Controlled, legal and fully transparent
Every security engagement follows a defined process. From first contact to final report — everything is documented, legally established and fully transparent.
Always legal, always with consent
GetHacked exclusively conducts security tests on systems for which we have explicit, written permission. We never work without a mandate. Every engagement is legally documented and covered by an agreement that protects both parties.
Intake and scope definition
During the first conversation, we discuss your organization, concerns and objectives. Together we establish the exact scope: which systems are tested, what are the constraints and what is the desired outcome.
- Discussion of IT environment and architecture
- Defining test goals and boundaries
- Risk assessment and priorities
- Timeline and planning
- Custom quote
Permission and legal agreements
Before any test, we document everything legally. You receive a detailed consent agreement that establishes the scope, methods and responsibilities. Without signed consent, there is no testing. Ever.
- Written consent agreement
- NDA (non-disclosure agreement)
- Scope definition document
- Escalation procedures
- Liability arrangement
Safe test environment
We ensure testing has minimal impact on your daily business operations. If desired, we test outside business hours or on a separate test environment. Critical systems are handled with extra care.
- Alignment of test windows
- Production vs. staging choice
- Emergency stop procedure
- Real-time communication channel
- Monitoring during tests
Reconnaissance
In the reconnaissance phase, we gather information about your organization and systems — just as a real attacker would. We identify attack surfaces, publicly available information and potential entry points.
- OSINT (Open Source Intelligence)
- DNS analysis and subdomain discovery
- Technology fingerprinting
- Email harvesting analysis
- Public data sources
Vulnerability Scanning
Using specialized tools, we scan your systems for known vulnerabilities, outdated software and misconfigurations. This automated phase forms the basis for in-depth manual testing.
- Automated vulnerability scans
- CVE database checks
- Port and service scanning
- SSL/TLS analysis
- CMS and framework checks
Manual Security Testing
The core of our work: experienced ethical hackers manually test for vulnerabilities that automated tools miss. This includes business logic flaws, complex authentication issues and advanced attack techniques.
- Business logic testing
- Advanced exploit development
- Privilege escalation attempts
- Lateral movement testing
- Custom payload testing
Reporting
All findings are documented in a clear, comprehensive report. Each vulnerability receives a risk classification, technical description, proof of concept and concrete recommendations.
- Executive summary (non-technical)
- Technical detailed report
- CVSS scoring per vulnerability
- Screenshots and POC demonstrations
- Priority list for remediation
Results review
We present the results to your team in a debriefing session. We walk through the findings, answer questions and discuss remediation priorities. Both technical and non-technical stakeholders are welcome.
- Presentation to management
- Technical debriefing with IT team
- Q&A session
- Prioritization of fixes
- Remediation planning
Remediation support
Optionally, we help you fix the vulnerabilities found. We provide technical advice, review fixes and support your development or IT team with implementation.
- Technical fix advice per vulnerability
- Code review of fixes
- Configuration assistance
- Best practices implementation
- Security improvement plan
Re-test
After implementing fixes, we perform a re-test to confirm all vulnerabilities have been correctly resolved and no new issues have been introduced.
- Verification of all fixes
- Regression check
- Updated findings in report
- Re-test report
- Closing meeting