identification
Tabletop Exercises – Scenario-based walkthroughs for ransomware, insider threat, and data breach events, cross-functional stakeholder participation, decision point mapping, and identification of gaps in incident response playbooks
Custom Scope & Threat Modeling – Attacker-perspective threat modeling for specific assets or business units, bespoke rules of engagement, targeted testing aligned to regulatory requirements, and tailored reporting for technical and executive audiences