Frequently
asked questions

Are you the best Penetration Testing Service on the Market?

What? No! If your organization has a complex network or is exceptionally large (1,000 + endpoints), go out and spend the $50k-$100k with a company that can dedicate a massive team to your test.

Why is this so cheap?

We are able to provide a professional Penetration Test and Vulnerability assessment to organizations that otherwise would be priced out from the value of these tests by limiting the services we provide to exclusively the things that we can do well and the things we can do quickly

Why Would I Want a Penetration Test?

A penetration test helps an organization identify vulnerabilities in its systems, networks, and applications that could be exploited by attackers. It enables you to understand the potential impact of these vulnerabilities, prioritize remediation efforts, and ensure compliance with relevant regulations. This proactive approach strengthens the organization's security posture, minimizing the risk of a damaging data breach or cyber attack. Or simply put, a compliance framework (FEDRAMP, HIPAA, GDPR, ETC) or the law requires you to.

I have a custom application designed in <Programming Language>. Do you perform Application Penetration tests, and how much do they cost?

No.

I have a custom application designed in <Web Framework>. Do you perform Web Application Penetration tests, and how much do they cost?

No.

We have a dedicated Security Operations Center (SOC). Does your team engage in Purple Team Exercises?

Due to the limited testing timeframe (5 Days), our team employs a "Loud and Proud" approach to testing. Our team makes no/very little attempt at hiding/blending malicious behavior and making it look legitimate.

I have <Endpoint Detection Response (EDR) Product>, will your team attempt to bypass this solution?

Our team will perform basic obfuscation to bypass Anti-Virus solutions, but our team employs a "Loud and Proud" approach to testing. Our team makes no/very little attempt at hiding/blending malicious behavior and making it look legitimate.