DORA threat-led penetration testing

DORA TLPT, threat intelligence to red-team handover.

CREST plus TIBER-EU aligned researchers run threat-led pentests for EU financial entities under Regulation (EU) 2022/2554. Threat intelligence, red-team execution, blue-team handover, and the report your competent authority and lead overseer accept.

GET YOUR SCOPING CALL

Talk to a security expert

Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure

Airbase
Quiltt
Pacvue
Imagine Learning

Why this matters

DORA TLPT is not a pentest. Most vendors still ship pentests.

  • DORA Article 26 explicitly requires threat-led pentest (TLPT) aligned with TIBER-EU. Generic pentests do not satisfy it.

  • Engagements without threat-intelligence input miss the actual adversary TTPs your competent authority asks about.

  • Reports without blue-team handover and lessons-learned cycle do not meet the DORA reporting expectations.

Here is what we ship.

Why teams pick us

TIBER-EU aligned, competent-authority defensible.

  • Threat-intelligence led

    Per-entity threat profile, real adversary TTPs, prioritised attack scenarios. Aligned with TIBER-EU phases.

  • Red-team execution

    Initial access through objective, real C2, MITRE ATT&CK mapped. Time-boxed and rules-of-engagement signed.

  • Blue-team handover

    Detection-gap report, purple-team session, and lessons-learned cycle for the regulator file.

How it works

From threat intel to lessons learned in eight to twelve weeks.

  1. Threat-intelligence scoping

    Per-entity threat profile, attacker prioritisation, attack-scenario design. Lead overseer engaged where required.

  2. Red-team execution

    Initial access, persistence, privilege escalation, lateral movement, objective.

  3. Blue-team handover and report

    Purple-team session, detection rules tuned, lessons-learned cycle, competent-authority report.

Research ledger,

Coordinated disclosures published by SL7 research.

The same researchers run your engagement.

Full advisories index

What founders say

Thank you for being our pentest partners. Our user base is safer because of y'all.
Vinay Hiremath

Vinay Hiremath

Co-founder, Loom

View tweet

Common questions

What buyers ask before they sign.

Does this satisfy DORA Article 26?
Yes. The engagement is built around the TIBER-EU framework, which DORA Article 26 references as the standard for TLPT.
Will the lead overseer accept the report?
Yes. Findings shaped for competent-authority and lead-overseer review, plus the cross-border coordination expected under DORA.
Time on target?
Eight to twelve weeks across threat-intel, red-team, and blue-team phases. Time-boxed up front.
MITRE ATT&CK alignment?
Yes. Every technique mapped, plus TIBER-EU attack-scenario tagging.
Re-test included?
Yes. Detection re-validation in the same engagement after detection rules are tuned.

Ready to ship a DORA Article 26 TLPT?

20-minute scoping call with the lead TLPT operator. Threat intel, red-team execution, and the lead-overseer-ready report.

CREST · CERT-In · SOC 2 · ISO 27001