Offensive Security

Cyberforks runs adversarial security engagements against real environments — not checkbox exercises against a stripped-down lab. Each engagement is scoped to a clear objective, executed under a written rules-of-engagement document, and delivered as a findings package an engineer or an executive can act on without translation.

Penetration Testing

Hands-on attack simulation against your perimeter, your internal network, or both — scoped to what your environment actually looks like.

  • External — internet-facing assets: web apps, VPN endpoints, mail, exposed services
  • Internal — assumed-breach perspective; what an attacker does once they're inside
  • Network — segmentation, lateral movement, Active Directory and identity infrastructure
  • Findings report with reproduction steps, severity ratings, and prioritized remediation

Common before a compliance milestone (PCI, SOC 2, cyber-insurance renewal), after a significant infrastructure change, or as part of an annual security baseline.

Red Team

Goal-oriented adversarial simulation — a real test of whether your detection and response can stop a determined attacker pursuing a specific objective.

  • Objective-driven scope (data exfiltration, domain compromise, business-disruption scenario)
  • Multi-vector approach — phishing, external exploitation, OSINT, physical when in scope
  • Full attack chain documented from initial access through objective achievement
  • Joint readout with your blue team — what fired, what didn't, and where the gaps live

Common when your program is mature enough that traditional pen tests no longer surface meaningful gaps and you need a real test of detection and response.

Purple Team

Collaborative offense-meets-defense — running attacker TTPs against your environment with your detection team in the room, tuning as you go.

  • Pre-engagement TTP selection, typically MITRE ATT&CK aligned to your threat model
  • Live execution with defender visibility — what your tools saw, missed, or logged silently
  • Iterative detection tuning during the engagement, not after
  • Detection-gap report with concrete query and rule recommendations

Common when leveling up an existing SOC, validating new detection content, or building defender intuition for what real attacker behavior looks like on the wire.

Security Engineering

Hands-on architecture, hardening, and tooling work — a practitioner who builds the thing, not a consultant who hands you a deck.

  • Cloud and identity hardening (AWS, Azure, GCP, Okta, Entra)
  • Detection engineering — building, tuning, and validating SIEM and EDR content
  • Infrastructure-as-code security review and remediation
  • Secrets management, network segmentation, and zero-trust architecture work

Common when the gap isn't "we need an assessment" — it's "we need someone to actually build it." Project- or retainer-based.

Every engagement is scoped to your environment, your threat model, and your objective — not a templated SOW. If any of the above fits something you're working on, get in touch.

Get in touch