OFFCEPT
All Engagements
Real testing by experienced operators. Threat-informed scoping, actionable reporting, and verified remediation.
See Methodology

What We Do

Penetration Testing
Manual testing that finds what scanners miss
Red Team Operations
Multi-week adversary simulations
CTEM
Continuous threat exposure management
Threat Intelligence
Data breach, dark web, and credential monitoring
EDR & XDR Testing
Endpoint detection gap analysis and evasion testing
Phishing & Social Engineering
Real campaigns, not generic templates
AI & LLM Security
Testing AI systems and LLM integrations
Zero-Day Research
Hunting undiscovered vulnerabilities
Reverse Engineering
Binary analysis, malware, and firmware
How We Work
From scoping to verified remediation in four phases. Every engagement follows the same structure, adapted to your threat landscape.
Full Breakdown

The Process

01 Scoping & Threat Model
Profile threat actors, map attack surface, define objectives
02 Testing & Exploitation
Manual testing, chained vulnerabilities, real attack paths
03 Reporting & Debrief
Proof, impact, remediation path, live walkthrough
04 Remediation & Validation
Re-test fixes, confirm they work, measurable improvement

Latest Posts

[Advisory]

TIBER-EU and DORA: What Financial Institutions Need to Understand Before the Notification Arrives

[Advisory]

NIS2 Compliance in Portugal: Evidence Over Documentation

[Technical Research]

Killing EDR visibility at the kernel: BYOVD

[Technical Research]

ACL Abuse Havoc, a BOF toolkit for AD ACL exploitation via Havoc C2

About OFFCEPT
Built by operators who spent years breaking into networks before building a company around it.
Learn More

Company

About Us
Our team, certifications, and story
Contact
Get in touch with our operators
Let's Talk

Legal

Terms of Service

Last updated: 16 May 2026

1. Agreement to terms

By accessing this website or engaging OFFCEPT's services, you agree to be bound by these Terms of Service. If you do not agree with any part of these terms, you should not use our website or services.

2. Services

OFFCEPT provides offensive security services including but not limited to:

  • Penetration testing
  • Red team operations
  • Continuous threat exposure management (CTEM)
  • Phishing simulations and security awareness assessments
  • AI security testing

All services are delivered under a separate Statement of Work (SOW) and Master Services Agreement (MSA) that govern the specific engagement. These terms cover website usage and general service inquiries.

3. Website use

You may use our website to learn about our services, read published research, and contact us. You agree not to:

  • Attempt to gain unauthorised access to our systems or infrastructure
  • Use automated tools to scrape, crawl, or harvest data from our website
  • Reproduce, distribute, or modify content from our website without written permission
  • Use our website for any unlawful purpose

4. Intellectual property

All content on this website, including text, design, code, research, and tools, is the property of OFFCEPT or its licensors. Our published research and open-source tools are released under their respective licenses. All other content is protected by copyright and may not be reproduced without written consent.

5. Engagement terms

Security testing engagements are governed by a separate contract. Key principles that apply to all engagements:

  • Authorisation: We only test systems you have explicit authority to authorise. You are responsible for confirming you have the legal right to authorise testing of all systems in scope.
  • Scope: Testing is conducted strictly within the agreed scope defined in the SOW. Any changes to scope require written agreement from both parties.
  • Rules of engagement: We follow the rules of engagement defined in the SOW, including testing windows, excluded systems, and communication protocols.
  • Confidentiality: All findings, reports, and data generated during an engagement are treated as confidential. We do not disclose client information to third parties.

6. Limitation of liability

OFFCEPT provides security testing based on the scope and methodology agreed in the SOW. Security testing provides a point-in-time assessment and does not guarantee that all vulnerabilities have been identified or that systems will remain secure after testing.

To the maximum extent permitted by law, OFFCEPT shall not be liable for any indirect, incidental, special, or consequential damages arising from the use of our website or services.

7. Confidentiality

We treat all client communications, engagement data, and test results as confidential. Our team operates under strict non-disclosure agreements. Client information is never shared, published, or used for marketing without explicit written consent.

8. Responsible disclosure

If you discover a vulnerability in our systems, we encourage you to report it responsibly through our Responsible Disclosure page. We are committed to working with the security community.

9. Governing law

These terms are governed by the laws of Portugal. Any disputes arising from these terms or our services shall be resolved in the courts of Portugal.

10. Changes to terms

We reserve the right to update these terms at any time. Changes will be posted on this page with an updated revision date. Continued use of our website after changes constitutes acceptance of the updated terms.

11. Contact

For questions about these terms, contact us at:

OFFCEPT
Email: legal@offcept.com