Pentesting
Penetration tests mimic how a skilled attacker would probe your systems—so you can fix what matters before it is exploited in production.
What I focus on
- Web applications and APIs (including auth, business logic, and abuse cases)
- External and internal networks, Active Directory, and hybrid identity
- Cloud environments (AWS, Azure, GCP) and the configurations that quietly widen blast radius
- Phishing and credential attacks as follow-on, when scope calls for realistic entry paths
How engagements run
- Scoping workshop so goals, constraints, and “out of bounds” are explicit
- Technical testing with safe, agreed rules of engagement
- Debrief and written report: severity, exploitability, and concrete remediation—not noise