intrus.io
Oil & Gas

Pentest for Oil, Gas and Petrochemicals

Offensive security in refineries, terminals, platforms and pipelines — including OT/ICS, SCADA and downstream logistics.

Request a meeting with our OT specialistSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

Every hour of refinery downtime costs millions. An attack on process control can trigger shutdown, environmental spills or explosions — billion-dollar liability and media exposure that destroys corporate reputation.

Applicable regulation

ANP Resolução 2/2010IBAMAIEC 62443NIST SP 800-82API Standard 1164

/attack-surface

Vectors we test in oil & gas

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

DCS and SIS

Audit of distributed control system and safety instrumented system (SIL).

02

Terminals and logistics

Fiscal metering, billing and movement systems.

03

Offshore platform

Satellite/microwave communication, OT/IT segregation on platform.

04

Oil and gas pipelines

Remote pumping monitoring and control systems.

05

Social engineering

Phishing against operations, contractors and service providers.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Experience in continuous-process, high-criticality environments.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Oil & Gas

Do you do offshore platform pentest?

Yes, on-site when approved. We test satellite communication, OT segregation and control systems.

Can SIS be audited without triggering shutdown?

Yes. We never touch production without a mirror environment. For SIS, we validate via configuration analysis and simulation.

/contact

Ready for a serious pentest in oil & gas?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers