About us
SECFORCE is a cybersecurity consultancy, specialized in offensive security assessments offering both Consulting and Testing Assurance services.
Certified Excellence
Security is one of the biggest priorities for organisations today.
The threats are real, constant and ever-changing. This is no time to compromise your security.
That is why some of the world’s leading organisations trust Secforce to test their systems, upgrade their security programmes and comply with their regulations.
We are a team of exceptional security consultants, with the knowledge and insight to identify vulnerabilities and help you secure your systems.
Our Testing Services
Penetration Testing
The key to an effective penetration test is not simply to identify weaknesses; it is critical to explore these weaknesses to understand the real threat risk for any organisation.
Learn more
Adversary Simulation
The real value of a Targeted Attack Simulation stems from its adoption of the ‘assume breach’ mindset. This makes it possible to assess the effectiveness of an organisation’s s…
Learn moreOur Consulting Services
Penetration Testing Maturity
A holistic review of your testing programme aimed to understand its effectiveness and provide the advice and approach to maximise your results and enhance your security posture.
Learn more
DORA Compliance
An end-to-end solution providing the necessary consulting capabilities, our proven track record of technical expertise and partnerships to cover all the DORA requirements.
Learn moreDiscover our uncompromising commitment to quality
About usCase Studies
Cybereason, last line of defence
See all cases
How Nedbank mitigates cyber attacks
See all cases
The Lab
LLMGoat - A02 Sensitive Information Disclosure
This post is the second in a series of 10 blog posts and it covers the solution to the Sensitive Information Disclosure challenge from LLMGoat.
See more
Section Jacking: Removing Primitives from Process Injection
Introducing Section Jacking, a derivation of Threadless Injection that aims to subvert traditional EDR detections by removing primitives associated with process injection.
See more
LLMGoat - A01 Prompt Injection
This post is the first in a series of 10 blog posts and it covers the solution to the Prompt Injection challenge from LLMGoat.
See moreThe Blog
Why It's Not Possible to Map DORA vs ISO 27001 vs NIST CSF
DORA, ISO 27001, and NIST CSF may look similar on the surface, and plenty of gap analysis templates promise to align them. But here’s why that might not be the best idea.
See more
DORA Microenterprise Requirements: Everything You Need to Know
Thanks to DORA's principle of proportionality, smaller organisations face lighter requirements than larger financial entities in many areas and are fully exempt from others. Here's what microenterprises need to know.
See more
Expert Advice on DORA Penetration Testing
All DORA-covered entities must test their systems using what DORA refers to as "appropriate tests” to ensure they are resilient. So, what is an “appropriate test”?
See more