Last month, a client came to us after a breach. The attacker’s entry point? A staging server on a subdomain that nobody remembered existed. It had been spun up two years ago for a demo, never decommissioned, and was running an unpatched version of WordPress with default credentials.
This story plays out constantly. Companies invest heavily in securing their known assets while forgotten infrastructure quietly accumulates risk in the shadows. The uncomfortable truth is that most organizations have no idea what their actual external attack surface looks like—let alone whether their applications, networks, and cloud environments are actually secure.
That’s why we built a complete suite of security services designed to find vulnerabilities before attackers do.
Introducing Lorikeet: Attack Surface Management
Lorikeet is our Attack Surface Management platform—a continuous monitoring service that discovers and tracks every internet-facing asset tied to your organization. Subdomains, open ports, exposed services, outdated software, misconfigured DNS, weak TLS… if it’s visible from the outside, Lorikeet finds it.
This isn’t a one-time scan. Lorikeet runs continuously, so when your dev team spins up a new subdomain at 2am or someone accidentally exposes a database port, you know about it before an attacker does.
What Lorikeet Monitors
| Asset Type | What We Track |
|---|---|
| Subdomains | All subdomains including forgotten dev/staging environments |
| IP Addresses | Every IP associated with your organization |
| Open Ports | All exposed services and their versions |
| Web Applications | Technology stacks, frameworks, CMS versions |
| SSL/TLS | Certificate health, cipher suites, protocol versions |
| DNS Records | Misconfigurations, dangling CNAMEs, takeover risks |
| Email Security | SPF, DKIM, DMARC configuration analysis |
| Third-Party Services | Connected services and their security posture |
How Lorikeet Works
Lorikeet uses the same reconnaissance techniques that real attackers use—just continuously and on your behalf.
| Phase | Description |
|---|---|
| 1. Discovery | Automated subdomain enumeration using DNS brute force, certificate transparency logs, and search engine scraping |
| 2. Port Scanning | Continuous identification of all exposed ports and running services |
| 3. Fingerprinting | Technology and version detection across your entire attack surface |
| 4. Vulnerability Scanning | Integration with industry-standard scanners to catch known CVEs |
| 5. SSL/TLS Assessment | Certificate expiration, weak ciphers, protocol vulnerabilities |
| 6. DNS Analysis | SPF/DKIM/DMARC validation, hijacking risk assessment |
| 7. Change Detection | Real-time alerts when your attack surface changes |
| 8. Threat Intelligence | Correlation with active exploit trends and emerging threats |
Common Vulnerabilities We Find
- Forgotten Subdomains & Shadow IT — staging.yourcompany.com, dev-api.yourcompany.com, that random subdomain someone pointed at their home IP
- Exposed Development Environments — Debug mode enabled, default credentials, production data copies
- Outdated Software Versions — Known CVEs on assets nobody knew existed
- Misconfigured DNS — Dangling CNAMEs ripe for subdomain takeover
- Weak SSL/TLS — Expired certs, TLS 1.0 enabled, weak cipher suites
- Exposed Admin Panels — phpMyAdmin, WordPress admin, cPanel open to the internet
- Open Database Ports — MongoDB, MySQL, Redis, Elasticsearch directly exposed
- Information Disclosure — Software versions, internal paths, stack traces in banners
The PTaaS Portal: Real-Time Security Intelligence
Everything flows into our PTaaS (Penetration Testing as a Service) portal—a single dashboard for your entire security posture. No more waiting for quarterly reports. No more spreadsheets tracking assets across teams.
Portal Features
| Feature | Description |
|---|---|
| Asset Inventory | Every discovered subdomain, IP, and service in one place |
| Real-Time Findings | Vulnerability details, severity ratings, and remediation guidance as discovered |
| Change Timeline | Historical view of attack surface evolution |
| Instant Alerts | Email, Slack, or webhook notifications for critical findings |
| Executive Reports | Monthly summaries formatted for leadership and auditors |
| API Access | Integrate findings into your existing security tools |
| Remediation Tracking | Track fix status and verify remediation |
| Risk Scoring | Prioritized findings based on exploitability and business impact |
Penetration Testing Services
Annual vulnerability scans aren’t enough. Real attackers don’t follow a checklist—they chain vulnerabilities together, exploit business logic flaws, and find the gaps automated tools miss entirely. Our penetration testing services use manual testing by certified experts who actually know how to break into systems.
Service Pricing Overview
| Service | Starting Price | Description |
|---|---|---|
| Attack Surface Management (Lorikeet) | $1,200/month | Continuous asset discovery and vulnerability monitoring |
| Web Application Pentest | $7,500 | OWASP Top 10, business logic, authentication testing |
| API Penetration Testing | $7,500 | REST, GraphQL, SOAP security assessment |
| Compliance-Driven Pentest | $7,599 | SOC 2, PCI-DSS, HIPAA, ISO 27001 focused |
| Cloud Security Assessment | $9,500 | AWS, Azure, GCP misconfiguration and privilege escalation |
| Active Directory Testing | $10,000 | Domain security, Kerberoasting, privilege escalation |
| Thick Client Testing | $8,500 | Desktop application security assessment |
| Physical Penetration Testing | $10,000 | Facility security, tailgating, badge cloning |
| IoT & Hardware Testing | $12,500 | Embedded systems and firmware security |
| ATM & Kiosk Testing | $15,000 | Payment terminal and kiosk security |
Our Penetration Testing Methodology
| Phase | What Happens |
|---|---|
| Phase 1: Reconnaissance | OSINT, DNS enumeration, subdomain discovery, technology fingerprinting |
| Phase 2: Vulnerability Assessment | Industry tools + custom scripts to identify potential vulnerabilities |
| Phase 3: Exploitation | Manual validation and exploitation with proof-of-concept demonstrations |
| Phase 4: Post-Exploitation | Lateral movement assessment, privilege escalation, data exfiltration testing |
| Phase 5: Reporting | Executive summary, technical findings, CVSS scores, remediation guidance |
| Phase 6: Retesting | Free verification that your fixes actually work |
What We Test For
| Category | Vulnerabilities |
|---|---|
| Injection | SQL injection, NoSQL injection, command injection, LDAP injection |
| Authentication | Broken authentication, credential stuffing, session fixation |
| Authorization | Broken access control, IDOR, privilege escalation |
| XSS | Reflected, stored, and DOM-based cross-site scripting |
| SSRF | Server-side request forgery, cloud metadata access |
| XXE | XML external entity injection |
| Deserialization | Insecure deserialization attacks |
| Business Logic | Workflow bypasses, race conditions, price manipulation |
| API Security | Broken object-level authorization, mass assignment, rate limiting |
Red Team Operations
When you need to test your detection and response capabilities against a realistic adversary—not just find vulnerabilities—our red team engagements simulate advanced persistent threats using MITRE ATT&CK tactics, techniques, and procedures.
Engagement Types
| Type | Description | Best For |
|---|---|---|
| Full-Scope Red Team | Complete adversary simulation from external compromise through data exfiltration | Testing end-to-end security controls |
| Assumed Breach | Start with internal access to focus on lateral movement and detection | Validating internal security and SOC capabilities |
| Purple Team | Collaborative exercises with your security team | Building detection capabilities |
Attack Vectors We Test
| Vector | Techniques |
|---|---|
| Social Engineering | Phishing, vishing, pretexting, impersonation |
| Physical Security | Tailgating, badge cloning, facility penetration |
| External Compromise | Web app exploitation, VPN attacks, email compromise |
| Wireless Attacks | WiFi cracking, rogue access points, evil twin |
| Lateral Movement | Pass-the-hash, Kerberoasting, credential theft |
| Privilege Escalation | AD exploitation, misconfiguration abuse |
| Persistence | Backdoors, scheduled tasks, registry modifications |
| Exfiltration | Covert channels, encrypted tunnels, steganography |
MITRE ATT&CK Coverage
Every red team engagement is mapped to the MITRE ATT&CK framework:
| Tactic | Coverage |
|---|---|
| Initial Access | ✅ |
| Execution | ✅ |
| Persistence | ✅ |
| Privilege Escalation | ✅ |
| Defense Evasion | ✅ |
| Credential Access | ✅ |
| Discovery | ✅ |
| Lateral Movement | ✅ |
| Collection | ✅ |
| Command & Control | ✅ |
| Exfiltration | ✅ |
| Impact | ✅ |
Managed Security Services
Security isn’t a one-time project—it’s an ongoing process. Our managed services provide continuous protection without the overhead of building an in-house security team.
Managed Services Comparison
| Service | Price | Key Features |
|---|---|---|
| Vulnerability Management as a Service | $25,000/year | 24/7 scanning, prioritized remediation, patch tracking, compliance reporting, dedicated analyst, CI/CD integration |
| Patch Management as a Service | $25,000/year | Automated deployment, pre-deployment testing, rollback capabilities, emergency patching, 24/7 support, zero-day response |
| SOC as a Service | Contact Us | 24/7 monitoring, alert triage, incident response, threat hunting |
What’s Included in Vulnerability Management
| Feature | Description |
|---|---|
| 24/7 Vulnerability Scanning | Continuous scanning across all assets |
| Prioritized Remediation | Risk-based prioritization by exploitability and business impact |
| Patch Tracking & Validation | Track patches and verify successful deployment |
| Compliance Reporting | Reports formatted for SOC 2, PCI-DSS, ISO 27001 |
| Monthly Security Reviews | Regular check-ins with your dedicated analyst |
| Executive Dashboards | Real-time visibility for leadership |
| Unlimited Assets | No per-asset pricing surprises |
| CI/CD Integration | Shift security left in your development pipeline |
Compliance-Driven Testing
Need to check the pentest box for your audit? We’ve structured our compliance engagements specifically for what auditors need to see—not just a test, but documentation that proves due diligence.
Compliance Framework Support
| Framework | What We Cover |
|---|---|
| SOC 2 Type II | Annual penetration testing, CC6.1 and CC7.1 controls evidence |
| PCI-DSS | Requirement 11.3 internal/external testing, segmentation testing |
| HIPAA | Security Rule § 164.308(a)(8) risk analysis, ePHI system assessment |
| ISO 27001 | Annex A.12.6 and A.18.2 technical vulnerability assessment |
| NIST CSF | Identify, Protect, Detect, Respond, Recover framework alignment |
| GDPR | Article 32 appropriate technical measures validation |
What Makes Our Testing Auditor-Ready
| Feature | Benefit |
|---|---|
| Scoping Precision | Test exactly what auditors require |
| Evidence Collection | Screenshots, logs, and PoC for every finding |
| CVSS v3.1 Scoring | Industry-standard severity ratings |
| Executive Summaries | C-level appropriate due diligence documentation |
| Attestation Letters | Signed letters confirming scope and results |
| Free Retesting | Verify fixes before your audit |
| Auditor Collaboration | We’ll work directly with your auditors |
Who Should Work With Us?
Lorikeet ASM Is Perfect For
| Organization Type | Why Lorikeet |
|---|---|
| Fast-Growing SaaS Companies | Infrastructure changes weekly; manual tracking can’t keep up |
| Complex Infrastructure | Multiple clouds, data centers, and legacy systems need unified visibility |
| M&A Activity | Inherited assets from acquisitions are unknown risks |
| DevOps-Heavy Organizations | CI/CD pipelines deploy constantly; real-time monitoring is essential |
| Cloud-First Businesses | Dynamic infrastructure needs dynamic security |
| Compliance Requirements | Continuous monitoring satisfies ongoing audit requirements |
Penetration Testing Is Essential For
| Situation | Why Now |
|---|---|
| Pre-Audit | Compliance frameworks require annual penetration testing |
| Pre-Launch | Find vulnerabilities before attackers do |
| Post-Breach | Understand what happened and prevent recurrence |
| New Infrastructure | Cloud migrations, new applications need security validation |
| Regulatory Requirements | PCI-DSS, HIPAA, SOC 2 mandate regular testing |
| Customer Requirements | Enterprise customers require vendor security assessments |
Why Choose Parrot CTFs?
We’re not a Big 4 firm charging enterprise premiums. We’re a founder-led boutique consultancy that delivers the same quality work at 30-50% lower prices.
The Parrot CTFs Difference
| What You Get | Why It Matters |
|---|---|
| Certified Experts | OSCP, OSCE, CEH, GPEN certified professionals—not junior analysts |
| Real Manual Testing | Automated tools are part of the process, not the whole thing |
| Free Retesting | We don’t charge you again to verify your fixes |
| Direct Access | Talk to the pentesters doing the work, not account managers |
| Fast Turnaround | 1-3 weeks, not 2-3 months |
| Auditor-Ready Reports | Documentation designed for compliance, not just findings lists |
| Boutique Pricing | Enterprise quality without enterprise overhead |
Case Study: When the Printer Was the Entry Point
“JBWEB Analytics engaged our team to reverse engineer suspected malware samples. During our investigation, we discovered sophisticated evasion techniques—the attacker had meticulously covered their tracks using fileless execution methods and remote server infrastructure. This was a complex attack chain that traditional detection methods missed completely.
The initial access vector? A printer.
Sometimes the most overlooked assets are the most dangerous.”
Ready to Get Started?
No aggressive sales pitch, no pressure. Just a conversation about what you’re trying to protect and whether we’re the right fit.
Quick Reference Pricing
| Service | Starting Price | Engagement Type |
|---|---|---|
| Attack Surface Management | $1,200/month | Ongoing |
| Web Application Pentest | $7,500 | One-time |
| API Penetration Testing | $7,500 | One-time |
| Compliance-Driven Pentest | $7,599 | One-time |
| Cloud Security Assessment | $9,500 | One-time |
| Active Directory Testing | $10,000 | One-time |
| Physical Penetration Testing | $10,000 | One-time |
| IoT & Hardware Testing | $12,500 | One-time |
| ATM & Kiosk Testing | $15,000 | One-time |
| Vulnerability Management | $25,000/year | Ongoing |
| Patch Management | $25,000/year | Ongoing |
Schedule Your Free Consultation
Parrot CTFs — Boutique quality, enterprise results.
Related Services
- CTF Training Platform — Hands-on cybersecurity training with 50+ challenges
- PCWPT Certification — Professional Certified Web Penetration Tester
- PCNPT Certification — Professional Certified Network Penetration Tester
© 2025 Parrot Pentest LLC. All rights reserved.
Comments (1)
AI Logo Generatorsays:
January 13, 2026 at 6:53 amIt’s so easy to overlook the less visible parts of an organization’s infrastructure. The example of the staging server is a stark reminder that security is not just about the assets we actively use, but also the ones we’ve forgotten about.