01 // Human Layer
Phishing Assessment
I craft targeted phishing campaigns against your employees and deliver a full report of click rates, credential submissions, and detection rates.
02 // Artificial Intelligence
AI / LLM Red Teaming
Targeted testing for AI chatbots and agentic LLMs — jailbreaking, system prompt extraction, RAG pipeline attacks, and tool call hijacking.
03 // Application & API Security
Traditional Web Applications
Real-world attack simulation on your application logic — data breaches, XSS, SQL injection, and authentication flaws.
GraphQL & API Testing
Manual testing for BOLA, BFLA, excessive data exposure, and injection flaws across REST, GraphQL, and WebSocket APIs.
04 // Infrastructure & Network
External Network PenTest
I map your digital footprint and attempt to breach your perimeter — essential for companies with unknown asset sprawl.
Active Directory Health Check
90% of ransomware spreads via AD. I audit your Domain Controllers for Kerberoasting, weak service accounts, and legacy protocols.
05 // How We Collaborate
We define the attack surface, testing type (black/grey/whitebox), and rules of engagement on a free scoping call.
I send a fixed-price proposal. After sign-off we execute a framework contract (MSA/SOW) with a 35% advance deposit.
I conduct testing within the agreed window, alerting you immediately on any critical (business-stopping) findings.
You receive a technical report with an executive summary. We walk through findings together and agree on next steps.
I remain available for ad-hoc re-tests, advice, and strategic guidance throughout the year.
Ready to test your defences?
Start with a free 30-minute scoping call. I'll tell you what I need, what I'll test, and what it will cost — before you commit to anything.