How we run an engagement —
no black box.
Four principles. Six stages. Measurable framework coverage. Every engagement at LeetProtect follows this spine, adapted to the layer under test.
Four things we never compromise.
Human-led, tool-assisted
Every engagement is run by a named senior operator. Automation is a multiplier, not a replacement.
Evidence over adjectives
Every finding is reproducible. PoC exploit, file:line, session log, screencast where relevant.
Framework-honest
Mapped to the frameworks your regulators, boards, and attackers all reference. No cherry-picking.
Your data, minimised
TLS 1.3, AES-256, regional residency, cryptographic wipe on handoff. Certificate of destruction on request.
Six stages. Same spine across every service.
Scope
Assets, rules of engagement, safety rails, abort conditions — locked in writing before any payload touches your estate.
Recon
Passive + active mapping of your attack surface. Everything attackers would see; nothing they wouldn't.
Exploit
Adversary TTPs mapped to MITRE ATT&CK or ATLAS. Chained low-severity into critical narratives.
Post-Exploit
Lateral movement, privilege escalation, data-access proof. Stopped at pre-agreed blast radius.
Report
Executive heatmap + technical findings with reproducible PoC + exact remediation, not generic advice.
Retest
Free 60-day retest on every remediated finding. Closure evidence archived with the engagement record.
Four frameworks. Zero cherry-picking.
Our test coverage spans the exact frameworks your regulators, boards, and attackers all reference.
7-phase AI red team lifecycle.
Adapted from classic kill-chain methodology, mapped to MITRE ATLAS TTPs and OWASP LLM Top 10 risks.
Honest numbers. No marketing rounding.
These figures represent our standard engagement scope. Exfiltration and destructive impact TTPs are excluded from most scopes by default and are available on request.
Infrastructure & Adversary TTPs
standard scope
12 of 14 enterprise tactics fully covered. Exfiltration is tested within pre-agreed blast radius. Impact (destructive) techniques are excluded from most engagement scopes by default.
Reconnaissance
Active scanning, phishing, OSINT, credential collection
Resource Development
Acquire infrastructure, stage capabilities, establish accounts
Initial Access
Phishing, exploit public-facing app, valid accounts, supply chain
Execution
Command scripting, scheduled tasks, WMI, inter-process communication
Persistence
Boot/logon autostart, account manipulation, backdoors
Privilege Escalation
Kerberoasting, DACL abuse, token impersonation, sudo exploitation
Defense Evasion
EDR bypass, AMSI patching, obfuscation, living-off-the-land
Credential Access
LSASS dump, Kerberoasting, AS-REP roasting, credential spraying
Discovery
Network scanning, AD enumeration, process/file/system discovery
Lateral Movement
Pass-the-hash, Pass-the-ticket, WMIExec, RDP hijacking
Collection
Keylogging, screen capture, data staged from local/network sources
Command & Control
C2 frameworks, DNS tunneling, HTTPS beaconing, domain fronting
Exfiltration
Exfil over C2, web service, encrypted channels
Impact
Data destruction, ransomware simulation, resource hijacking
Adversarial Machine Learning TTPs
standard scope
8 of 11 AI-specific tactics fully covered. Persistence via model backdoors is tested in research contexts. Defense Evasion (safety filter bypass) and Impact are excluded from standard scopes.
Reconnaissance
AI system discovery, model versioning, API endpoint mapping
Resource Development
Acquire shadow models, build attack datasets, staging infrastructure
Initial Access
Prompt injection, LLM plugin exploitation, API abuse
ML Attack Staging
Craft adversarial examples, jailbreak prompts, poisoned data prep
Execution
Agentic tool invocation, plugin/connector abuse, code injection via LLM
Persistence
Backdoored model weights, poisoned fine-tune datasets
Defense Evasion
Bypass safety classifiers, evade output filters, context manipulation
Discovery
Model card extraction, hyperparameter inference, prompt reverse-eng
Collection
Training data reconstruction, RAG document exfil
Exfiltration
Model inversion, membership inference, system prompt extraction
Impact
Model DoS, denial of ML service, reputational damage via output
Large Language Model Security
standard scope
All 10 LLM risk categories tested on every AI engagement. No item is treated as out-of-scope by default — from prompt injection through unbounded consumption.
Prompt Injection
Direct & indirect injection, system prompt override, goal hijacking
Sensitive Information Disclosure
PII leakage, training data extraction, system prompt exposure
Supply Chain
Compromised model weights, poisoned plugins, malicious fine-tune data
Data & Model Poisoning
Training set contamination, backdoor implantation, label flipping
Insecure Output Handling
XSS via LLM output, code injection, SSRF through model-generated URLs
Excessive Agency
Overpermissioned agents, unintended tool invocation, action chaining
System Prompt Leakage
Extraction via manipulation, jailbreak, indirect context surfacing
Vector & Embedding Weaknesses
RAG injection, semantic search poisoning, embedding inversion
Misinformation
Hallucination exploitation, authority spoofing, false reasoning chains
Unbounded Consumption
Prompt flooding, model DoS, resource exhaustion via recursive calls
Web Application Security
standard scope
All 10 web application risk categories are covered in every web application or API assessment. Business logic and design flaws are tested manually, not just automated.
Broken Access Control
IDOR, path traversal, CSRF, privilege escalation, CORS misconfig
Cryptographic Failures
Weak ciphers, cleartext transmission, hardcoded keys, insecure storage
Injection
SQLi, NoSQLi, OS command injection, SSTI, LDAP injection
Insecure Design
Missing security controls, business logic abuse, trust boundary violations
Security Misconfiguration
Default creds, exposed admin panels, verbose errors, missing hardening
Vulnerable & Outdated Components
CVE exploitation, dependency confusion, SCA analysis
Authentication & Identity Failures
Credential stuffing, MFA bypass, session fixation, JWT manipulation
Software & Data Integrity Failures
Insecure deserialization, unsigned updates, CI/CD pipeline attacks
Security Logging & Monitoring Failures
Log evasion, detection gap analysis, incident response readiness
Server-Side Request Forgery (SSRF)
Cloud metadata SSRF, blind SSRF, internal service pivoting
See exactly what you receive.
Every finding is tagged to its ATT&CK or OWASP reference. Every remediation is exact. Every report is reproducible.