Security testing · Penetration testing
Find the gaps before someone else does.
CREST-aligned manual penetration testing for Australian businesses. Real attack chains, actionable findings, and a report your team can actually use.
We test external infrastructure, internal networks, web applications, cloud environments, and Active Directory. Every engagement is scoped, quoted, and delivered within a clear timeline.
Our approach
We test like attackers, report like consultants.
Every engagement follows a structured kill chain from scoping through to risk-rated findings.
You know what we're doing at every stage, and nothing in the final report comes as a surprise.
Scope & rules of engagement
We define exactly what gets tested, timelines, and out-of-scope boundaries. A clear engagement plan and quote within a week.
Reconnaissance
We map your attack surface the same way a real adversary would. OSINT, network discovery, asset enumeration — before a single packet is sent.
Manual exploitation
100% manual testing using real attack techniques. We chain vulnerabilities the way a real attacker would, not run an automated scan and rename it.
Risk-rated reporting
Findings rated by risk, with reproduction steps and remediation guidance. Executive summary for the board, technical brief for your engineers.
Scope
What's included
in every engagement.
Eight deliverables included as standard. No per-item upsell, no surprise scope. Every engagement gets the full programme.
Manual testing only
No automated scan reports. Every finding validated by a human tester using real attack techniques.
Risk-rated findings
Every vulnerability rated by likelihood and impact. Critical findings escalated within 48 hours.
Executive summary
Board-ready narrative explaining what was found, what it means, and what needs to happen first.
Remediation guidance
Step-by-step fix instructions per finding, written for the engineers who have to implement them.
Essential Eight mapping
Findings mapped to ACSC Essential Eight controls so remediation feeds your compliance posture.
30-day free retest
We validate your fixes at no additional cost within 30 days of the original report delivery.
Cloud & Active Directory
Azure, M365, and on-premises Active Directory assessments included in scope where relevant.
Cyber insurance–ready
Report structured to meet the evidence requirements of Australian cyber insurance applications.
Built like a real attack chain
Most ‘penetration tests’ are automated vulnerability scans with a logo on the cover. Ours aren't. We follow a structured kill chain: reconnaissance, initial access, lateral movement, privilege escalation, and impact. Each step documented with evidence.
- OSINT and passive reconnaissance
- Network and service enumeration
- Vulnerability identification and chaining
- Privilege escalation and lateral movement
- Impact demonstration with evidence
Scopes we cover
From external internet-facing infrastructure to internal Active Directory, web applications to cloud environments. We scope each test to your risk profile and budget.
- External infrastructure
- Internal network assessment
- Web application testing
- Cloud environments (Azure, M365)
- Active Directory evaluation
- Wireless networks
- APIs and integrations
- Phishing simulation
What you get
Clear findings,
a clear path to fix them.
A penetration test is only useful if you can act on it.
We deliver findings your board can understand, and a remediation roadmap your engineers can follow — not a raw dump of scanner output.
Proven vulnerabilities
Not theoretical risk — demonstrated proof of exploitability. Every critical finding comes with a working proof-of-concept so your board understands the real exposure.
Remediation roadmap
Findings prioritised by business impact so your engineers know what to fix first. No two-hundred item list with no guidance on where to start.
Compliance evidence
Reports mapped to Essential Eight and suitable as evidence for cyber insurance applications, government tender requirements, and internal governance.
Validated fixes
30-day retest included at no charge. We confirm the vulnerabilities we found have been correctly remediated before closing the engagement.
Common questions
Asked by buyers like you.
Not in this list? Email hello@ironsights.com.au or book a 30-minute consultation. No obligation.
How long does a penetration test take?
Scope drives timeline. An external infrastructure test typically runs two to five days of active testing. Internal assessments and web application tests depend on complexity and agreed scope. We provide a detailed timeline at scoping.
Do you use automated tools?
We use automated tools for enumeration and discovery, but every finding is manually validated by a tester. We do not produce automated scan output and call it a penetration test. The value is in the manual analysis and the attack chain.
What's a CREST-aligned methodology?
CREST is an international not-for-profit that certifies professional information security services. Our methodology follows CREST standards for penetration testing, ensuring a consistent, professional, and defensible approach to scope, execution, and reporting.
Will the test disrupt our operations?
We agree on a rules of engagement document before any testing begins. Destructive testing and denial-of-service techniques are excluded unless specifically requested. Out-of-hours testing is available for sensitive environments.
Can you work with our IT provider or MSP?
Yes. We brief your IT team on critical findings during the engagement and provide co-branded reports for MSP clients. Our testing activity is coordinated with your team so there are no surprises.
First step
Scope a test in under a week.
Tell us what you want tested. We'll have a scoping document and quote in front of you within five business days. No lock-in, no fluff.