Approach

Realism with control

A structured method that reveals real-world exposure with tight governance and minimal disruption.

Philosophy

Built around how adversaries actually operate

We design engagements the way a determined adversary would—learn the environment, identify access paths, exploit routine and trust, and validate objective impact.

The difference is governance: clear RoE, proportionality, and stop conditions.

1

Scoping & Rules of Engagement

The foundation of every engagement. Before any activity begins, we agree the full framework with your team.

  • Define objectives, constraints, excluded areas, and acceptable tactics
  • Agree onsite windows and deconfliction controls
  • Set safe words, stop conditions, and escalation routes
  • Confirm evidence handling and reporting expectations
2

OSINT & Planning

We assess what can be learned from public sources and passive collection — the same way a real attacker would reduce uncertainty before arriving on site. This phase often reveals more than clients expect is visible from outside.

3

Reconnaissance & Profiling

Observation to understand routines, choke points, access behaviour, and control effectiveness in practice. This phase regularly reveals the gap between written process and real operational behaviour — often the most significant finding in an engagement.

4

Controlled Access Attempts

Access attempts are objective-driven and proportionate, testing realistic pathways under the agreed RoE. Where explicitly authorised, we may validate what access enables — including restricted areas, sensitive assets, and downstream exposure.

5

Evidence, Reporting & Debrief

Findings are delivered as an evidence-led narrative: what happened, why it worked, what it enabled, and which fixes measurably reduce risk.

Outputs

What you receive at the end of every engagement

01

Executive Summary

Board and leadership-friendly overview of what was possible, why it mattered, and immediate priorities.

02

Evidence Pack

Timeline, observations, artefacts, and supporting detail aligned to objectives. Reproducible and defensible.

03

Attack Path Narrative

How weaknesses chained together — showing the path from perimeter to objective, not a disconnected list.

04

Remediation Plan

Prioritised practical steps mapped to likelihood reduction and containment, with retest options.

05

Leadership Debrief

Concise walkthrough for stakeholders with Q&A and agreed next actions.

Discuss an engagement View services