Skip to content
RedHunt
[ OFFENSIVE.SECURITY ]

Nine offensive practices.
One methodology.

From external perimeter to source code, from VoIP to ICS — every layer of your attack surface, tested by humans with 8–12 years of field experience.

Scope an engagement
> SERVICE CATALOG

Pick what matches your attack surface.

Most clients combine 2–3 of these into a single engagement with one report and one remediation roadmap.

EXTERNAL VAPT

External Vulnerability Assessment & Penetration Testing

Simulated external adversary against your internet-facing estate. Recon, exposure mapping, exploitation, and lateral-path proof.

  • ▸ OSINT + attack surface mapping
  • ▸ Public-asset exploitation
  • ▸ Perimeter bypass
  • ▸ DNS, mail, VPN, WAF tests
INTERNAL VAPT

Internal / Assumed-Breach

Starts from a foothold (rogue employee, compromised endpoint) and tests how far an attacker can go inside your network.

  • ▸ AD / Kerberos abuse
  • ▸ Lateral movement
  • ▸ Privilege escalation
  • ▸ Domain dominance path
WEB APPLICATION

Web Application Pentesting

OWASP-aligned testing of your web platform with a focus on business-logic flaws, chained exploits, and auth bypasses.

  • ▸ OWASP Top 10 + ASVS
  • ▸ Business logic abuse
  • ▸ Auth / session / SSO flaws
  • ▸ SSRF / IDOR / deserialization
MOBILE

Mobile Application Pentesting

Static + dynamic analysis on iOS and Android. OWASP MASVS and MSTG aligned. Covers binary, transport, and backend API.

  • ▸ iOS / Android binary analysis
  • ▸ Jailbreak / root detection bypass
  • ▸ Cert pinning bypass
  • ▸ Deep-link / IPC abuse
API

API Pentesting

OWASP API Top 10 mapped. Focus on authz, object-level checks, mass assignment, and business-logic flows that scanners miss.

  • ▸ BOLA / BFLA abuse
  • ▸ Auth / JWT weaknesses
  • ▸ Mass assignment
  • ▸ Rate-limit / quota bypass
SOURCE CODE

Source Code Review

Manual + SAST-assisted review of your codebase. We read code like an attacker reading git logs — looking for the flaws tools miss.

  • ▸ Trust boundary analysis
  • ▸ Crypto misuse
  • ▸ Injection sinks
  • ▸ Secrets + CI/CD gaps
SAST · ON-PREM

On-Premise SAST

For orgs that cannot ship source outside their network. Air-gapped SAST deployed inside your perimeter with our rule packs.

  • ▸ Air-gapped deployment
  • ▸ Custom rule packs
  • ▸ CI/CD integration
  • ▸ Developer feedback loop
VOIP

VoIP Pentesting

SIP, RTP, and PBX-level testing. Toll fraud, eavesdropping, and signalling-plane abuse.

  • ▸ SIP registration abuse
  • ▸ RTP injection
  • ▸ PBX compromise
  • ▸ Toll-fraud scenarios
OT · ICS

OT / Industrial Control Systems

Safety-first testing of SCADA, PLCs, HMIs, and industrial protocols. IEC-62443 aligned.

  • ▸ Protocol analysis (Modbus, DNP3, etc.)
  • ▸ HMI / engineering-workstation abuse
  • ▸ Safety-case-aware scoping
  • ▸ IEC-62443 alignment

[ STUB — expand with per-service methodology diagrams + sample scoping templates per 05-content-matrix.md §3 ]

Scope an engagement