Authorized Offensive Security Operations

We Break Things Before Attackers Do

We find the gaps in your defenses before someone with bad intentions does. Real attack techniques, honest reporting, and no fluff.

[email protected] ~ $
$
Explore Services Request Engagement
0+
Years Experience
0+
Engagements
0
Certifications
0+
CVE PoCs Built
// What We Do

Offensive Security Services

We run the same attacks real adversaries use, against your actual environment. No checkbox audits, no generic reports.

Advanced

Red Team Operations

Starting from zero access, we go after your most valuable assets using the same tools and tactics real attackers use. We're testing whether your people, your processes, and your technology can actually catch us in time.

  • Operator-controlled C2 (Cobalt Strike, Sliver, Outflank)
  • Custom implant development with EDR/AV evasion
  • Full Active Directory kill chain: foothold to DA
  • Assumed breach & objective-based scenarios
  • Phishing-led initial access with AiTM & payload delivery
  • MITRE ATT&CK mapped report with detection gaps
Engage Us

Cloud Security Review

Most cloud breaches happen because of misconfigurations, over-permissioned accounts, and forgotten resources — not zero-days. We look at your cloud the way an attacker would, and connect the dots between low-risk items that automated scanners treat as separate.

  • AWS / Azure / GCP misconfiguration & hardening review
  • IAM policy analysis: over-provisioned roles & priv-esc paths
  • Public exposure audit: storage, snapshots, APIs & databases
  • Azure AD / Entra ID & Conditional Access assessment
  • IMDS abuse, SSRF-to-metadata & container escape scenarios
  • Hardcoded secrets & credential leakage discovery
Engage Us

Phishing Simulations

MFA is not the end of the conversation. We run phishing campaigns using the same setups threat actors actually use, including proxies that can bypass MFA entirely. After every campaign you get real numbers: who clicked, who submitted credentials, and what to do about it.

  • AiTM credential harvesting — bypasses MFA transparently
  • Device Code phishing targeting Microsoft 365 & Azure
  • Browser-in-the-Browser (BITB) lure pages
  • Spear-phishing with macro-free malicious attachments
  • QR code & SMS-based (smishing) campaigns
  • Full metrics: open rates, click rates, credential submission
Engage Us

Source Code Review

Automated scanners produce a lot of noise and miss the things that actually matter. We pair tooling with manual review by people who understand how code gets written and how it gets broken, which is how we find the logic flaws and authorization bypasses that tools walk straight past.

  • Business logic & access control flaw analysis
  • Injection vulnerabilities: SQL, SSTI, XXE, deserialization
  • Insecure authentication, session management & JWT handling
  • Hardcoded secrets, API keys & sensitive data exposure
  • Dependency & supply chain vulnerability review
  • Python, Java, C/C++, Go, Bash, PowerShell coverage
Engage Us

Web App & API Security

Modern applications have a lot of moving parts: multiple frontends, microservices, third-party integrations, public APIs. We test the whole picture manually, connecting findings that look minor in isolation into realistic scenarios that show you the actual business impact.

  • IDOR, broken object-level & function-level authorization
  • OAuth 2.0, SAML & JWT implementation flaws
  • REST & GraphQL API abuse, introspection & batching attacks
  • SSRF, XXE, SSTI & advanced injection chains
  • Race conditions, mass assignment & business logic abuse
  • Full re-test included upon remediation
Engage Us

Infrastructure Security

From your public perimeter to your internal domain controllers, we map and exploit your infrastructure the way a real attacker would. Every exposed asset gets looked at, exploitable vulnerabilities get prioritized, and you see the full impact of what a network-level breach actually looks like.

  • External attack surface mapping & subdomain enumeration
  • Vulnerability discovery, prioritisation & exploitation
  • Active Directory: Kerberoasting, AS-REP, NTLM relay, ESC attacks
  • SMB & LDAP relay chains, credential coercion (PetitPotam, etc.)
  • Network segmentation & VLAN bypass testing
  • Post-exploitation: credential dumping, persistence & pivoting
Engage Us
// Why Red Team Security

Operator-Led. Adversary-Minded.

This is not a checkbox security firm. Every engagement is led by a practitioner who has spent years developing offensive tooling, getting past enterprise EDRs, and exploiting real production environments.

We have presented at international security conferences, contributed research to the offensive security community, and hold the certifications that actually require you to break things under exam conditions.

Custom Offensive Tooling We build tools for the job, not just run off-the-shelf scanners and call it a test.
Reports Written by Humans Every finding gets clear reproduction steps, real screenshots, and a plain-English explanation of why it matters.
We Test Your Defenses, Not Just Your Code Engagements are designed to trigger your detection and response, not just list open ports.
Support After the Report We stay available while your team works through remediation and re-test the fixes when you are ready.
MITRE ATT&CK Coverage
Reconnaissance
90%
Initial Access
95%
Execution
88%
Persistence
85%
Privilege Escalation
92%
Defense Evasion
87%
Lateral Movement
91%
Exfiltration
83%
// The Operator

About Red Team Security SRL

Andrei Grigoras

Andrei Grigoras

Founder · Penetration Tester · Red Teamer

Red Team Security SRL was founded by Andrei Grigoras — a self-driven, self-taught security professional with over 7 years of hands-on offensive security experience. Starting from a Junior Security Researcher role in 2018, Andrei progressed rapidly through SOC analysis, consulting at Accenture, senior penetration testing at TwelveSec and Casumo, independent tooling research, and most recently as a Red Team Operator at PwC Ireland — leading engagements against organizations with 5,000+ employees.

Andrei is a recognized speaker at international security conferences including DefCamp, BSides Athens, BSides Tirana, HEK.SI, and INFOSEK.SI. He has developed multiple custom offensive tools used in real engagements, contributed original research to the community, and competed for Team Romania in the European Cyber Security Challenge.

[email protected] LinkedIn Profile

Career Timeline

2025 – Present

Red Team Operator

PwC Ireland

Leading red team engagements for large enterprises (5,000+ employees), developing custom attack infrastructure, modifying tools like Kerbrute and SOAPHound, and supporting External Attack Surface Management.

2024 – 2025

Offensive Tool Researcher & Developer

Cybral (Freelance)

Built Web Application Vulnerability Scanner MVP with scraper, fuzzer, and AI-powered anomaly detector. Developed Automated Red Team engine with 60+ CVE PoCs and Terraform-based infrastructure.

2022 – 2024

Senior Penetration Tester

TwelveSec, Athens

Led red team operations using Mythic and Cobalt Strike, deployed resilient red team infrastructure, mentored junior staff, and conducted mobile, web, infrastructure, and phishing assessments.

2021 – 2022

Senior Penetration Tester

Casumo, Malta

Security testing across iGaming products including code review, external/internal PT, phishing, and infrastructure assessments. Close cooperation with dev/ops teams.

2019 – 2021

Security Consultant & SOC Analyst

Accenture & SecureWorks

Security training development, SAST/DAST assessments at Accenture. SIEM log investigation and MDR endpoint analysis at SecureWorks.

2018 – 2019

Junior Security Researcher

pentest-tools.com

Researched new vulnerabilities, implemented them in the platform, and participated in bug bounty programs.

// Proof of Expertise

Certifications & Achievements

Industry-recognized offensive security certifications backed by real-world competition wins and community contributions.

OSCP

Offensive Security Certified Professional

OffSec · View Certificate ↗
OSEP

Offensive Security Experienced Penetration Tester

OffSec · View Certificate ↗
CRTO

Certified Red Team Operator

Zero-Point Security · View Certificate ↗
CRTL

Certified Red Team Lead

Zero-Point Security · View Certificate ↗
PNPT

Practical Network Penetration Tester

TCM Security · View Certificate ↗
ARTE

Advanced Red Team Expert

HackTricks Training · View Certificate ↗
CRTSv2

Certified Red Team Specialist v2

Security Blue Team · View Certificate ↗
🏆

CTF Competitions

  • 1stContinental Technical Competition — CyberSecurity
  • 1stUSV CTF 2019 & 2020 Finals
  • 1stITEC CTF
  • 3rdIXIA & RST CTF
  • 5thVulnCon CTF
  • 9thDCTF 2020
  • ROEuropean Cyber Security Challenge — Team Romania
🎤

Conference Speaker

  • HackTheZone & HEK.SI "Weaponizing ROP with pwntools"
  • INFOSEK.SI · BSides Tirana · DefCamp "Building a Resilient Red Team Infrastructure with Terraform"
  • BSides Athens "Evilginx and Gophish for Red Teamers"
⚔️

HTB Pro Hacker

Compromised 80+ machines on HackTheBox including Rastalabas challenges, maintaining Pro Hacker rank through consistent offensive security practice.

🛠️

Tool Developer

  • Custom Evilginx3 — dynamic HTML obfuscation & link cloaking
  • Custom Gophish — QR campaigns & AiTM integration
  • Web Vulnerability Scanner — scraper, fuzzer & AI anomaly detector
  • Domain Categorisation Tool — automated reputation management
  • Ransomware PoC — full-UI simulator & fileless in-memory variant
  • 60+ RCE exploits — hand-written CVE proof-of-concepts
// Our Process

Engagement Methodology

Here is how a typical engagement runs, from first contact to the final fix verification.

01

Scoping & Rules of Engagement

We agree on clear boundaries, objectives, and what success looks like. Scope, timeline, communication channels, and emergency contacts are locked in before anything starts.

02

Reconnaissance & OSINT

We map your external attack surface using the same sources an attacker would: domains, IP ranges, employee data, technology stack, supplier relationships, and any credentials that have leaked publicly.

03

Attack & Exploitation

We exploit what we find and go as far as the scope allows. Findings get chained together to show what the real damage would be, not just a list of theoretical risks.

04

Reporting & Debrief

You get a technical report for your security team with full reproduction steps, and an executive summary your management can actually read. We also do a live debrief to walk through findings together.

05

Remediation & Re-testing

We are available while your team works through fixes, and we re-test the patched findings at no extra charge to confirm everything is properly resolved.

// Arsenal

Custom-Built Offensive Tooling

We don't rely solely on public tools. Our operator develops and maintains a suite of custom offensive capabilities.

Custom Evilginx3

A heavily modified evilginx3 fork featuring dynamic HTML obfuscation to defeat browser-side static scanning engines, link cloaking, and real-time credential capture piped into Gophish campaign metrics.

AiTMPhishingEvasion
Custom Gophish

A feature-extended Gophish fork with native QR code campaign support, full bidirectional integration with the custom Evilginx3 for AiTM flows, and improved credential export and reporting functionality.

PhishingQRReporting
Web Vulnerability Scanner

Custom multi-stage DAST tool: a Selenium-driven scraper maps all inputs, a fuzzer tests XSS, SSTI, LFI, SQLi, and open-redirect vectors, and an AI-assisted anomaly detector reduces false positives automatically.

DASTAIWeb
Domain Categorisation Tool

Automated tool that submits phishing domains for recategorisation across multiple vendor reputation platforms using Selenium and an integrated captcha-solving engine — keeping infrastructure off blocklists.

OPSECReputationAutomation GitHub ↗
Exploit Research Library

60+ hand-written RCE exploit proof-of-concepts covering CVEs from the last 5 years. Each includes a reproducible vulnerable environment, cross-compiled Linux/Windows binaries, and documented exploitation steps.

ExploitsRCEResearch
Ransomware Proof-of-Concept

Two-variant ransomware PoC developed for red team engagements: a full-UI simulator that replicates real-world ransomware UX and workflow for executive-level impact demos, and a fileless in-memory variant that operates without touching disk to evade EDR-protected environments.

RansomwareFilelessEDR EvasionRed Team
// Let's Talk

Request an Engagement

Every engagement starts with a confidential scoping call where we talk through your environment, objectives, and what you want to get out of the test. Reach out and we will get back to you within 24 hours.

Email [email protected]
LinkedIn Andrei Grigoras
Registration RED TEAM SECURITY SRL, Romania
🔒 All communications are treated as strictly confidential. NDAs available upon request.

We respond within 24 hours on business days.