About the firm

Skilled testers. Real exploitation.

ElliotSop Security is an offensive security firm built for high-stakes environments. We run manual penetration testing, red team operations, and Active Directory attack-path analysis for organizations that need to know how they would actually hold up against a real attacker.

Knowing your real exposure isn't running a scanner or passing an audit. Our edge is a threat-actor-first lens — a background spanning IT analysis and criminology means we work through attacker psychology and decision-making: how a real adversary selects targets, moves, and escalates. The deliverable reflects that. You get a prioritized, exploitable-path-first report, not a vulnerability dump.

Every engagement runs tightly scoped, fully authorized, and on documented rules of engagement — the rigor expected in regulated and high-assurance environments. Ranked Top 2% globally on TryHackMe.

Core capabilities
Penetration Testing
Network and web application — manual, depth-first, well past what a scanner returns.
Red Team Operations
Threat-actor-informed assessments across the full attack lifecycle.
Active Directory Security
Attack-path analysis — Kerberoasting, AS-REP, lateral movement, escalation.
Vulnerability Management
Prioritized, exploitable-path-first reporting your engineers can act on.

Tooling: Nmap · Burp Suite · BloodHound · Metasploit · Cobalt Strike · PowerShell · Python

ElliotSop Security operates through ElliotSop Security Inc., a Canadian federal corporation, with a registered US federal contracting entity for public-sector work. We serve commercial and public-sector clients across North America.