Adversarial Simulation and Penetration Testing Services

PLEX security testers used a National Security Agency (NSA) NSCAP-accredited cybersecurity assessment methodology to review client networks for security flaws from every possible angle. The NSA NSCAP VAS accreditation is the new gold standard for vulnerability assessment service providers. To earn this accreditation, the PLEX team was evaluated in 16 vulnerability assessment functional areas including its ability to deliver state-of-the-art services, develop and maintain highly skilled staff, and keep pace with advanced threat actors through training, lessons learned, and shared situational awareness.

Leveraging its extensive experience in security vulnerability research and cyber operations, PLEX specializes in offensive security testing to both find security flaws in applications and to gain remote access to remote networks. Looking for commonly overlooked security configuration flaws as well as known security bug classes, PLEX penetration testers do not need access to source code or extensive inside network knowledge to gain access to our clients’ networks.


A penetration test is an assessment against your organization’s internal or external IT infrastructure and exposed network services. For an external penetration test, the goal is to determine if it is possible for an attacker to gain an internal foothold into your organization’s network. For an internal penetration test, the most common objective is to determine what an attacker could do and obtain access to if they were able compromise an internal workstation.

Internal Penetration Testing

An internal penetration test is valuable for organizations that want to know what an attacker could do if they were able compromise an internal workstation. The internal penetration test should be conducted after your organization has attempted to secure your internal network and would like to ensure that your current security configurations and processes protect all internal infrastructure, or to find exploitable vulnerabilities immediately to prioritize the highest risk to your organization.

External Penetration Testing

An external penetration test is a service offering that should be used after your organization has attempted to harden your external perimeter via patching and secure service configurations. This service will validate the effort your organization has invested in and identify any areas that might need remediation, or to identify exploitable vulnerabilities immediately to prioritize the highest risk to your organization.



A red team assessment is the perfect service offering for organizations who have a mature security program and seek to test their defenses and incident response procedures against a determined adversary, without the risk of an actual breach. Red team assessments emulate determined attackers using a variety of mechanisms to breach your organization and access your sensitive data.