Offensive security · New Delhi

We break things on purpose

Penetration testing, red teaming, and vulnerability research for companies that want to find their own problems first.

Start a conversation → See services

§ 01   Services

Offensive ethos, defensive instincts

All services →

  • Penetration testing

    Web, API, mobile, internal network, and cloud. Black, grey, or white-box; retest included.

  • Red teaming

    Objective-based testing against your real environment. The exercise tests your response, not just your perimeter.

  • Vulnerability research

    Reverse engineering, fuzzing, exploit development against products and protocols you depend on.

  • Detection engineering

    Detection rules tuned against the activity we actually generate during testing.

  • Audit readiness

    ISO 27001, SOC 2, and customer security reviews.

  • Password recovery

    Recovering access to wallets, archives, and encrypted material you own. Ownership is verified before we begin.

§ 02   Products

Tools we built for the work

See product →

§ 03   How we work

Three principles shape how we run engagements.

01

Clear ownership, end to end

The person who scopes the engagement runs it and writes the report. There is no second layer.

02

Reproducible findings

Every finding includes reproduction steps and a fix path.

03

Written for your stack

Reports are written for your stack and the engineers who maintain it.

Meet the team →

Have something you'd like us to break?

hello@marionette.in Disclosure policy