Offensive Security for Organizations Facing Realistic Threats
Boutique offensive security services focused on realistic compromise paths, enterprise attack simulation, and adversary-driven security assessments.
Trusted by enterprise leadership
Operator mindset.
Engineering depth.
Karim Zidani combines offensive security, software engineering, and low-level systems expertise. Most security consultancies consume tools—Karim builds them.
With experience leading red teams at Rabobank, Shell, and DLL Group, Karim has executed full-scale enterprise compromise operations, discovered critical 0days (CVE-2019-8097), and contributed to the DNB's TIBER-EU Framework.
From ATM malware development to ethical SWIFT system attacks, from hardware TOR routers to Windows kernel exploitation—this is realistic adversary simulation.
Core Capabilities
- → Active Directory & Azure AD Attack Paths
- → Exploit Development & 0day Research
- → IoT / Embedded / ATM Offensive Security
- → Identity-Based Compromise & Cloud Escalation
- → Purple Teaming & Detection Gap Analysis
Red team operations and offensive security leadership for global enterprises
Offensive Capabilities
Not generic pentesting. Realistic adversary tradecraft based on real-world operations.
Red Team Operations
Full-scale enterprise compromise simulation.
Adversary Simulation
Realistic attacker emulation with current TTPs.
Active Directory & Azure AD
Identity-based attack path analysis.
External Attack Surface
Continuous exposure assessment.
Purple Team Exercises
Collaborative improvement of detection.
TIBER-EU and DORA TLPT Engagements
DNB-compliant TIBER-EU and DORA TLPT engagements with controlled attack scenarios and board-level reporting.
Exploit Development
Custom 0day research and POCs.
IoT & Embedded Security
Hardware hacking, firmware analysis.
Selected Engagements
Real results from realistic adversary simulation.
Fintech Ransomware Simulation
Full-scope ransomware intrusion simulation targeting a European fintech company's production environment. The engagement uncovered 12 critical Active Directory attack paths that would have allowed a ransomware operator to achieve domain admin within hours.
Remediation roadmap delivered and validated through a purple team follow-up phase, including hands-on SOC upskilling and detection engineering support.
External Exposure Snapshot
Most organizations already expose enough information externally for attackers to begin building compromise paths. This assessment identifies the highest leverage opportunities available to a realistic adversary.
📋 Deliverables
- ▹ External attack surface mapping
- ▹ Internet-facing asset discovery
- ▹ Identity exposure & authentication review
- ▹ Cloud exposure observations
- ▹ DNS/subdomain intelligence
- ▹ Initial attack path hypotheses
- ▹ Executive threat observations
Adversary Simulation Readiness Review
This is not a penetration test. A strategic offensive review designed to evaluate how prepared the organization is against modern attacker tradecraft.
→ Realistic compromise path analysis
→ Identity & cloud escalation risk
→ Lateral movement opportunities
→ Detection capability assessment
Natural Upsell
The Readiness Review naturally scales into full Red Teaming, Purple Teaming, and TIBER-style operations.
Research & Engineering
Open-source tooling, exploit development, and low-level systems research.
0day Research
Adobe • Citrix • Windows UAC Bypass
Open Source
THOR • Volatility • PoisonTap
Contributions
OffSec • Exploit-DB • Memory Forensics
Trusted by Security Leadership
"Karim led our red team through a multi-phase adversary simulation that revealed critical blind spots in our detection pipeline. His technical depth, especially around Windows internals and Active Directory attack paths, is exceptional. We brought him back for a follow-up purple team within the quarter."
"The TIBER-EU engagement Karim delivered was the most realistic threat simulation we've run as a bank. His understanding of financial sector attack surfaces and ability to translate technical findings into board-level risk language set him apart from every other firm we've evaluated."
“Karim's ability to think like a nation-state adversary completely changed our detection strategy. His red team work uncovered critical AD attack paths we never considered.”
“The TIBER-EU framework contributions from Karim were instrumental. His hands-on operator perspective bridges the gap between compliance and actual threat simulation.”
“We hired Karim for a purple team exercise. Within weeks, our SOC had actionable improvements based on real attacker TTPs, not generic alerts.”
More client testimonials and recommendations available on Karim's LinkedIn profile.
View on LinkedIn →Confidential Discussion
Serious inquiries only. NDAs available upon request.