Authorized Offensive Security Operations

We Break Things Before Attackers Do

Elite red team operations, advanced penetration testing, and adversary simulation — delivered by operators with real-world offensive experience.

[email protected] ~ $
$
Explore Services Request Engagement
0+ Years Experience
0+ Engagements
0 Certifications
0+ CVE PoCs Built
// What We Do

Offensive Security Services

From initial access to full domain compromise — we simulate the full attack lifecycle to expose your real risk before adversaries find it first.

Advanced

Red Team Operations

We don't simulate theoretical threats — we replicate the exact techniques used by real adversaries. Starting from zero access, we pursue your most valuable assets through stealth, persistence, and lateral movement, testing whether your people, processes, and technology can detect and respond in time.

  • Operator-controlled C2 (Cobalt Strike, Sliver, Outflank)
  • Custom implant development with EDR/AV evasion
  • Full Active Directory kill chain: foothold to DA
  • Assumed breach & objective-based scenarios
  • Phishing-led initial access with AiTM & payload delivery
  • MITRE ATT&CK mapped report with detection gaps
Engage Us

Cloud Security Review

Cloud breaches are almost never about zero-days — they're about misconfigurations, excessive permissions, and forgotten resources. We assess your cloud posture the way an attacker would, chaining low-severity findings into high-impact attack paths that automated scanners miss entirely.

  • AWS / Azure / GCP misconfiguration & hardening review
  • IAM policy analysis: over-provisioned roles & priv-esc paths
  • Public exposure audit: storage, snapshots, APIs & databases
  • Azure AD / Entra ID & Conditional Access assessment
  • IMDS abuse, SSRF-to-metadata & container escape scenarios
  • Hardcoded secrets & credential leakage discovery
Engage Us

Phishing Simulations

MFA alone won't save you. We run campaigns using the exact infrastructure and tradecraft threat actors use — from browser-in-the-browser lures and AiTM proxies that bypass MFA entirely, to pretexted spear-phishing targeting executives. Every campaign ends with actionable metrics and awareness recommendations.

  • AiTM credential harvesting — bypasses MFA transparently
  • Device Code phishing targeting Microsoft 365 & Azure
  • Browser-in-the-Browser (BITB) lure pages
  • Spear-phishing with macro-free malicious attachments
  • QR code & SMS-based (smishing) campaigns
  • Full metrics: open rates, click rates, credential submission
Engage Us

Source Code Review

Automated scanners flood developers with noise. We combine SAST tooling with deep manual review by engineers who understand both how code is written and how it's attacked — uncovering the subtle logic flaws, privilege escalations, and data leakage paths that scanners consistently miss.

  • Business logic & access control flaw analysis
  • Injection vulnerabilities: SQL, SSTI, XXE, deserialization
  • Insecure authentication, session management & JWT handling
  • Hardcoded secrets, API keys & sensitive data exposure
  • Dependency & supply chain vulnerability review
  • Python, Java, C/C++, Go, Bash, PowerShell coverage
Engage Us

Web App & API Security

Modern applications are complex — multiple SPAs, microservices, third-party integrations, and public APIs each introduce their own attack surface. We test the full stack manually, chaining low-risk issues into scenarios that demonstrate real business impact: account takeover, data exfiltration, privilege escalation.

  • IDOR, broken object-level & function-level authorization
  • OAuth 2.0, SAML & JWT implementation flaws
  • REST & GraphQL API abuse, introspection & batching attacks
  • SSRF, XXE, SSTI & advanced injection chains
  • Race conditions, mass assignment & business logic abuse
  • Full re-test included upon remediation
Engage Us

Infrastructure Security

From your internet-facing perimeter to your internal domain controllers, we map and exploit your infrastructure the way a targeted attacker would — enumerating every exposed asset, prioritising exploitable vulnerabilities, and demonstrating the full impact of a network-level breach.

  • External attack surface mapping & subdomain enumeration
  • Vulnerability discovery, prioritisation & exploitation
  • Active Directory: Kerberoasting, AS-REP, NTLM relay, ESC attacks
  • SMB & LDAP relay chains, credential coercion (PetitPotam, etc.)
  • Network segmentation & VLAN bypass testing
  • Post-exploitation: credential dumping, persistence & pivoting
Engage Us
// Why Red Team Security

Operator-Led. Adversary-Minded.

We are not a checkbox security firm. Every engagement is led by a practitioner who has spent years in the trenches — developing offensive tooling, evading enterprise EDRs, and exploiting real production environments.

Our operators have presented at international security conferences, contributed to the offensive security community, and hold the industry's most respected certifications.

Real-World Tooling We build and use custom offensive tools — not just run Nessus scans.
No Off-the-Shelf Reports Every report is hand-crafted with exploitation evidence and business impact context.
Stealth-First Operations Engagements designed to test your detection and response, not just find open ports.
Post-Engagement Support We work with your team until findings are remediated and validated.
MITRE ATT&CK Coverage
Reconnaissance
90%
Initial Access
95%
Execution
88%
Persistence
85%
Privilege Escalation
92%
Defense Evasion
87%
Lateral Movement
91%
Exfiltration
83%
// The Operator

About Red Team Security SRL

Andrei Grigoras

Andrei Grigoras

Founder · Penetration Tester · Red Teamer

Red Team Security SRL was founded by Andrei Grigoras — a self-driven, self-taught security professional with over 7 years of hands-on offensive security experience. Starting from a Junior Security Researcher role in 2018, Andrei progressed rapidly through SOC analysis, consulting at Accenture, senior penetration testing at TwelveSec and Casumo, independent tooling research, and most recently as a Red Team Operator at PwC Ireland — leading engagements against organizations with 5,000+ employees.

Andrei is a recognized speaker at international security conferences including DefCamp, BSides Athens, BSides Tirana, HEK.SI, and INFOSEK.SI. He has developed multiple custom offensive tools used in real engagements, contributed original research to the community, and competed for Team Romania in the European Cyber Security Challenge.

[email protected] LinkedIn Profile

Career Timeline

2025 – Present

Red Team Operator

PwC Ireland

Leading red team engagements for large enterprises (5,000+ employees), developing custom attack infrastructure, modifying tools like Kerbrute and SOAPHound, and supporting External Attack Surface Management.

2024 – 2025

Offensive Tool Researcher & Developer

Cybral (Freelance)

Built Web Application Vulnerability Scanner MVP with scraper, fuzzer, and AI-powered anomaly detector. Developed Automated Red Team engine with 60+ CVE PoCs and Terraform-based infrastructure.

2022 – 2024

Senior Penetration Tester

TwelveSec, Athens

Led red team operations using Mythic and Cobalt Strike, deployed resilient red team infrastructure, mentored junior staff, and conducted mobile, web, infrastructure, and phishing assessments.

2021 – 2022

Senior Penetration Tester

Casumo, Malta

Security testing across iGaming products including code review, external/internal PT, phishing, and infrastructure assessments. Close cooperation with dev/ops teams.

2019 – 2021

Security Consultant & SOC Analyst

Accenture & SecureWorks

Security training development, SAST/DAST assessments at Accenture. SIEM log investigation and MDR endpoint analysis at SecureWorks.

2018 – 2019

Junior Security Researcher

pentest-tools.com

Researched new vulnerabilities, implemented them in the platform, and participated in bug bounty programs.

// Proof of Expertise

Certifications & Achievements

Industry-recognized offensive security certifications backed by real-world competition wins and community contributions.

OSCP

Offensive Security Certified Professional

OffSec · View Certificate ↗
OSEP

Offensive Security Experienced Penetration Tester

OffSec · View Certificate ↗
CRTO

Certified Red Team Operator

Zero-Point Security · View Certificate ↗
CRTL

Certified Red Team Lead

Zero-Point Security · View Certificate ↗
PNPT

Practical Network Penetration Tester

TCM Security · View Certificate ↗
ARTE

Advanced Red Team Expert

HackTricks Training · View Certificate ↗
CRTSv2

Certified Red Team Specialist v2

Security Blue Team · View Certificate ↗
🏆

CTF Competitions

  • 1stContinental Technical Competition — CyberSecurity
  • 1stUSV CTF 2019 & 2020 Finals
  • 1stITEC CTF
  • 3rdIXIA & RST CTF
  • 5thVulnCon CTF
  • 9thDCTF 2020
  • ROEuropean Cyber Security Challenge — Team Romania
🎤

Conference Speaker

  • HackTheZone & HEK.SI "Weaponizing ROP with pwntools"
  • INFOSEK.SI · BSides Tirana · DefCamp "Building a Resilient Red Team Infrastructure with Terraform"
  • BSides Athens "Evilginx and Gophish for Red Teamers"
⚔️

HTB Pro Hacker

Compromised 80+ machines on HackTheBox including Rastalabas challenges, maintaining Pro Hacker rank through consistent offensive security practice.

🛠️

Tool Developer

  • Custom Evilginx3 — dynamic HTML obfuscation & link cloaking
  • Custom Gophish — QR campaigns & AiTM integration
  • Web Vulnerability Scanner — scraper, fuzzer & AI anomaly detector
  • Domain Categorisation Tool — automated reputation management
  • Ransomware PoC — full-UI simulator & fileless in-memory variant
  • 60+ RCE exploits — hand-written CVE proof-of-concepts
// Our Process

Engagement Methodology

Every engagement follows a structured, transparent process designed to maximize findings while minimizing operational disruption.

01

Scoping & Rules of Engagement

We define clear boundaries, objectives, and success criteria. Scope, timeline, communication protocols, and emergency contacts are established before any testing begins.

02

Reconnaissance & OSINT

Passive and active reconnaissance to map your external attack surface — domains, IP ranges, employee data, technology stack, supplier relationships, and exposed credentials.

03

Attack & Exploitation

Methodical exploitation using manual techniques augmented by custom tooling. We chain vulnerabilities to demonstrate real business impact, not just theoretical risk.

04

Reporting & Debrief

Detailed technical and executive reports with reproduction steps, impact ratings, and prioritized remediation roadmaps. Live debrief with your technical and executive teams.

05

Remediation & Re-testing

We support your team through the remediation process and provide complimentary re-testing to confirm that identified vulnerabilities have been properly resolved.

// Arsenal

Custom-Built Offensive Tooling

We don't rely solely on public tools. Our operator develops and maintains a suite of custom offensive capabilities.

Custom Evilginx3

A heavily modified evilginx3 fork featuring dynamic HTML obfuscation to defeat browser-side static scanning engines, link cloaking, and real-time credential capture piped into Gophish campaign metrics.

AiTMPhishingEvasion
Custom Gophish

A feature-extended Gophish fork with native QR code campaign support, full bidirectional integration with the custom Evilginx3 for AiTM flows, and improved credential export and reporting functionality.

PhishingQRReporting
Web Vulnerability Scanner

Custom multi-stage DAST tool: a Selenium-driven scraper maps all inputs, a fuzzer tests XSS, SSTI, LFI, SQLi, and open-redirect vectors, and an AI-assisted anomaly detector reduces false positives automatically.

DASTAIWeb
Domain Categorisation Tool

Automated tool that submits phishing domains for recategorisation across multiple vendor reputation platforms using Selenium and an integrated captcha-solving engine — keeping infrastructure off blocklists.

OPSECReputationAutomation GitHub ↗
Exploit Research Library

60+ hand-written RCE exploit proof-of-concepts covering CVEs from the last 5 years. Each includes a reproducible vulnerable environment, cross-compiled Linux/Windows binaries, and documented exploitation steps.

ExploitsRCEResearch
Ransomware Proof-of-Concept

Two-variant ransomware PoC developed for red team engagements: a full-UI simulator that replicates real-world ransomware UX and workflow for executive-level impact demos, and a fileless in-memory variant that operates without touching disk to evade EDR-protected environments.

RansomwareFilelessEDR EvasionRed Team
// Let's Talk

Request an Engagement

Ready to understand your real risk? Every engagement starts with a confidential scoping call. Reach out and we'll get back to you within 24 hours.

Email [email protected]
LinkedIn Andrei Grigoras
Registration RED TEAM SECURITY SRL, Romania
🔒 All communications are treated as strictly confidential. NDAs available upon request.

We respond within 24 hours on business days.