Technologies
The tools, environments and standards we base our security testing, audits and system hardening on.
The tools and standards we work with
We combine proven, industry-standard tools with recognised methodologies. Automation speeds up the work, but a human confirms every meaningful finding.
Burp Suite
The standard tool for testing web applications and APIs — intercepting, modifying and automating HTTP requests.
Nmap
Network scanning, service discovery and identification of hosts and open ports across the infrastructure.
Metasploit
A framework for controlled exploitation of vulnerabilities and verification of the real impact of findings.
OWASP ZAP
An open-source web application security scanner used to automate testing and catch regressions.
Wireshark
Network traffic and protocol analysis — essential when diagnosing incidents and unusual behaviour.
Nuclei
Fast, template-based vulnerability scanning across applications and infrastructure at scale.
BloodHound
Mapping attack paths and excessive privileges in Active Directory environments.
sqlmap
Detecting and confirming SQL injection vulnerabilities and assessing their real impact.
CIS Benchmarks
Recognised hardening guidelines for operating systems, services and the cloud, which we base our hardening on.
MITRE ATT&CK
A knowledge base of attacker techniques we map findings and red team scenarios to.
PTES / OWASP WSTG
Proven methodologies for conducting penetration tests and application security testing.
NIST / ISO 27001
Frameworks for managing information security risk that we reference in audits and recommendations.
These are selected items from our toolkit. The specific techniques and tools are always tailored to the environment and scope of the project.
Working in an unusual environment?
We test legacy systems, OT/ICS infrastructure, hybrid clouds and non-standard integrations. Describe your stack — we'll adapt the methodology.