// METHODOLOGY
Impact-driven,
from first packet to last.
Everything we do starts with one question: what must never
fail? The critical systems behind your revenue, your
operations and your customers' trust drive every scenario we select
and every action we take. Our job is to make those systems resilient
to emerging threats, and to prove it. Intelligence-led and mapped to
MITRE ATT&CK throughout.
Recon & Planning
We map your organisation the way an adversary does: attack surface, leaked credentials, staff footprint, supplier exposure. Then we plan the operation around the systems whose loss would genuinely hurt. Impact sets the objectives and intelligence shapes the route. Because the platform watches continuously, this picture is often warm before an engagement even begins.
You learn: what an adversary sees, and which of your critical systems they would aim for first.
Initial Access
Phishing, exposed services, password spraying, physical entry, supply chain. We gain a foothold using the techniques current threat actors actually use, chosen from live intelligence and agreed within your rules of engagement.
You learn: which doors actually open, and whether anyone notices.
Network Propagation
From foothold to the systems that matter: privilege escalation, lateral movement and persistence, executed quietly along the paths that lead to your critical business systems. Every action is timestamped so your blue team can replay the operation minute by minute and see what their tooling caught and what it missed.
You learn: how far one foothold reaches towards the heart of your organisation, and what your SOC saw along the way.
Impact
The phase everything else exists for. We demonstrate real consequence against the systems you cannot live without: payment flows, production lines, data platforms, OT. Reach and control are proven safely, without putting live operations at risk. The result is not a list of CVEs. It is a clear demonstration of business impact.
You learn: the genuine business impact of a successful attack, in terms a board understands.
Debrief
Every operation ends with a full attack narrative, detection gap analysis and prioritised remediation, walked through with your technical teams and your leadership. From there we help you build on it: purple team replays alongside your defenders, SOC training built on the real attack telemetry, detection engineering uplift, and re-testing to confirm the fixes hold. Findings feed back into the platform and the loop continues.
You learn: what to fix first, with proof it worked, and your blue team gets sharper with every round.
IMPACT-FIRST
Scoping starts with the systems your organisation cannot live without. If an action has no bearing on real business risk, it is not in the plan.
INTELLIGENCE-LED
Scenarios come from current threat activity and your actual adversary profile, in the spirit of TIBER-EU and CBEST rather than a template.
SAFE BY DESIGN
Strict rules of engagement, deconfliction channels and controlled tooling on every operation. Realistic never means reckless.
DETECTION-FOCUSED
We measure what your defences saw at every phase, not just whether we got in. The gaps become your detection roadmap.
EVIDENCE, NOT OPINION
Every finding is tied to an observed action with full technical detail, mapped to MITRE ATT&CK and replayable by your team.
// THE OUTPUT
Reported in the portal.
Not a 200-page PDF.
Every engagement is delivered through the Saluki portal, the only
reporting portal built specifically for red teaming. You navigate
the findings the way you remediate them: filter by scenario, drill
into the kill chain, and push results straight into your own
tooling over the API.
- Scenario filtering & multi-scenario engagements
- Interactive MITRE ATT&CK heatmaps
- Detection coverage mapping
- Full operations logging, timestamped
- Interactive search & filters throughout
- Regulated standards supported
- API access to feed your remediation workflow
- Attack narrative, phase by phase
Still want the PDF? It's in the portal too. We just don't think you'll open it twice.
portal.salukilabs.com
Scenarios
ATT&CK Map
Detections
Ops Log
API & Exports
ATT&CK COVERAGE · SCENARIO 02/04
■ detected
■ missed
■ not exercised
CREST
Certified operators holding CCRTS & CCRTM
DECADES
Of experience running offensive operations
0-DAY
In-house vulnerability research & exploit capability
PROVEN
Against hardened FTSE 100, finance, defence & manufacturing environments