Need a pentest? Wanna know if you’re hackable?

We’re ObfusLabs — a boutique offensive security lab and SOC‑for‑hire. We combine creative red‑team tradecraft with production‑ready detection and response so you not only find the weaknesses — you keep them fixed.

Core engagements

Web Application Penetration Testing — modern web stacks, APIs, auth logic, chained exploitation and exploitability proof‑of‑concept.
Internal Network Assessments & Red Team Operations — discovery, exploitation, lateral movement, domain compromise, and business‑impact scenarios.
Cloud Security Reviews — AWS / Azure / GCP posture, privilege review, CI/CD checks, cloud‑native misconfigurations, attack‑path analysis.
Active Directory & Identity Security — AD estate enumeration, Kerberos abuse, privilege chains, detection guidance for identity‑based attacks.
Social Engineering & Phishing Campaigns — realistic phish simulations, risk scoring, and tailored training follow‑ups.
Physical Penetration Testing — on‑premises physical security assessments (access control, badge/lock bypass, red‑team site ops).
PURPLE Team & Detection Tuning — we emulate adversaries and then tune your detections so attacks become visible.
Breach & Attack Simulation / Continuous Validation — automated + manual simulation to validate controls on cadence.
Incident Response Retainer & Forensics — rapid containment, triage, root cause, and remediation playbooks.
Training & Workshops — SOC analyst training, threat‑hunting bootcamps, secure‑coding, executive tabletops.

Why ObfusLabs?

Boutique attention: custom command packs and client-specific TUI views (no cookie-cutter portals).
Offensive‑first detection: we build findings so your SOC can actually detect them.
Actionable remediation: playbooks, patches, and testable verification steps — not vague advice.
Clear collaboration: ObfuScope Console (private preview), Jira/ServiceNow sync, and branded remediation reporting.

Email us: daniel.gray@obfuslabs.com

New offering: SOC‑as‑a‑Service (Managed SOC / SOC‑for‑hire)

For organizations that don’t want to run a full SOC in‑house — or that need a boutique partner who actually understands attacker tradecraft.

What you get

Deployment & Onboarding — integrate with your EDR (CrowdStrike/Defender), SIEM (Sentinel/Splunk), cloud telemetry, identity logs; read‑only roles with least privilege; baseline tuning.
24/7 Monitoring & Detection (or business‑hours) — alert monitoring, triage, investigation, real‑time escalation; playbook‑driven containment (host isolate, kill process, revoke token).
Threat Hunting & Threat Intel — scheduled hunts mapped to MITRE ATT&CK; curated intel translated into detections.
Detection Engineering & Tuning — vendor‑agnostic rules; false‑positive reduction; automated enrichment (process trees, pivots, cloud metadata).
Incident Response Retainer — priority IR with RTO/RPO SLAs; evidence preservation; remediation tasks.
Reporting & Governance — weekly analyst notes; monthly executive reports (MTTR, top detections, trending risk); continuous remediation tracking in the portal.

Optional add‑ons

PURPLE Team exercises & detection hardening
Cloud‑native runtime detection for containers/K8s
PCI/HIPAA/ISO mapping & advisory
Custom client dashboard and branded reporting (ObfuScope customization)

Onboarding & SLAs

Timeline: 2–6 weeks (source and scope dependent)
24/7: Critical acknowledgement ≤ 15 min; initial triage ≤ 1 hr
Business‑hours: Critical acknowledgement ≤ 2 hrs

Deliverables

Live ObfuScope tenant (private preview) with role‑based views
Monthly Executive Risk Brief & Quarterly Tabletop
Incident playbooks + one custom detection tune/month (extras available)

Pricing models

simple monthly retainer; pilot discounts available. Tell us your size & goals and we’ll propose something founder-friendly.

Start the conversation: daniel.gray@obfuslabs.com