intrus.io
Construction

Pentest for Construction

Offensive security in construction firms, developers, BIM, jobsite IoT and buyer portals.

Request a proposalSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Construction digitalized fast (BIM, jobsite IoT, buyer portal) without security maturity. Blueprint leaks, measurement manipulation, real-estate cancellation fraud and ransomware in offices halt construction.

Applicable regulation

LGPDCREA/CAUABNT NBR 15.575SBPE/MCMV

/attack-surface

Vectors we test in construction

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

BIM and CAD

Model repository, version control, project leakage.

02

Buyer portal

Contract access, construction status, virtual inspection.

03

Measurement and project finance

Measurement reports, approval flow, contractor payment.

04

Jobsite IoT

Site sensors, access control, worker time clock.

05

Construction ERP

Sienge, Totvs Obras, financial integration.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

CREA client — engagement with the regulated sector.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Construction

Do you understand construction measurement?

Yes. We audit measurement reports, engineer approval, contractor payment and fraud between stages.

Can you audit BIM?

Yes. Repository, versioning, IFC/RVT leakage and model protection.

/contact

Ready for a serious pentest in construction?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers