Red Team · Pentesting

Authorised red team and pentesting to learn how far a real attacker could get.

Penetration testing with a signed scope, controlled execution and evidence you can act on: exploitable vulnerabilities, real impact and clear remediation priorities.

Define scope Chat on WhatsApp
  • 20+ years in security
  • Expert witness TIP 639 AEPEJU
  • Authorised testing only
Why trust this

Authorised offence, defensive judgement and forensic documentation.

More than 20 years in systems, development and security. Court Forensic IT Expert TIP 639 AEPEJU, DPO certified by the Spanish DPA (AEPD) and a developer of his own software: an application is reviewed from the outside, but also understood from the inside: architecture, logic, binaries, evidence and legal risk.

Scope

What can be tested.

The scope adapts to the asset and the level of authorisation: black box, grey box or assisted review when you provide technical context.

Web applications & APIs

  • Authentication, sessions and access control.
  • Business logic and data exposure.
  • Injections, misconfigurations and APIs.

Servers & infrastructure

  • Exposed surface, services and versions.
  • Hardening, segmentation and credentials.
  • Realistic entry vectors and lateral movement.

Mobile apps Android / iOS

  • Communications and local storage.
  • Authentication, permissions and integrations.
  • Resistance to tampering and reversing.

Desktop programs & binaries

  • Local behaviour and secret management.
  • Integrity and function abuse.
  • Technical analysis of the executable.
How it works

From scope to retest, always under control.

1Scope and rules of engagement

Authorised assets, limits, time windows, emergency contacts and severity criteria, in writing.

2Controlled testing

Hunting exploitable flaws without degrading the service or touching data beyond what is necessary.

3Validation

Every finding is verified to rule out false positives and to group duplicates.

4Technical and executive report

Impact, evidence, safe reproduction, risk, recommendation and priority.

5Retest

Verification of the fixes for P1–P4 findings within the agreed deadline.

Pay-per-finding model

You pay for real, validated vulnerabilities.

It works like a private bug bounty: you pay for real, validated, in-scope vulnerabilities. To keep the work serious and predictable, the service includes a base scoping and coordination fee, an agreed maximum budget and clear severity rules.

VAT not included

SeverityFee per findingWhen it applies
P1 · Critical€2,500Full compromise: remote code execution, takeover or massive data access.
P2 · High€1,000Privilege escalation, access to sensitive data or serious authentication or logic flaws.
P3 · Medium€400Medium risk, exploitable under certain conditions or with limited impact.
P4 · Low€150Low or hard-to-exploit risk; worth fixing.
P5 · Informational€0Best practices and recommendations with no direct risk. No cost.
  • Includes a base scoping and coordination fee, tailored to each asset.
  • Agreed maximum budget (cap): no surprises, with a heads-up as the limit approaches.
  • Retest included for P1–P4 findings fixed on time.
  • CVSS severity adjusted to business context; no charge for duplicates.
  • The base fee is credited, fully or partially, against the first findings when the engagement exceeds the agreed minimum.
Request a proposal
Deliverables

What you get.

  • Executive summary for management: risk, impact and recommended decisions.
  • Technical detail for whoever fixes it: cause, evidence, scope and mitigation.
  • Severity classification P1–P5 backed by CVSS and business context.
  • Test log and evidence with a forensic approach when the case requires it.
  • Closing meeting to prioritise fixes and answer technical questions.
Legal framework

Authorised testing only.

No testing is carried out without a contract, express authorisation and a signed scope. Before starting, we define what can be tested, what is off limits, which data must not be touched, how incidents are reported and when testing must stop. The goal is not to "break" systems: it is to measure real risk with control, confidentiality and usefulness for fixing.

Frequently asked questions

Frequently asked questions

Is this a hacking service?

It is authorised offensive security. Testing is always carried out under contract, with express authorisation, a signed scope, agreed limits and full traceability.

Can you test a live website or system in production?

Yes, when the scope and testing windows allow it. Availability is prioritised and stop rules are agreed in case of any incident.

Do you charge for duplicate vulnerabilities?

No. The same root cause counts once, even if it shows up on several URLs, screens or endpoints.

Who decides the severity of each finding?

It is proposed using CVSS adjusted for real exploitability, affected data, privileges and business context. The final severity is documented and reviewed with the client.

Does it include a retest of fixed issues?

Yes. The service includes a retest of P1–P4 findings fixed within the agreed deadline, to confirm the fix is effective.

Can it serve as evidence for compliance or legal proceedings?

Yes. The report serves as technical evidence of review and improvement, and findings can be documented with forensic rigour when the case requires it (Court Forensic IT Expert TIP 639 AEPEJU).

Interlinking

Related services

Direct contact

Define a safe scope before testing anything.

Tell me which asset you want to assess, what testing window suits you and what level of access you can provide. I will send back a proposal with scope, rules, limits, maximum budget and deliverables.

Request a Red Team proposal Open WhatsApp