OFFCEPT
All Engagements
Real testing by experienced operators. Threat-informed scoping, actionable reporting, and verified remediation.
See Methodology

What We Do

Penetration Testing
Manual testing that finds what scanners miss
Red Team Operations
Multi-week adversary simulations
CTEM
Continuous threat exposure management
Threat Intelligence
Data breach, dark web, and credential monitoring
EDR & XDR Testing
Endpoint detection gap analysis and evasion testing
Phishing & Social Engineering
Real campaigns, not generic templates
AI & LLM Security
Testing AI systems and LLM integrations
Zero-Day Research
Hunting undiscovered vulnerabilities
Reverse Engineering
Binary analysis, malware, and firmware
How We Work
From scoping to verified remediation in four phases. Every engagement follows the same structure, adapted to your threat landscape.
Full Breakdown

The Process

01 Scoping & Threat Model
Profile threat actors, map attack surface, define objectives
02 Testing & Exploitation
Manual testing, chained vulnerabilities, real attack paths
03 Reporting & Debrief
Proof, impact, remediation path, live walkthrough
04 Remediation & Validation
Re-test fixes, confirm they work, measurable improvement

Latest Posts

[Advisory]

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

[Advisory]

NIS2 Compliance in Portugal: Evidence Over Documentation

[Technical Research]

Killing EDR visibility at the kernel: BYOVD

[Technical Research]

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

About OFFCEPT
Built by operators who spent years breaking into networks before building a company around it.
Learn More

Company

About Us
Our team, certifications, and story
Contact
Get in touch with our operators
Let's Talk

Built by operators. For operators.

About OFFCEPT

Every engagement is led by someone who has spent their career breaking into networks. Operator-led. Threat-informed. Built to change how you defend yourself.

What drives us

How we work differently

Offensive security only works when it reflects how real attackers operate. Human creativity. Deep target knowledge. The discipline to chain findings into something that matters.

Thinking like the attacker

Operators chain vulnerabilities into attack paths. Creative exploitation, lateral thinking, the judgment calls that define a real pen test.

Threat-informed, not generic

We research the threat actors targeting your sector and build engagements around their techniques. Tested against the playbooks you actually face.

Findings you can act on

Every finding: proof of exploitation, business impact, and a remediation path. We walk your team through it.

We stick around

The engagement does not end at report delivery. We help with triage and re-test your fixes. If something is still exploitable, we tell you.

Offensive

Security Testing

Threat

Informed

Research

Backed

Compliance

Ready

Our Vision

Rui Pedro

Rui Pedro

Founder & Lead Operator

OFFCEPT exists to deliver security testing that changes how organisations defend themselves. Engagements that chain findings into real attack paths and deliver results your team can measure.

Every engagement led by someone who thinks like the attacker, improvises when the plan does not work, and explains what happened so your engineers stop it next time. That is the standard.

Certified by the best

Certification 1Certification 2Certification 3Certification 4Certification 5Certification 6Certification 7

Talk to an operator about your security

Get in touch to discuss scope, timeline, and what an engagement would look like for your environment. No pitch decks, no sales process. Just a conversation with someone who does this for a living.

Get In Touch