Network Penetration Testing
External and internal network testing targeting perimeter defences, Active Directory, segmentation controls and lateral movement paths. Full kill-chain assessment from initial access to objective completion.
Offensive Security
Penetration Testing
We find the gaps before adversaries do - then help you close them.
Penetration testing is an authorized simulated cyberattack against an organization's systems to identify exploitable vulnerabilities. Sherlock Forensics delivers network, application, cloud, AI/ML and red team penetration testing in Vancouver and across British Columbia, including LLM prompt injection testing and AI model security assessments, following PTES and OWASP methodologies. Specializing in penetration testing for AI-built and vibe-coded applications targeting Cursor, Bolt, Lovable and Replit users.
Automated scanners find known vulnerabilities. Our testers find what scanners miss - business logic flaws, chained exploits and the attack paths that lead from initial access to domain compromise. Every engagement includes actionable remediation guidance and a retest to verify your fixes.
Capabilities
Penetration Testing Services
Web & API Security Testing
OWASP Top 10 and beyond - authentication bypass, injection, authorization flaws, business logic vulnerabilities and API security testing for REST and GraphQL endpoints.
Cloud Security Assessment
AWS, Azure and GCP security assessment targeting IAM misconfigurations, storage exposure, network controls, serverless vulnerabilities and container escape paths.
Red Team Engagements
Objective-based adversary simulation with realistic TTPs mapped to MITRE ATT&CK. Tests your detection and response capabilities under conditions that mirror actual threat actors.
Social Engineering
Phishing campaigns, vishing and physical security assessments to evaluate human-layer defences. Measures employee security awareness and organizational resilience.
AI & ML Security Testing
LLM prompt injection testing, model extraction and inversion attacks, adversarial input fuzzing, inference endpoint abuse and AI API authentication testing. We assess ML pipelines, model serving infrastructure, training data stores and AI supply chains - the same attack surfaces threat actors are already targeting.
Engagement Types
Testing Approaches
| Approach | Knowledge Level | Best For |
|---|---|---|
| Black Box | No internal knowledge provided | External attacker simulation |
| Grey Box | Limited credentials, partial documentation | Insider threat, authenticated testing |
| White Box | Full access: source code, architecture, credentials | Comprehensive security assessment |
| Red Team | Objective-based, no rules of engagement constraints | Detection and response validation |
Internal Testing
ShadowTap: Remote Internal Penetration Testing
How It Works
We ship a pre-configured ShadowTap device to your office. Plug it into any network port. It connects back to our lab over an encrypted tunnel. Our team tests your internal network as if we were sitting at a desk in your office. No VPN, no firewall changes, no IT overhead.
What We Test
Internal network reconnaissance and enumeration, Active Directory assessment, lateral movement testing, privilege escalation, internal service vulnerability assessment and internal credential exposure. All findings mapped to MITRE ATT&CK.
Scope and Pricing
Standard scope covers 1 internal subnet (up to 254 hosts) included in the $12,000 CAD Comprehensive Assessment. Larger environments scoped separately. Order online or contact us for custom pricing.
Frequently Asked Questions
Penetration Testing FAQs
- What is penetration testing?
- Penetration testing is an authorized simulated cyberattack against your systems to identify exploitable vulnerabilities before real adversaries do. We follow the Penetration Testing Execution Standard (PTES) and OWASP Testing Guide methodologies.
- How often should penetration testing be performed?
- At minimum, annually or after significant infrastructure changes. Compliance frameworks like PCI DSS, SOC 2 and ISO 27001 require annual testing. High-risk organizations should test quarterly or implement continuous testing programs.
- What is the difference between a vulnerability scan and a penetration test?
- A vulnerability scan is automated and identifies known vulnerabilities. A penetration test uses manual exploitation, chaining and lateral movement to determine actual business impact. Scans find potential weaknesses; pen tests prove exploitability.
- Will penetration testing disrupt our production systems?
- We design engagements to minimize disruption. Scope, timing and boundaries are agreed upon before testing begins. High-risk exploit attempts are only performed with explicit authorization in designated maintenance windows.
- What deliverables are included in a pen test report?
- Reports include an executive summary, detailed technical findings with CVSS scoring, proof-of-concept evidence, step-by-step remediation guidance and a retest offer to verify fixes.
Authority Resources
Standards & References
Methodology Sources
Related Services
Certifications
Our offensive security team holds recognized certifications.
CISSP
Related
Further Reading
What to Expect from a Penetration Test
A step-by-step walkthrough of the penetration testing process from scoping through final report delivery.
How to Read a Pen Test Report
Guidance for executives and technical teams on interpreting findings, CVSS scores and remediation priorities.
AI Code Security Audit
Security audits for AI-generated code from Copilot, Claude and ChatGPT. We find hallucinated packages, hardcoded secrets and injection flaws.
Order Online
Purchase a penetration test, security audit or phishing campaign online with no meetings required.
Get Started
Ready to test your defences?
Order a penetration test online - no meetings required. Quick Audit from $1,500 CAD, Standard Pentest from $5,000 CAD, Comprehensive with ShadowTap from $12,000 CAD.
Order OnlineScope Your Penetration Test
Whether you need a pre-funding pen test, compliance validation or a full red team engagement, we will scope an engagement that matches your risk profile and objectives.
Call 604.229.1994- Phone
- 604.229.1994
- Burnaby Office
- Burnaby, BC, Canada
- Coquitlam Office
- Coquitlam, BC, Canada
- Typical Timeline
- 2-4 weeks from scoping to final report