Security Assessment & Reconnaissance

See your exposure the way an attacker already can — before we touch a single system.

This assessment examines your organisation's publicly visible digital footprint without requiring access to internal systems. Every subdomain, exposed service, and misconfiguration we can find. Zero intrusion, zero downtime risk.

vpn-old. api. mail. stage. shop.
passive sensing — nothing here ever touches your infrastructure
Assessment Scope

What we analyze.

A complete inventory and analysis of your organisation's publicly discoverable digital assets. This forms the foundation for all subsequent analysis.

Discovery

Internet-Facing Assets

A complete inventory of your organisation's publicly discoverable digital assets, forming the foundation for all subsequent analysis.

  • Domain & Subdomain Enumeration
  • Live Asset Confirmation (HTTP/HTTPS)
  • Asset Exposure Classification
Infrastructure

Infrastructure Visibility

Mapping the physical and logical locations of your discovered domains, identifying network blocks and the hosting layer.

  • IP Address & Hosting Inventory
  • Content Delivery Network Detection
  • Network Range Exposure
Web Security

Web Security Controls

Evaluating browser-enforced security controls, transport security, and session management across all web-accessible assets.

  • HTTP Security Header Assessment
  • TLS/Transport Security Validation
  • Cookie Security & WAF Detection
Email Security

Email Security Posture

Assessing configuration across all discovered domains to determine protection against sender impersonation and spoofing.

  • SPF Record Validation
  • DKIM Assessment
  • DMARC Policy Enforcement Level
Exposure

Open Services and Ports

A record of network ports accepting connections, identifying services, versions, and observable authentication behaviour.

  • Port & Service Identification
  • Authentication Status Checks
  • Sensitive File & Admin Exposure
Accessibility

Public Accessibility Review

Distinguishing intended public access from internal functions, and identifying critical DNS routing risks.

  • Internal vs External Classification
  • Subdomain Takeover Risk Assessment
  • Typosquatting Domain Review
Report Depth

What you actually get back

A flavor of the findings, organized the same way your real report will be — by category, with a clear status on each item.

Sample report — illustrative findings for a fictional domain (examplecorp.io), shown to demonstrate depth. Your engagement covers your actual footprint.
www.examplecorp.io — production · active
CLEAN
api.examplecorp.io — production · active
CLEAN
mail.examplecorp.io — mail relay · active
CLEAN
stage.examplecorp.io — exposed staging environment, no auth wall found
RISK
vpn-old.examplecorp.io — decommissioned VPN portal, still resolving and reachable
RISK
SPF — record found, hard fail (-all) configured
CLEAN
DKIM — 2048-bit key, selector "default", valid signature
CLEAN
DMARC — policy=none, monitoring only, not enforced
WATCH
A policy=none DMARC record reports on spoofed mail but doesn't stop it reaching inboxes — moving to quarantine or reject closes the gap.
WordPress 5.4 — end-of-life, 3 known CVEs including one remote code execution
RISK
nginx 1.14.0 — end-of-life, 2 known CVEs
WATCH
jQuery 1.9.1 — outdated, multiple known XSS issues
WATCH
PHP 7.2 — end-of-life, unsupported since November 2020
RISK
2 credential sets matching @examplecorp.io found in breach corpora (last seen 2024)
RISK
1 publicly listable cloud storage bucket, contains internal filenames
RISK
3 lookalike domains registered in the last 12 months
WATCH
Deliverables

Risk Findings & Evidence

Findings are documented with sufficient detail to support remediation, complete with visual evidence and risk scoring.

01 / Risk Scoring

Risk Prioritisation

Each finding is assigned a severity classification (Critical, High, Medium, Low) and a numeric risk score to support consistent comparison and prioritisation.

02 / Evidence

Evidence Collection

Point-in-time visual screenshots, raw DNS records, HTTP headers, and service responses are captured to enable independent validation.

03 / Exec Report

Management Report

An executive summary presenting key risk areas, overall posture, and high-level remediation priorities with business context for non-technical stakeholders.

04 / Tech Report

Technical Report

A detailed catalogue for security teams including the full asset inventory, specific remediation guidance, and AI-assisted cross-finding correlation.

Summary

Deliverables Summary

A complete overview of the assessments, reports, and evidence provided during the engagement.

Domain and Subdomain Inventory
IP and Hosting Inventory
CDN and Infrastructure Mapping
Open Port and Service Inventory
HTTP Security Header Assessment
TLS and Certificate Assessment
Cookie Security Assessment
Email Authentication Assessment
Sensitive File Exposure
Administrative Interfaces
Subdomain Takeover Scan
Typosquatting Review
Visual Screenshot Evidence
Risk-Prioritised Findings
Management Summary Report
Technical Findings Report
Remediation Guidance

Why This Assessment Matters

Organisations face persistent risk from publicly exposed assets that are unknown, misconfigured, or forgotten. Attackers routinely map external infrastructure before attempting any intrusion — the same information gathered in this assessment is available to any motivated adversary. The difference is that this engagement puts that visibility in your hands first.

Beyond security risk, external exposure directly affects regulatory and compliance standing (ISO 27001, SOC 2, PCI DSS, GDPR). Addressing findings from this assessment reduces the likelihood of a preventable breach and strengthens your compliance posture.