Offensive Security for Organizations Facing Realistic Threats
Boutique offensive security services focused on realistic compromise paths, enterprise attack simulation, and adversary-driven security assessments.
Trusted by enterprise leadership
Operator mindset.
Engineering depth.
Karim Zidani combines offensive security, software engineering, and low-level systems expertise. Most security consultancies consume tools—Karim builds them.
With experience leading red teams at Rabobank, Shell, and DLL Group, Karim has executed full-scale enterprise compromise operations, discovered critical 0days (CVE-2019-8097), and contributed to the DNB's TIBER-EU Framework.
From ATM malware development to ethical SWIFT system attacks, from hardware TOR routers to Windows kernel exploitation—this is realistic adversary simulation.
Core Capabilities
- → Active Directory & Azure AD Attack Paths
- → Exploit Development & 0day Research
- → IoT / Embedded / ATM Offensive Security
- → Identity-Based Compromise & Cloud Escalation
- → Purple Teaming & Detection Gap Analysis
Offensive Capabilities
Not generic pentesting. Realistic adversary tradecraft based on real-world operations.
Red Team Operations
Full-scale enterprise compromise simulation.
Adversary Simulation
Realistic attacker emulation with current TTPs.
Active Directory & Azure AD
Identity-based attack path analysis.
External Attack Surface
Continuous exposure assessment.
Purple Team Exercises
Collaborative improvement of detection.
TIBER-style Engagements
Threat Intelligence-Based Red Teaming.
Exploit Development
Custom 0day research and POCs.
IoT & Embedded Security
Hardware hacking, firmware analysis.
External Exposure Snapshot
Most organizations already expose enough information externally for attackers to begin building compromise paths. This assessment identifies the highest leverage opportunities available to a realistic adversary.
€1.5k – €3k fixed scope
Request Exposure Snapshot →📋 Deliverables
- ▹ External attack surface mapping
- ▹ Internet-facing asset discovery
- ▹ Identity exposure & authentication review
- ▹ Cloud exposure observations
- ▹ DNS/subdomain intelligence
- ▹ Initial attack path hypotheses
- ▹ Executive threat observations
Adversary Simulation Readiness Review
This is not a penetration test. A strategic offensive review designed to evaluate how prepared the organization is against modern attacker tradecraft.
→ Realistic compromise path analysis
→ Identity & cloud escalation risk
→ Lateral movement opportunities
→ Detection capability assessment
Natural Upsell
The Readiness Review naturally scales into full Red Teaming, Purple Teaming, and TIBER-style operations.
Research & Engineering
Open-source tooling, exploit development, and low-level systems research.
0day Research
Adobe • Citrix • Windows UAC Bypass
Open Source
THOR • Volatility • PoisonTap
Contributions
OffSec • Exploit-DB • Memory Forensics
Trusted by Security Leadership
“Karim's ability to think like a nation-state adversary completely changed our detection strategy. His red team work uncovered critical AD attack paths we never considered.”
“The TIBER-EU framework contributions from Karim were instrumental. His hands-on operator perspective bridges the gap between compliance and actual threat simulation.”
“We hired Karim for a purple team exercise. Within weeks, our SOC had actionable improvements based on real attacker TTPs, not generic alerts.”
Confidential Discussion
Serious inquiries only. NDAs available upon request.