Offensive Security

Penetration Testing

We find the gaps before adversaries do - then help you close them.

Penetration testing is an authorized simulated cyberattack against an organization's systems to identify exploitable vulnerabilities. Sherlock Forensics delivers network, application, cloud, AI/ML and red team penetration testing in Vancouver and across British Columbia, including LLM prompt injection testing and AI model security assessments, following PTES and OWASP methodologies. Specializing in penetration testing for AI-built and vibe-coded applications targeting Cursor, Bolt, Lovable and Replit users.

Automated scanners find known vulnerabilities. Our testers find what scanners miss - business logic flaws, chained exploits and the attack paths that lead from initial access to domain compromise. Every engagement includes actionable remediation guidance and a retest to verify your fixes.

Scope a Penetration Test All Services

Capabilities

Penetration Testing Services

01 - Network

Network Penetration Testing

External and internal network testing targeting perimeter defences, Active Directory, segmentation controls and lateral movement paths. Full kill-chain assessment from initial access to objective completion.

02 - Application

Web & API Security Testing

OWASP Top 10 and beyond - authentication bypass, injection, authorization flaws, business logic vulnerabilities and API security testing for REST and GraphQL endpoints.

03 - Cloud

Cloud Security Assessment

AWS, Azure and GCP security assessment targeting IAM misconfigurations, storage exposure, network controls, serverless vulnerabilities and container escape paths.

04 - Red Team

Red Team Engagements

Objective-based adversary simulation with realistic TTPs mapped to MITRE ATT&CK. Tests your detection and response capabilities under conditions that mirror actual threat actors.

05 - Social

Social Engineering

Phishing campaigns, vishing and physical security assessments to evaluate human-layer defences. Measures employee security awareness and organizational resilience.

06 - AI/ML

AI & ML Security Testing

LLM prompt injection testing, model extraction and inversion attacks, adversarial input fuzzing, inference endpoint abuse and AI API authentication testing. We assess ML pipelines, model serving infrastructure, training data stores and AI supply chains - the same attack surfaces threat actors are already targeting.

Engagement Types

Testing Approaches

Approach Knowledge Level Best For
Black Box No internal knowledge provided External attacker simulation
Grey Box Limited credentials, partial documentation Insider threat, authenticated testing
White Box Full access: source code, architecture, credentials Full security assessment
Red Team Objective-based, no rules of engagement constraints Detection and response validation

Already have security tools deployed? Find out if they actually detect real attacks.

Internal Testing

ShadowTap: Remote Internal Penetration Testing

How It Works

We ship a pre-configured ShadowTap device to your office. Plug it into any network port. It connects back to our lab over an encrypted tunnel. Our team tests your internal network as if we were sitting at a desk in your office. No VPN, no firewall changes, no IT overhead. Every engagement begins with threat modeling to prioritize the attack paths most relevant to your environment.

What We Test

Internal network reconnaissance and enumeration, Active Directory assessment, lateral movement testing, privilege escalation, internal service vulnerability assessment and internal credential exposure. All findings mapped to MITRE ATT&CK.

Scope and Pricing

Standard scope covers 1 internal subnet (up to 254 hosts) included in the $12,000 CAD Comprehensive Assessment. Larger environments scoped separately. Order online or contact us for custom pricing.

Frequently Asked Questions

Penetration Testing FAQs

What is penetration testing?
Penetration testing is an authorized simulated cyberattack against your systems to identify exploitable vulnerabilities before real adversaries do. We follow the Penetration Testing Execution Standard (PTES) and OWASP Testing Guide methodologies.
How often should penetration testing be performed?
At minimum, annually or after significant infrastructure changes. Compliance frameworks like PCI DSS, SOC 2 and ISO 27001 require annual testing. High-risk organizations should test quarterly or implement continuous testing programs. Preparing for ISO 27001 certification? Our ISO 27001 penetration testing includes Annex A control mapping from $3,500 CAD.
What is the difference between a vulnerability scan and a penetration test?
A vulnerability scan is automated and identifies known vulnerabilities. A penetration test uses manual exploitation, chaining and lateral movement to determine actual business impact. Scans find potential weaknesses; pen tests prove exploitability.
Will penetration testing disrupt our production systems?
We design engagements to minimize disruption. Scope, timing and boundaries are agreed upon before testing begins. High-risk exploit attempts are only performed with explicit authorization in designated maintenance windows.
What deliverables are included in a pen test report?
Reports include an executive summary, detailed technical findings with CVSS scoring, proof-of-concept evidence, step-by-step remediation guidance and a retest offer to verify fixes.
How much does a penetration test cost?
Quick audits start at $1,500 CAD. Standard pentests are $5,000 CAD. Comprehensive assessments with internal testing start at $12,000 CAD. See our transparent pricing guide for detailed cost breakdowns by scope and complexity.
How long does a penetration test take?
Quick audits deliver in 5 business days. Standard pentests take 10-15 business days. Comprehensive assessments take 15-20 business days.
Do you test on weekends or after hours?
Testing can be scheduled for off-hours to minimize business impact. Discuss timing during the scoping process.

FAQ

Frequently Asked Questions

What is included in a penetration test from Sherlock Forensics?
Every engagement includes pre-test scoping, active testing aligned to PTES and OWASP methodologies, a detailed report with CVSS-scored findings and proof-of-concept evidence, a prioritized remediation roadmap and a retest window to verify your fixes. Reports are structured for both technical teams and executive stakeholders.
How much does a penetration test cost in Canada?
Quick audits start at $1,500 CAD for a single external target. Standard penetration tests are $5,000 CAD with manual testing and business logic analysis. Comprehensive assessments with internal network testing via ShadowTap start at $12,000 CAD. All pricing is fixed-quote with no hidden fees.
What is the difference between a vulnerability scan and a penetration test?
A vulnerability scan is an automated tool-based assessment that identifies known weaknesses. A penetration test goes further by manually exploiting those weaknesses, chaining vulnerabilities together and demonstrating real business impact through lateral movement and privilege escalation. Scans find potential issues while pen tests prove what an attacker could actually achieve.
Will penetration testing cause downtime or disrupt production systems?
We design engagements to minimize disruption. Scope, timing and testing boundaries are agreed upon before the engagement begins. High-risk exploit attempts and denial-of-service testing are only performed with explicit authorization during designated maintenance windows. We maintain constant communication with your team throughout.
How long does a typical penetration test take to complete?
Quick audits deliver results in 5 business days. Standard penetration tests take 10 to 15 business days. Comprehensive assessments with internal testing take 15 to 20 business days from kickoff to final report delivery.

Authority Resources

Standards & References

Methodology Sources

Related Services

Certifications

Our offensive security team holds recognized certifications.

CISSP

Related

What to Expect from a Penetration Test

A step-by-step walkthrough of the penetration testing process from scoping through final report delivery.

How to Read a Pen Test Report

Guidance for executives and technical teams on interpreting findings, CVSS scores and remediation priorities.

AI Code Security Audit

Security audits for AI-generated code from Copilot, Claude and ChatGPT. We find hallucinated packages, hardcoded secrets and injection flaws.

Order Online

Purchase a penetration test, security audit or phishing campaign online with no meetings required.

Compare

Choose Your Assessment

Feature Quick Audit Standard Comprehensive
Price$1,500$5,000$12,000
External testingYesYesYes
Internal testing--Yes (ShadowTap)
OWASP Top 10BasicFullFull
Social engineering--Yes
Debrief call-30 min60 min
Retest included--Yes (90 days)
Timeline5 days10-15 days15-20 days
Best forMVPs, side projectsProduction appsEnterprise
★★★★★ 4.8 out of 5 based on 17 reviews Leave a Review

Get Started

Ready to test your defences?

Order a penetration test online - no meetings required. Quick Audit from $1,500 CAD, Standard Pentest from $5,000 CAD, Comprehensive with ShadowTap from $12,000 CAD.

Not sure if a pentest is the right fit? Use our interactive guide to compare assessment types. Combine penetration testing with tabletop exercises for complete security validation. Start with a free security scorecard to see where you stand.

Since 20064.8/5 ratingCISSP, ISSAP certified
Order Online

From Our Blog

Related Reading

What Is Penetration Testing? Explained Simply

Penetration testing explained in plain language. What it is, why it matters, what happens during one, what the report looks like and how much it costs.

What Happens During a Penetration Test: Day by Day

A day-by-day walkthrough of a real penetration test. What happens during scoping, reconnaissance, active testing, exploitation, reporting and debrief.

The Top 10 Things We Find in Every Penetration Test

The 10 most common vulnerabilities we find across hundreds of penetration tests. Default credentials, missing rate limiting, SQL injection, XSS and more.

Scope Your Penetration Test

We scope pre-funding pen tests, compliance validations and full red team engagements to match your risk profile and objectives.

Call 604.229.1994
Phone
604.229.1994
Burnaby Office
Burnaby, BC, Canada
Coquitlam Office
Coquitlam, BC, Canada
Typical Timeline
2-4 weeks from scoping to final report