Internal Penetration Testing

Simulates an attacker with network access or insider knowledge. We identify privilege escalation paths, lateral movement routes, password weaknesses, Active Directory flaws, and detection blind spots.

External Penetration Testing

Assesses your internet perimeter. We map and validate all public-facing assets, identify vulnerabilities and configuration issues, and confirm what an external adversary could exploit.

Web Application Penetration Testing

Uses OWASP methodology to uncover exploitable flaws in web applications, including injection, access control, logic, and session handling weaknesses.

Wireless Penetration Testing

Evaluates the security of wireless infrastructure, including authentication methods, encryption strength, and segmentation between internal and guest networks.

Physical Penetration Testing

Tests your facility’s ability to prevent unauthorized access. We attempt to enter secure areas and access data or systems through controlled, ethical intrusion and manipulation of security controls.

Phishing

Targeted email simulations crafted to test employee decision-making and the organization’s ability to detect and respond to credential theft attempts.

Vishing

Phone-based scenarios that evaluate how staff respond to urgent or manipulative requests for sensitive information.

Smishing

SMS-based testing to reveal weaknesses in mobile workflows and MFA processes.

Red Team

A controlled operation that replicates advanced attacker behavior within defined boundaries. We focus on gaining access, maintaining persistence, and achieving defined objectives while your defensive team works to identify and contain activity.

Purple Team

A collaborative assessment structured around the MITRE ATT&CK framework. Leet works directly with defenders to execute selected tactics and verify that detections, alerts, and responses perform as expected.

Internal CSA

A holistic assessment covering every major system and control surface. We evaluate Active Directory, password policies, endpoint hardening, network access controls, email configuration, and cloud posture. The goal is to identify vulnerabilities across infrastructure and provide clear, prioritized remediation guidance.

External CSA

A complete review of all public-facing systems. Leet inventories your assets, validates exposures, and performs manual analysis to identify vulnerabilities and configuration weaknesses that pose real risk.

Wireless CSA

Analysis of wireless environments focused on encryption, segmentation, and exposure to rogue devices.

Physical CSA

On-site collaboration with facilities and security personnel to identify weak points in building access control, surveillance, and visitor management processes.

Tabletop Exercises

Interactive workshops built around realistic incident scenarios. Teams walk through technical, procedural, and communication steps to reveal coordination gaps and strengthen response confidence.

Security Awareness Training

Custom training programs designed around your actual threat landscape and employee behavior patterns. Built to improve awareness, not just compliance.

Organizational Risk Assessment

Modeled after NIST-level foundational risk assessment practices, this engagement builds a practical understanding of your business priorities and processes. Leet works with stakeholders to map key functions, identify dependencies, and pinpoint where operational risk intersects with what the business values most.

Threat Assessment

Sector-specific analysis that connects evolving attacker trends to your operational footprint. Provides forward-looking insight into how emerging threats could impact your organization.

Software Security Review

Focused review of application architecture and code to identify insecure design patterns, weak data handling, and dependency issues early in development.

Board and Executive Reporting

Condenses complex technical information into concise, actionable summaries written for leadership. Builds clarity between technical findings and business impact.

Vendor Administration Review

Evaluates third-party access, shared credentials, and administrative boundaries to identify potential exposure across your supply chain.