All Engagements

Real testing by experienced operators. Threat-informed scoping, actionable reporting, and verified remediation.

See Methodology

What We Do

Penetration Testing

Manual testing that finds what scanners miss

Red Team Operations

Multi-week adversary simulations

Continuous threat exposure management

Threat Intelligence

Data breach, dark web, and credential monitoring

EDR & XDR Testing

Endpoint detection gap analysis and evasion testing

Phishing & Social Engineering

Real campaigns, not generic templates

AI & LLM Security

Testing AI systems and LLM integrations

Zero-Day Research

Hunting undiscovered vulnerabilities

Reverse Engineering

Binary analysis, malware, and firmware

How We Work

From scoping to verified remediation in four phases. Every engagement follows the same structure, adapted to your threat landscape.

The Process

01 Scoping & Threat Model

Profile threat actors, map attack surface, define objectives

02 Testing & Exploitation

Manual testing, chained vulnerabilities, real attack paths

03 Reporting & Debrief

Proof, impact, remediation path, live walkthrough

04 Remediation & Validation

Re-test fixes, confirm they work, measurable improvement

Blog Open Source Tools Case Studies

Latest Posts

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

NIS2 Compliance in Portugal: Evidence Over Documentation

[Technical Research]

Killing EDR visibility at the kernel: BYOVD

[Technical Research]

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

About OFFCEPT

Built by operators who spent years breaking into networks before building a company around it.

Company

Our team, certifications, and story

Get in touch with our operators

From the operators

Blog

Research, walkthroughs, and opinions from our operators. The same work that goes into our engagements, shared publicly.

Latest

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

Advisory29 May 202612 min read

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

DORA is live. TLPT regulatory standards are active. Notifications are being sent. Here is what financial institutions in the EU need to understand about TIBER-EU before the letter arrives.

Read Article →

NIS2 Compliance in Portugal: Evidence Over Documentation

Advisory25 May 202610 min read

NIS2 Compliance in Portugal: Evidence Over Documentation

Decree-Law 125/2025 is in force. We break down what Article 27 requires, what CNCS auditors actually check, and where organisations in Portugal are failing.

Killing EDR visibility at the kernel: BYOVD

Technical Research24 May 202614 min read

Killing EDR visibility at the kernel: BYOVD

Most EDRs rely on kernel callbacks to see what happens on an endpoint. We show how BYOVD attacks zero those callbacks, why ML detection does not save you, and what defenders should actually do about it.

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

Technical Research18 May 20268 min read

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

We're releasing acl-abuse-havoc, an open-source BOF toolkit for abusing Active Directory ACL misconfigurations through Havoc C2. The centrepiece is acl-shadow, a full Shadow Credentials attack chain that runs entirely in-memory.