Offensive security · Threat intelligence

Adversary-grade security,
applied with precision.

Sayf — Arabic for sword — is an independent offensive security practice. We emulate the techniques modern attackers actually use, then translate findings into the changes that close them.

Start an engagement See capabilities

01 · What we believe

Security is proven under pressure, not assumed in slideware.

Most security work stops at theory. We focus on the gap between what a control is supposed to do and what an attacker can actually get away with. Every engagement is small, senior, and evidence-led — no junior bench, no padded checklists.

  • i.

    Operator-led

    Work is performed by the person who scoped it. No handoff to a delivery team you never met.

  • ii.

    Evidence over opinion

    Each finding ships with reproducible steps, captured artifacts, and a clear remediation path.

  • iii.

    Quiet by default

    Discreet engagements, scoped disclosure, and minimal operational footprint on production systems.

02 · Capabilities

Four disciplines, one operator.

Penetration testing

Scoped technical assessments of web, API, cloud, and internal infrastructure. Findings ranked by exploitability, not just CVSS.

  • Web & API
  • Cloud
  • Internal network

Red team operations

Goal-oriented adversary emulation against people, process, and technology. Mapped to MITRE ATT&CK, designed to exercise detection and response.

  • Objective-based
  • ATT&CK aligned
  • Purple team option

Mobile threat analysis

Static and dynamic analysis of iOS and Android applications, with a focus on spyware behavior, abused entitlements, and data exfiltration paths.

  • iOS / Android
  • Spyware triage
  • Forensic capture

Threat intelligence

Targeted intelligence on adversary tradecraft, infrastructure, and tooling — written for defenders, not for marketing decks.

  • Adversary profiling
  • IOC enrichment
  • Briefings

03 · Method

A short, sharp engagement loop.

  1. 01

    Scope

    Define objectives, rules of engagement, and the threat model worth testing. Bad scope produces bad findings — we slow down here on purpose.

  2. 02

    Recon

    Map the attack surface the way an external adversary would — exposed assets, identity surfaces, third-party trust, and mobile endpoints.

  3. 03

    Exploit & pivot

    Chain weaknesses into realistic attack paths. Demonstrate impact against agreed objectives without disrupting production.

  4. 04

    Report

    Plain-language executive summary, technical narrative with reproduction steps, and a remediation plan prioritized by business impact.

  5. 05

    Retest

    Validate fixes against the original attack chain. A finding isn't closed until it can no longer be reproduced.

04 · Why Sayf

Small enough to care. Technical enough to matter.

1:1 operator-to-client

You work directly with the person doing the testing. No pre-sales engineer who disappears at kickoff.

2 regions of coverage

Remote-first across Jordan and the United States. Overlap with EMEA and North American working hours.

0 resold tooling

We do not resell scanners or pad invoices with automated noise. Every reported issue is verified by a human.

curiosity

Active research across mobile spyware, identity abuse, and adversary infrastructure — the work feeds the practice.

“The best penetration test is the one your team can act on tomorrow morning.”

05 · Engage

A short note is enough to start.

Share what you're protecting, what concerns you, and a rough timeline. We reply within two business days with a candid view of fit — including when we're not the right team.