intrus.io
Public Sector & Government

Pentest for Public Sector and Government

Offensive security in federal, state and municipal agencies, autarchies and state-owned enterprises.

Request a meetingSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Government is a target of hacktivism, nation-states and organized crime. Citizen, tax, HR and procurement systems halt the state's functioning. Public-sector LGPD (Law 14.460/2022) holds the civil servant accountable, with fines for the entity.

Applicable regulation

LGPD (Lei 14.460/2022)Decreto 9.637/2018 (PNSI)Portaria GSI 93/2021ABNT NBR ISO/IEC 27001/27002

/attack-surface

Vectors we test in public sector & government

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

Citizen portal

gov.br, state e-gov, integration with identity bureau.

02

Tax systems

SEFAZ, ITR, IPTU, ISS, credit fraud.

03

Procurement and public bidding

Electronic bidding, electronic procurement exchange.

04

Public payroll and HR

Civil servant system, payslip, salary line fraud.

05

Public safety

When applicable, Civil/Military/Federal Police systems.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Caixa Econômica Federal — state-owned enterprise. Civil Police, Military Police, Federal Police and CREA.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Public Sector & Government

Do you work with public safety agencies?

Yes. We engage with Civil Police, Military Police and Federal Police.

Do you serve public bidding and have clean CADIN?

Yes. Company qualified for public bidding, CADIN and other registries up to date.

/contact

Ready for a serious pentest in public sector & government?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers