Operators, not account managers
The person you talk to is the person breaking into your network. No handoffs to juniors after the kickoff call.
About
Built by operators, not consultants.
Ceretrix is an offensive security firm. We run focused penetration testing engagements and build the tooling we use to run them — released openly, so the work shows. No outsourcing, no padding, no checklists pretending to be strategy.
Mission
Find what attackers would find. Fix what matters first.
Most organizations don't have a findings problem — they have a prioritization and remediation problem. We engage in a way that gives your team a defensible, actionable picture of where you'd lose first, backed by tooling that keeps every finding traceable from discovery to closure.
Reports your engineers will actually read
Reproduction steps, evidence, severity context, and fix guidance. No filler, no padding, no boilerplate exec summaries.
We open-source what we use
PentestCompanion is the workspace we run engagements in — released openly so customers can verify the work and inherit the tooling.
Trust is the baseline
NDA-first conversations. Scoped access. Encrypted-at-rest engagement data. Audit logging on everything. Not add-ons — the default.
Get in touch