0x3 Security // offensive ops
$ cat engagements/

Field reports.

Real engagements, real adversary tradecraft. Where a client or partner can be named, they're named with permission — everywhere else we keep the details anonymized to protect the people who trust us with their security.

Physical Pentest & Social Engineering · Sunnyvale, CA + Stockholm, SE · Technology

A cloned badge at happy hour — then every door in the building.

A Sunnyvale-based technology company brought 0x3 Security in to test the physical security of its main California HQ and its Stockholm, Sweden office — a two-continent physical pentest and social-engineering engagement.

The standout moment: 0x3 cloned an employee access badge at an after-hours happy hour, turning a casual social setting into the foothold. By the end, that single clone had become full physical access to every door in the facility.

But beating the locks wasn't the real win. 0x3 turned the entire operation into a security-awareness training for the client's staff — using live footage captured during the engagement and hands-on demos to show employees exactly how they'd been social-engineered, and how to catch it next time. The breach became the lesson.

Managed Defense · Email & Domain Security · Client identity withheld

Shutting down an active email & domain attack — and blocking the next one.

A client came to 0x3 Security while under active attack — adversaries targeting the business through email and a lookalike domain, working to socially engineer staff into handing over access. 0x3 moved fast to shut the immediate threat down, then deployed CrowdStrike Falcon Enterprise to put real-time detection and response across their endpoints.

The real payoff came later. Because the proactive work was already done — email and domain defenses hardened, Falcon standing guard — when employees later clicked malicious links, the attacks were caught and blocked before they became a breach. Fast response in the moment, plus the prep that pays off on every attack after.

“Paul came in and stopped us from getting socially engineered through email and our domain. He got us set up on CrowdStrike Falcon Enterprise — and since then, even when we've clicked on bad links, his fast response and the work he'd already done meant the attacks were blocked before they could hurt us.”
Client, identity withheld for security
External Penetration Test · Public Sector / Municipal · In partnership with Cybercile

Exposed industrial systems on a city's perimeter — found and reported fast.

0x3 Security partnered with Cybercile to run an external penetration test for a city government, probing its internet-facing perimeter the way a real attacker would.

Working alongside Cybercile's team, 0x3 identified multiple public-facing SCADA / operational-technology services that had been unintentionally exposed to the internet, along with several other security concerns — exactly the kind of critical-infrastructure exposure attackers actively hunt for.

The critical- and high-severity findings were reported back immediately so they could be driven to remediation right away — closing the exposure before anyone else found it.

“Paul helped me run a penetration test for a public-sector client and was able to find and pinpoint multiple exposed critical services, along with other security concerns.”
Cecile Mengue, President/CEO, Cybercile
Physical Red Team · San Jose, CA · Logistics & Warehousing

Physical red team on a shared tech-asset facility.

IFR engaged 0x3 Security to put the physical security of a shared logistics facility in San Jose, California — used to store high-value technology assets including office systems, electronics, and data-center equipment — to a real-world test.

Rather than a checklist walkthrough, this was a full physical red team: 0x3 probed the site the way an opportunistic intruder or a targeted thief actually would, assessing the perimeter, physical access controls, and the human layer wrapped around them. The result was a clear, prioritized picture of where a determined adversary could reach those assets — and exactly what to harden first.

“I've known Paul since his GoPro days, and when it comes to both sides of security, this guy is a great outside-the-box thinker who knows how to use his skillset every time.”
Thomas Castillo, CEO, IFR
$ sudo ./initiate_contact

Want results like these?

Book a no-pressure consult with an operator. We’ll tell you straight where you’re exposed — and exactly what to fix first.

./book_engagement message us →