Pentest ANEEL: Res. Normativa 964/2021
Pentest para distribuidoras, geradoras e transmissoras de energia sob ANEEL — Res. 964/2021 (cibersegurança), Procedimento de Rede 26.6 (ONS).
Why now
The real pain
Setor elétrico é infra crítica nacional. ANEEL Res. 964 e ONS Proced. 26.6 exigem programa de cibersegurança + pentest periódico + reporte de incidente. Ataque a distribuidora pode apagar cidades. Atacante estatal está mapeando.
Standard and reference
/attack-surface
ANEEL (Setor Elétrico)
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
Sistemas de medição (smart meter)
AMI, MDM, comunicação PLC/celular, manipulação de leitura, fraude de consumo.
SCADA de distribuição
DMS, OMS, manipulação de comando de chave, ataques contra HMI.
Subestações automatizadas
IEC 61850 (MMS, GOOSE, SV), engineering workstation, controle de proteção.
Centro de operação
Segregação corporativo/OT, jump server, autenticação multi-fator pra operador.
Sistemas comerciais
Portal do consumidor, fatura, débito automático, IDOR em conta UC.
Reporte ONS/ANEEL
Runbook de notificação de incidente conforme Res. 964 e Proced. 26.6.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Engajamentos com distribuidoras e plantas geradoras alinhados ao ciclo de fiscalização ANEEL.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/crivo · integrity program
of pentester candidates fail our Crivo screening
Do you know who's getting access to your environment?
NDAs work in court. They don't work day-to-day. Before first access, every pentester on our team passes background, psychometric profile and integrity testing.
- In-depth criminal, fiscal and professional verification
- Psychometric assessment and risk profile
- Practical integrity testing with controlled scenarios
- Fixed team — non-rotating, no 'stranger every engagement'
/faq
FAQ — ANEEL (Setor Elétrico)
Trabalham com a equipe de safety?
Sempre. Pentest OT em ativo elétrico só acontece com safety + operação alinhados, janela de manutenção planejada.
Faixa de preço?
Distribuidora regional: R$ 80-180k. Geradora/transmissora: R$ 100-300k. Concessionária nacional: R$ 250-700k em ciclo multi-fase.
/contact
Cotar pentest ANEEL
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.