Our Services

Offensive Security Services

End-to-end penetration testing and security assessment services. Every engagement is bespoke, every report is board-ready, every finding is exploitable.

Infrastructure Web Applications Mobile & Wireless Social Engineering Incident Response Ransomware Recovery

Infrastructure Penetration Testing

Our infrastructure testing engagements simulate real-world adversary tactics across your internal and external network perimeter. We enumerate exposed services, exploit misconfigurations, chain vulnerabilities, and pivot laterally through your environment exactly as a motivated threat actor would.

We assess Active Directory security posture including Kerberoasting, AS-REP roasting, delegation abuse, ACL misconfigurations, and credential relay attacks. Configuration reviews of firewalls, switches, routers, and segmentation controls are included as standard.

All engagements follow industry-recognised methodologies to ensure comprehensive, repeatable coverage that satisfies compliance and audit requirements.

PTES OWASP NIST SP 800-115

Deliverables

  • Executive summary with risk-rated findings
  • Technical report with full exploitation evidence
  • Active Directory attack path analysis
  • Network architecture review and segmentation assessment
  • Firewall and device configuration audit
  • Prioritised remediation roadmap
  • Free retest within 30 days

Web Application Security Testing

We go beyond automated scanning to perform deep, manual assessment of your web applications, RESTful APIs, GraphQL endpoints, and single-page applications. Our testers identify injection vulnerabilities, broken authentication, insecure direct object references, and business logic flaws that scanners simply cannot detect.

Every engagement is aligned to the OWASP Top 10 and OWASP ASVS. We test for SQL injection, cross-site scripting, server-side request forgery, insecure deserialisation, mass assignment, and privilege escalation across every user role in your application.

Authentication and authorisation bypass testing is a core focus. We assess session management, JWT implementation, OAuth flows, MFA bypass, and access control enforcement at the API layer.

Deliverables

  • OWASP Top 10 coverage matrix
  • Detailed vulnerability write-ups with proof-of-concept
  • API security assessment report
  • Authentication and session management review
  • Business logic testing results
  • Secure development recommendations
  • Free retest within 30 days

Mobile & Wireless Security

Our mobile application testing covers iOS and Android platforms, assessing client-side storage, certificate pinning, binary protections, inter-process communication, and backend API integration. We reverse-engineer applications to identify hardcoded credentials, insecure data storage, and exploitable business logic.

Wireless assessments include WPA2/WPA3 attack surface analysis, rogue access point detection, evil twin attacks, RADIUS authentication testing, and Bluetooth Low Energy (BLE) security evaluation. We identify weaknesses in wireless segmentation and guest network isolation.

Whether you need to validate your BYOD policy, test a customer-facing mobile app before release, or assess your corporate wireless footprint, we provide the evidence you need to make informed security decisions.

Deliverables

  • Mobile application security assessment report
  • Static and dynamic analysis findings
  • Wireless network audit with heatmap coverage
  • Rogue access point detection results
  • Bluetooth and BLE assessment report
  • Remediation guidance for development teams
  • Free retest within 30 days

Social Engineering

Your people are your first line of defence — and your most exploitable attack surface. Our social engineering engagements test the human layer with realistic, controlled adversary simulations designed to measure susceptibility and expose process failures before a real attacker does.

We deliver targeted phishing campaigns using custom-crafted pretexts, credential harvesting pages, and payload delivery. Vishing (voice phishing) assessments test your staff against telephone-based pretexting, authority impersonation, and information elicitation techniques.

Physical security assessments include tailgating, badge cloning, USB drop attacks, and pretexting to gain access to restricted areas. Every interaction is documented with timestamps, photographs, and evidence suitable for board-level reporting.

Deliverables

  • Phishing campaign metrics and click-rate analysis
  • Vishing call logs with outcome classification
  • Physical access attempt documentation
  • USB drop campaign results
  • Staff awareness benchmarking report
  • Targeted training recommendations
  • Before-and-after comparison (repeat engagements)

Incident Response & Digital Forensics

When a breach occurs, speed and precision are everything. Our incident response team provides rapid triage, containment strategy, and forensic investigation to determine the scope of compromise, identify the attack vector, and preserve evidence to an evidential standard.

We perform host-based and network forensics, malware analysis, memory acquisition, log correlation, and timeline reconstruction. Our analysts identify indicators of compromise (IOCs), lateral movement paths, data exfiltration evidence, and persistence mechanisms used by the adversary.

All evidence handling follows ACPO guidelines and is suitable for legal proceedings, regulatory reporting, and insurance claims. We work alongside your legal counsel, insurers, and regulatory bodies to ensure coordinated disclosure.

Deliverables

  • Incident timeline and root cause analysis
  • Forensic evidence report (ACPO-compliant)
  • Malware analysis and IOC extraction
  • Scope of compromise assessment
  • Data exfiltration analysis
  • Containment and eradication plan
  • Post-incident hardening recommendations

Ransomware Recovery & Response New

Ransomware is the most disruptive cyber threat facing UK organisations today. Our dedicated ransomware response service provides end-to-end incident management — from initial containment and threat actor identification through to full infrastructure rebuild and hardened redeployment.

We assess decryption feasibility by identifying the ransomware variant, analysing encryption implementation, and checking against known decryptor databases. Where recovery is possible without payment, we execute it. Where it is not, we guide your organisation through data recovery from backups, shadow copies, and alternative sources.

Post-recovery, we rebuild your infrastructure with security hardened by design. This includes Active Directory redesign, network segmentation, endpoint detection deployment, and backup architecture validation to ensure you are resilient against future attacks.

Deliverables

  • Ransomware variant identification and analysis
  • Decryption feasibility assessment
  • Data recovery and restoration plan
  • Infrastructure rebuild architecture
  • Active Directory security hardening
  • Backup strategy review and validation
  • Ransomware prevention framework
  • Tabletop exercise for future preparedness
Get Started

Ready to scope your engagement?

Tell us what you need tested. We will provide a fixed-price quote and schedule your engagement — typically within two weeks.

Start a Conversation
contact@custodianconsulting.co.uk