intrus.io
Defense

Pentest for Defense Sector

Offensive security and adversary emulation for armed forces, defense industry and national critical infrastructure.

Confidential meetingSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Defense is a permanent target of nation-state adversaries. APT, supply chain attack, industrial espionage and exfiltration of military IP are daily reality. ITAR and EAR compliance does not tolerate error.

Applicable regulation

ITAR (export EUA)EAREB10-IG-08.001 (Exército)ABDI/MD DiretrizesISO 27001

/attack-surface

Vectors we test in defense

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Adversary emulation APT

Realistic simulation of nation-state TTPs, mapped to MITRE ATT&CK.

02

Supply chain

Supplier validation, software and firmware integrity.

03

Tactical communication

When applicable, encrypted radio, satcom and tactical mesh.

04

Command and control systems

C2/C4ISR, data integrity, log and chain of custody.

05

Organizational OPSEC

Hardening against OSINT, exposure of unit, military personnel and family.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements in public safety and federal government.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Defense

Do you do adversary emulation?

Yes. Realistic simulation aligned to MITRE ATT&CK, with proper OPSEC and a technical report in a format accepted by DCS/CTI.

Do you operate with full confidentiality?

Yes. Compartmentalized operation, vetted team, data in segregated environment and zero retention.

/contact

Ready for a serious pentest in defense?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers