CounterSOC
Our flagship CounterSOC service works with you and your team all year round. The goal is to find and plug the biggest gaps in your security and keep hacking until you tell us to stop.
Working with Trethtec on an ongoing basis
As much as we evangelize about the benefits of a continuous approach, sometimes you just need a traditional penetration test. Snapshot is our point-in-time penetration testing service, where we deliver a one-off engagement for you.
As with CounterSOC, our Snapshot service takes a heavily consultative and collaborative approach to help you get the best quality information out of your penetration test.
Whatever your reasons for the engagement or your specific security concerns, we are able to deliver testing across a range of disciplines to provide you with the assurance you need.
Engineer led
When you engage Trethtec to carry out a test you speak to an experienced pentester, who will talk through your engagement in plain English. We find this produces better scopes, better tests, and better outcomes.
Nothing behind the curtain
We believe in complete transparency, after all, trust and integrity is a pretty key part of being a security practitioner. We share all our tools, tactics and procedures
Bedside Manner
Security is hard enough without your consultant threatening fire and brimstone and prophesying the end times. Yes, sometimes it's bad and needs fixing yesterday, but it's all in the delivery.
Moving the needle
Nothing depresses us more than when we’ve delivered an engagement and feel like it was just a check in the box. We want to enable and face down battle-hardened security teams stopping all of our attacks in their tracks.
Working with Trethtec
Trethtec carried out two site visits for us last Winter. I wanted to test the physical security at our core factory facility and our head office and see what the tester could do with a day at each site.
Adam carried out a highly professional assessment of both sites including night and day visits. He sneaked past security guards, compromised our network and extracted information from our staff multiple times at each location. We finally caught him two days after he started with his feet up on our MD’s desk.
During the washup meeting we were provided with an incredibly thorough briefing of findings, photographs, maps and observations. The report we received went far above and beyond what we expected from two days' work and what we had come to expect from other providers.
We had been working with another testing provider who carried out the same test but with a fraction of the results. Other testing providers provided a service more akin to an audit whereas Trethtec demonstrated what a real motivated adversary could achieve.
Assessment
Highly professional
Debriefing
Incredibly thorough
Report
Above and beyond
Getting to know each other
When you get in contact with Trethtec we’ll have a call to discuss your current situation. We’ll talk about where your security is now, and where you’ll like it to be.
We won’t sell you a pentest or a service until we’re sure that's what you need. This stage makes sure we’re having the right conversation when it comes to scoping a test together.
Scoping
The most important stage. This looks a bit different from a normal penetration test. The scope for CounterSOC service covers the entire company.
This conversation identifies objectives, strategic and tactical concerns and sensitive areas. We’ll work together to make sure we give you the best coverage possible, that provides output you actually want and meets your goals.
We consider the scoping call as important as the service itself.
The Service
Our consultants work their magic, this is the technical delivery where Trethtec assesses the agreed scope.
Advisories
We deliver tailored advisories for attack paths we have identified into the organisation. These are smaller and more digestible than penetration test reports and focus on the most high impact issues likely to result in a compromise of your organisation.
Workshops
Once you and your team have had a chance to digest our findings, we can all sit down together identify, what can be fixed, what can be mitigated and walk you through that process. We’ll share our tools and help your team implement detections and set traps for attackers.
The Cycle Continues
The service continues and we go on the hunt for the next attack path into your organisation.
Transformation
By the end of a year with Trethtec our ambition is that together we will have made your organisation dramatically more resilient to threat actors, and provide you with a year end map of the attacks we simulated, the fixed that were implemented to stop them and where you need to go next.
Ongoing engagement common questions
We’re working on a large library of terms and frequently asked questions.
You can view all of them by clicking below - or feel free to reach out to us about anything else.
Mean Time to Detection (MTTD) is a key security metric that measures the average time it takes for an organisation to identify a security threat or breach after it occurs. A shorter MTTD indicates that an organisation has strong monitoring and detection capabilities, which can significantly reduce the impact of an attack by enabling faster response. Conversely, a longer MTTD increases the risk of attackers gaining a foothold, escalating privileges, or exfiltrating sensitive data unnoticed. Reducing MTTD is a critical component of any robust cybersecurity strategy.
Yes, social engineering can be a key component of a CounterSOC engagement. Whether it’s phishing simulations, phone-based attacks, or physical security assessments, we use social engineering techniques to assess how well your organisation can identify and respond to these common attack methods. However, this isn’t just about finding weaknesses—we also work with your team to improve their awareness, response procedures, and resilience to social engineering threats over the course of the engagement.
Not exactly. While CounterSOC shares some similarities with red teaming, such as simulating adversarial behaviour and testing defences, it is a broader and more collaborative service. CounterSOC focuses on addressing the most critical risks first and works to dramatically improve your organisation's security posture over the course of a year. Unlike traditional red teaming or penetration testing, CounterSOC prioritises collaboration with your internal teams, providing workshops, debriefs, and hands-on guidance to ensure you fully understand the threats and can implement effective mitigations. It’s not just about identifying issues—it’s about partnering with you to fix them and continuously strengthen your defences.
Unfortunately, we can’t turn your staff into super hackers in the course of a year, but we do share our tools, tactics, and techniques. We work closely with your team, showing them how to deploy these effectively and make meaningful progress on your organisation’s security posture. By collaborating throughout the engagement, we ensure your staff gains practical skills and knowledge that can drive long-term improvements in your defences.
CounterSOC is a continuous service, typically delivered as a rolling 12-month engagement. This long-term approach ensures your organisation benefits from ongoing attack simulations, real-time threat monitoring, and collaborative support, allowing you to adapt to evolving threats over time. However, we can adjust the duration to meet your specific needs and security objectives.
During a CounterSOC engagement, we prioritise identifying and addressing the most critical vulnerabilities that represent the likeliest routes into your organisation. Unlike traditional penetration testing, which often delivers an exhaustive list of issues, CounterSOC focuses on high-impact risks first. Our goal is to rapidly identify and mitigate the most significant threats to your organisation before moving on to more complex attack methods. This targeted approach ensures that key vulnerabilities are resolved quickly, significantly reducing your risk exposure.
Absolutely. CounterSOC is designed to be flexible and tailored to align with your organisation's specific security challenges and goals. Whether you need a focus on adversarial simulations, attack surface monitoring, incident response collaboration, or workshops to upskill your defensive teams, we’ll work closely with you to customise the engagement. Our approach ensures that the service integrates seamlessly into your existing security operations and delivers the most value for your unique requirements.
CounterSOC takes a proactive and continuous approach to security, unlike traditional testing, which is typically a point-in-time assessment. While traditional testing focuses on identifying vulnerabilities within a defined scope and timeframe, CounterSOC provides ongoing adversarial simulations, attack surface monitoring, and real-time collaboration with your defensive teams. This enables a dynamic response to evolving threats and ensures your organisation stays resilient over time. CounterSOC integrates with your day-to-day operations, offering continuous insights and support, rather than the periodic assessments of traditional testing.
Our capabilities
While we steer clear of siloed tests, the disciplines below will provide an insight into our capabilities. Engagements are often made up of several different disciplines depending on your needs.