Offensive cybersecurity

Find your weaknesses
before they do.

Pentest, audit, phishing. Narok puts your defences to the test under real conditions.

Scope a mission See services

Kill chain · typical scenario

NK-01/07

Reconnaissance

OSINT · scans · DNS

Enumeration

Services · CVE · shares

Initial access

AiTM phishing · CVE

Privilege escalation

Kerberoasting · ADCS

Lateral movement

Pass-the-hash · WMI

Persistence

Tasks · GPO · backdoor

Exfiltration

Cookies · data · keys

↳ NAROK

Our services

Four services, one logic: reproduce the attacker.

Scoped with your teams, executed by a pentester, delivered with a report, an action plan and a managerial summary.

Diagnostic

Cyber state-of-play

1 to 3-day diagnostic, or 10-day deep-dive. Three pillars: IS, global security, users.

1–3j · PILIERS10j · APPROFONDI3 pillars

Details

Pentest

Penetration testing

Web, internal infra (AD, Wi-Fi, NAC), iOS/Android mobile, connected objects, embedded systems.

Web · APIInfra · AD · Wi-FiMobile · IoT

Details

Audits

Configuration & architecture

Audit based on CIS benchmarks and ANSSI. Configuration, segmentation, architecture, exposure.

CIS · ANSSICloud · IaCArchitecture

Details

Social engineering

Phishing campaigns

Tailored scenarios, AiTM bypassing two-factor auth. In-house Carthage platform.

AiTMCarthageAwareness

Details

Why Narok

What sets us apart.

A young and independent firm, combining agility and rigour. Transparency, pedagogy and technical quality at the core of every engagement.

100% offensive expertise

No generalist consulting. Our experts are first and foremost operational pentesters — several years at a French pure-player.

Rigorous methodology

OWASP, CIS, ANSSI. Manual approach, documented and reproducible. No automated scan disguised as an audit.

Actionable recommendations

Every finding is prioritised, reproducible, and shipped with a clear, technical, precise fix.

Direct relationship

No army of juniors, no reselling. The expert who audits is your contact — before, during, after.

Method & deliverables

Three deliverables built to be used.

At the end of every engagement, you leave with an exhaustive technical view, an operational action plan and a communication support for your decision-makers. Delivered in French or English.

Detailed audit report

Managerial summary, technical summary, details of each vulnerability with proof of exploitation and corrective recommendation.

Prioritised action plan

Excel tracker prioritised by risk level and estimated correction effort. Operational driver for remediation.

Managerial summary

Visual presentation of risks, indicators and recommendations for decision-makers. Optional oral debrief.

↳ Scoping

Technical workshop, scope validation, engagement agreement.

↳ Execution

On-site or remote testing, intermediate reports.

↳ Debrief

Final delivery within 10 days after testing ends.

↳ Confidentiality

Data encryption, confidentiality agreement, destruction certificate on demand.

Sectors

Where security cannot be compromised.

Our experts have run missions in the most sensitive sectors: healthcare, banking, insurance, energy, defence, aerospace.

Banking & finance

Insurance

Health

Telecom

Software vendors

Aerospace & embedded

SMB & mid-market

Public sector

Si vis pacem, para bellum.

Ensure peace.
Prepare for war.

Let's scope an engagement that fits your context, maturity and constraints. A partner replies within 48 hours.

Request an audit Talk to a pentester

Find your weaknessesbefore they do.

Four services, one logic: reproduce the attacker.

Cyber state-of-play

Penetration testing

Configuration & architecture

Phishing campaigns

What sets us apart.

100% offensive expertise

Rigorous methodology

Actionable recommendations

Direct relationship

Three deliverables built to be used.

Detailed audit report

Prioritised action plan

Managerial summary

Where security cannot be compromised.

Ensure peace.Prepare for war.

Find your weaknesses
before they do.

Ensure peace.
Prepare for war.