TCG Red Team · authorized engagements only
Authorized pentesting and offensive security assessments for small businesses in Indiana and remote nationwide. External and internal scope, web-app testing, infrastructure review, and social engineering with written consent. You get a report you can hand to your insurance carrier, your compliance team, or the next IT contractor — written in plain English with technical evidence attached.
Every engagement is scoped in writing before any tool runs. You sign the scope. I work the scope. Anything outside scope stays untouched. There is no exploration, no "while I was in there I noticed…" surprises — if I find a critical issue beyond scope, it goes in the out-of-scope appendix as a finding, not as live testing.
What an attacker on the internet sees. Port scan, service fingerprint, TLS posture, exposed admin panels, default credentials, public S3 buckets, GitHub-leaked secrets, employee email exposure check.
External details →OWASP Top 10 walkthrough on customer-facing sites: injection, broken auth, exposed admin, IDOR, CSRF, XSS, file upload, business-logic abuse. Manual testing on top of Burp Suite, with proof-of-concept evidence preserved.
Web app details →Drop a small box on your LAN (with your permission) for an "assumed-breach" walk: lateral movement potential, password-spray exposure, SMB shares, AD misconfigurations, printer admin, IoT devices, camera access from unsegmented Wi-Fi.
Internal details →Wi-Fi crypto strength (WPA2/WPA3), guest-network leakage, hidden SSIDs, rogue AP detection, EAP misconfigurations. Walk the building. Report includes signal heatmap of in-scope coverage.
Wireless details →Optional and only with written authorization from the business owner: simulated phishing emails, vishing scripts, badge / tailgating attempt at a single physical entry. Captures click-through and credential-submission rates without ever capturing the actual credential.
Phishing details →For businesses with existing camera systems: test default credentials, RTSP exposure, mobile-app authentication, NVR firmware CVEs, retention claims vs. reality. The same tests an attacker who wants to disable your cameras would run.
Camera review details →Every engagement runs the same loop. The deliverable is a report you actually understand — executive summary, technical findings ranked by severity, fix recommendations, evidence appendix. Nothing is dropped on you in jargon.
You and I sign a Rules of Engagement document defining IP ranges, hostnames, time windows, exclusions, and emergency-stop procedure. Nothing runs without it.
Open-source reconnaissance only at this stage. Public DNS, certificate transparency logs, leaked-credential databases, employee names from your public site. Nothing intrusive.
Per the scope. Each finding is captured as it happens with timestamp, command, output, and severity. I don't pivot beyond scope without re-authorizing in writing.
Every finding is verified twice. Anything I introduced (tools, accounts, persistence artifacts) is removed and the cleanup is documented. You get a signed cleanup attestation.
Written report with executive summary (one page), technical findings (ranked, with fix steps), and evidence appendix. Live debrief call with your team to answer questions. You keep the report — it's yours, not licensed back to a portal.
HIPAA risk-assessment pentesting. Patient-data exposure paths. Workstation-locked-on-leave verification. Camera privacy zoning.
Client-confidentiality-aware testing. File-server exposure. Document-management portals. Client-portal auth. Lost-laptop incident playbook validation.
POS / cardholder-data segmentation. Guest-Wi-Fi leakage. Vendor-account hygiene. Pre-PCI-attestation gap analysis.
Same-test-every-site rollouts. Comparable scoring across locations. Findings rolled up to a multi-site dashboard for the operator.
Most small-business engagements are flat-priced after the scoping call. Hourly billing only when the scope is too open-ended to fix-price — and in that case I tell you up front.
One internet-facing site or small range. Reconnaissance, web testing, perimeter posture. Report + debrief.
Most-popular small-business package. External perimeter + assumed-breach internal walk.
Active compromise, ransomware, breach response. TCG Solutions' incident-response rate.
501(c)(3) within service area. Code TCG26FREE. Hardware not included.