Penetration Testing

Our specialist offensive testing services include an extensive range of penetration testing capabilities at the application, network, and physical level.

  • Security Research as a Service
  • Red Teaming and Attacker Emulation
  • Web Application and API
  • External, Internal, and Wireless Networks
  • Host and SOE
  • Cloud Environments
  • Mobile Applications
  • Bespoke Systems and Applications

Security Review

Complementing our Penetration Testing we also perform network architecture and application review services. Helping your business achieve best practice design and secure-by-default approaches to your infrastructure.

  • Network Architecture Review
  • Application Architecture Review
  • Source Code Review
  • DevOps Review
  • General Security Consultancy

Incident Response

For when things go wrong, our experienced and qualified team will help with getting you back on track.

  • Incident Response Preparedness
  • Incident Management and Leadership
  • Forensic Investigations (GIAC Certified Forensic Analysts)
  • Malware Analysis

Featured Releases

Article

Timeboxed Penetration Testing - Pulse Security’s Approach

by Denis Andzakovic • May 22 2026

Penetration testing cost is directly correlated to how long an engagement takes to complete. Sometimes the target system or organisation is so vast that a review that achieves what we’d consider “complete” coverage is prohibitively expensive. This article discusses how Pulse Security tackles timeboxed testing engagements. We’ll discuss the problem, how testing is prioritised in an engagement with reduced time-frames, the importance of transparency between penetration testers and clients, and what you can expect from a timeboxed engagement.

Article

Harvesting Intune Device Scripts Without Tools

by Denis Andzakovic • Feb 13 2026

Intune device scripts are bits of PowerShell that run on Intune managed devices. Much like Group Policy Objects in traditional Active Directory, these scripts can contain juicy information like secrets, privilege escalation paths, and more. The only problem is Microsoft doesn’t let you get them back out via the Intune portal, and I don’t always want to setup a whole Powershell environment. Let’s get them back out with just a web browser and curl.

Article

Sensitive data in URLs: Why private links aren’t private anymore due to threat intelligence feeds

by Roy Sugiyama • Jan 14 2026

Modern threat‑intelligence feeds and link scanners have made previously private links searchable by anyone, like that invoice link or the doctor’s notes you were emailed last week. This article explores this data exposure problem, and how developers can protect their applications from disclosing sensitive information when URLs are logged by security tools.

Get in touch

How can we help?

+64 4 889 4756