OFFCEPT
All Engagements
Real testing by experienced operators. Threat-informed scoping, actionable reporting, and verified remediation.
See Methodology

What We Do

Penetration Testing
Manual testing that finds what scanners miss
Red Team Operations
Multi-week adversary simulations
CTEM
Continuous threat exposure management
Threat Intelligence
Data breach, dark web, and credential monitoring
EDR & XDR Testing
Endpoint detection gap analysis and evasion testing
Phishing & Social Engineering
Real campaigns, not generic templates
AI & LLM Security
Testing AI systems and LLM integrations
Zero-Day Research
Hunting undiscovered vulnerabilities
Reverse Engineering
Binary analysis, malware, and firmware
How We Work
From scoping to verified remediation in four phases. Every engagement follows the same structure, adapted to your threat landscape.
Full Breakdown

The Process

01 Scoping & Threat Model
Profile threat actors, map attack surface, define objectives
02 Testing & Exploitation
Manual testing, chained vulnerabilities, real attack paths
03 Reporting & Debrief
Proof, impact, remediation path, live walkthrough
04 Remediation & Validation
Re-test fixes, confirm they work, measurable improvement

Latest Posts

[Advisory]

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

[Advisory]

NIS2 Compliance in Portugal: Evidence Over Documentation

[Technical Research]

Killing EDR visibility at the kernel: BYOVD

[Technical Research]

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

About OFFCEPT
Built by operators who spent years breaking into networks before building a company around it.
Learn More

Company

About Us
Our team, certifications, and story
Contact
Get in touch with our operators
Let's Talk

Legal

Privacy Policy

Last updated: 16 May 2026

1. Who we are

OFFCEPT ("we", "us", "our") is an offensive security company registered in Portugal. This privacy policy explains how we collect, use, and protect your personal data when you visit our website or engage our services.

2. What data we collect

We collect only the data necessary to provide our services and operate our website:

  • Contact information: name, email address, company name, and phone number when you submit our contact form or email us directly.
  • Website usage data: IP address, browser type, pages visited, and time spent on our site. We use privacy-respecting analytics that do not track you across other websites.
  • Engagement data: information shared during security assessments, stored securely and deleted after the retention period.

3. How we use your data

We use your data to:

  • Respond to enquiries and scope potential engagements
  • Deliver and manage our security testing services
  • Send relevant updates about your engagement (not marketing)
  • Improve our website based on aggregate usage patterns
  • Comply with legal obligations

4. How we protect your data

Security is our business. We apply the same rigour to protecting your data that we apply to testing our clients' systems:

  • All data in transit is encrypted using TLS 1.3
  • Client engagement data is encrypted at rest using AES-256
  • Access to personal data is restricted to authorised personnel on a need-to-know basis
  • We conduct regular security reviews of our own infrastructure
  • Client data from engagements is deleted within 90 days of engagement completion unless retention is legally required

5. Data sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Service providers: hosting and email providers who process data on our behalf under strict contractual obligations
  • Legal requirements: when required by law, regulation, or legal process

6. Cookies

Our website uses minimal, functional cookies only. We do not use third-party tracking cookies, advertising cookies, or social media pixels. Any cookies used are essential for website operation and do not track you across other sites.

7. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@offcept.com. We will respond within 30 days.

8. Data retention

We retain personal data only for as long as necessary:

  • Contact enquiries: 12 months from last interaction
  • Client engagement data: deleted within 90 days of engagement completion
  • Website analytics: aggregated and anonymised within 30 days

9. International transfers

Our operations are based within the European Union. If we engage a service provider outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

11. Contact

For any questions about this privacy policy or your personal data, contact us at:

OFFCEPT
Email: privacy@offcept.com