Offensive Security, for the real world.
We emulate advanced adversaries, uncover business‑relevant risk, and uplift your ability to detect and respond.
- Authorized & Ethical
- Objective‑based
- Clear, actionable reporting
Services Click to expand
Program & Continuous
- Offensive Security Program strategy & execution
- Continuous Pentesting (PTaaS) Sprint testing + retests
- Attack Surface Management Continuous discovery & exposure reduction
Adversary Emulation & Red Team
- Red Team Objective-driven emulation
- Assumed-Breach Assessment Lateral movement & blast radius
- Ransomware Emulation (Benign) Validate detections safely
- EDR / Defender Evasion AMSI/ETW blind spots
- Social Engineering & Phishing Simulation Phish, vish, smish
- Physical Red Team (Facilities) Locks, badges, tailgating
Application & API Abuse
- Penetration Testing Web, API, mobile, infra
- Application Security App-centric / SDLC
- Advanced API Abuse BOLA/BFLA, GraphQL
- Business-Logic Abuse Workflow tampering
- WAF & Bot-Mitigation Evasion Fingerprint evasion
OWASP-Focused Offerings
- OWASP Top 10 (Web) A01–A10
- OWASP API Security Top 10 BOLA, rate-limit, authZ
- OWASP Mobile Top 10 Platform misuse
- OWASP ASVS Gap Assessment Control mapping
- OWASP MASVS (Mobile) MSTG verification
- OWASP Proactive Controls Dev training
- GraphQL Security Review Schema/resolvers
Identity, Network & Cloud
- Identity Attack Path Assessment SSO/OAuth abuse
- Network & AD Internal & perimeter
- Cloud & Containers AWS/Azure/GCP
- Kubernetes Workload Attacks RBAC & breakouts
- CI/CD & Supply-Chain Simulation Artifact poisoning
Platforms & Specializations
- SaaS Tenant Takeover OAuth & shared domains
- Wireless & Proximity Wi‑Fi, BLE, NFC
- IoT / Embedded Firmware & HW
- Critical Infrastructure ICS/OT
AI & Recon
- AI / LLM Security Testing Jailbreaks & data exfil
- OSINT & Threat Intel Brand & adversary tracking
Reverse Engineering
- Reverse Engineering & Software Analysis Binary, firmware & protocol analysis
- Mobile App Reverse Engineering iOS/Android static & dynamic RE
Research, Collaboration & Enablement
- Exploit Research Vulnerability research & PoCs
- Malware Simulation Benign payloads
- Purple Team Red + Blue uplift
- CTF & Labs Coaching & events
- Training Hands-on courses
- Freelance Consulting On-demand experts
- Projects Case studies & tools
- DFIR & Forensics Response & analysis
See Our Deliverables
Typical Scopes & Timelines
App/API Light
1–2 apps, 1–2 weeks
- AuthZ, logic, OWASP Top 10
- Report + Retest
Cloud/K8s
2–4 weeks
- IAM, CIS, K8s escapes
- Detection gap map
Red Team
4–8 weeks
- Objective-based chains
- AAR + Purple uplift
Academy — Learn Cyber Security
Hands‑on courses, labs, and coaching — from fundamentals to advanced offensive tradecraft.
Marketplace — Tools & Templates
Legit, ethical products for security teams and learners.
About Offensive Security Platform
We are an adversary‑focused security company based in Dhaka (GMT+6), delivering authorized, ethical offensive security engagements worldwide. Our mission is to help teams measure real risk, harden critical systems, and uplift detection & response.
- Ethical, written authorization for every engagement
- Executive‑ready summaries with reproducible technical detail
- Retest & closure to verify fixes and improvements
Solutions by Outcome
Compliance‑Ready Testing
Evidence‑driven pentests to support audits while staying focused on real risk, not box‑ticking.
- Scoping aligned to business impact
- Remediation roadmap with priorities
- Executive summary & technical detail
Defense Uplift
Iterative purple teaming to improve detection engineering, logging, and response playbooks.
- Attack chains mapped to MITRE ATT&CK
- Detection gaps identified & tracked
- Tabletop + hands‑on exercises
AppSec Modernization
Shift‑left security, developer enablement, and secure SDLC accelerators for modern teams.
- Threat modeling & secure patterns
- CI/CD security controls
- Roadmap & training
Incident Readiness
Be breach‑ready: visibility, response processes, and contacts established before you need them.
- IR playbooks & escalation
- Log sources & retention tuned
- On‑call support options
How We Work
- Discover — clarify objectives, scope, and authorization.
- Emulate — execute realistic attack paths & TTPs.
- Validate — reproduce findings and verify impact.
- Remediate — prioritize fixes with clear guidance.
- Uplift — re‑test, measure progress, and train your team.
Selected Case Studies
SaaS: Full‑stack Pentest
Chained auth bypass + IDOR to critical data exposure; guided rapid fix in 72h.
Banking: Red Team
Phish‑to‑persistence with lateral movement; blue team uplifted detections post‑exercise.
Manufacturing: OT Risk
Exposed unsafe defaults in ICS network; segmented & hardened critical systems.
What Clients Say
“Clear, no‑nonsense reporting and fast help during remediation.”
“Their red team felt real. We learned more in two weeks than in a year of tools.”
“Hands‑on training that our developers actually enjoyed.”
Team
A small, focused team with deep offensive and teaching experience.
Soma Roy
Lead Offensive Security / Instructor
- Red Team
- AppSec
- DFIR
Analyst
Senior AppSec / API Testing
- API
- Logic
- ASVS
Researcher
Exploit & Cloud/K8s
- K8s
- Cloud
- Exploit
FAQ
Do you provide written authorization and NDAs?
Yes. Every engagement is authorized in writing; NDAs and data handling agreements are standard.
Can you work fully remote?
Yes. We operate primarily remote from Dhaka (GMT+6) and can travel when required.
How do you price?
Scoped fixed‑fee for most engagements; time‑and‑materials for open‑ended consulting.
Can you help us pass an audit without losing real‑world focus?
Absolutely. We map real findings to compliance controls while prioritizing business‑risk remediation.
Contact
Email: contact@offsecplatform.com
Office Hours: Sun–Thu, 10:00–18:00 (GMT+6)
Location: Dhaka, Bangladesh (Remote & On-site)
Portal: Client Portal (Coming Soon)
We reply within 1 business day. For urgent incidents, call the hotline above.