Guides, Reports & Tools

Practical resources from the OFFCEPT team — built for security leads who need to act, not just read.

A practical guide for security teams commissioning their first red team operation — objectives, scope, rules of engagement, and what to expect.

An annual review of the threat actors, TTPs, and campaigns targeting financial institutions. Includes MITRE ATT&CK mapping and detection guidance.

Verify your environment is ready for a penetration test or red team engagement. Covers network, AD, logging, and detection tooling.

How to interpret findings, CVSS scores, and remediation priorities. Written for technical leads and CISOs who receive pentest deliverables.

Aggregated findings from hundreds of internal assessments. The AD misconfigurations we find in nearly every environment — with remediation steps.

A framework for understanding where your organisation sits on the adversary simulation maturity curve — and a roadmap to advance your programme.

Research Blog

More depth.
The blog.

Technical articles, threat actor analysis, and operational insights published regularly by our team.

Get Started

Our team can create bespoke threat intelligence reports and security assessments tailored to your sector.