$ loading…
Offensive security · Remote · EU & worldwide

I find the vulnerabilities before the attacker does

Penetration testing, red teaming and social engineering — performed manually and to recognised standards. Hard evidence and a report you can actually act on.

OSCP·OSWAcertifications
100%manual testing
<24hresponse time
grzegorz@sec4check — ~

    
Compliance: OWASP ASVSNIST 800-115PTESOWASP MASVSCVSS 4.0
01 — Services

Full-scope offensive security

From a single application to a multi-week simulation of a real-world breach.

Penetration testing
free re-test
01 / web

Web applications

Cloud & on-premise
32–96 h
  • Aligned with OWASP ASVS
  • Business logic testing
  • CVSS risk rating
  • Report + remediation
free re-test
02 / infra

Infrastructure

Public & internal networks
16–48 h
  • Aligned with NIST 800-115 & PTES
  • Network vulnerability exploitation
  • CVSS risk rating
  • Report + remediation
free re-test
03 / mobile

Mobile applications

Android & iOS
32–96 h
  • Aligned with OWASP MASVS
  • Reverse engineering
  • CVSS risk rating
  • Report + remediation
Social engineering & Red Teaming
04 / phishing

Phishing campaign

Employee awareness
16–24 h
  • Unlimited number of participants
  • Measuring susceptibility to manipulation
  • Organisation OSINT
  • Report with recommendations
05 / redteam

Red Teaming

Full breach simulation
80–240 h
  • Incident response assessment
  • End-to-end attack chains
  • OSINT + physical + social engineering
  • Executive + technical report
06 / physical

Physical assessment

Facility security
24–48 h
  • Physical entry attempts
  • Access control assessment
  • Tailgating & badge cloning
  • Evidence-based report
02 — How I work

A predictable process, hard evidence

You know exactly what happens at each stage — from scope to the post-fix re-test.

01 / scope

Scope

Objectives, test boundaries and rules of engagement. No surprises.

02 / recon

Reconnaissance

OSINT and attack-surface mapping — what the adversary sees.

03 / exploit

Exploitation

Manual testing and attack chains. Every vulnerability backed by a PoC.

04 / report

Report + re-test

A report for the board and IT, a remediation plan and a free re-test.

Grzegorz Tworek
Grzegorz Tworek · Ethical Hacker
03 — About

Grzegorz Tworek

I have spent years in offensive IT security — penetration testing of web and mobile applications and of infrastructure. I work manually and methodically, aligned with OWASP ASVS/MASVS, NIST 800-115 and PTES, focusing on what slips past automated scanners: business-logic flaws, privilege-escalation chains and post-exploitation scenarios.

I hold the OSCP and OSWA certifications, I am a CVE author and a member of the red team at Synack. I confirm every vulnerability with a working proof of concept (PoC) and translate it into concrete, actionable recommendations.

04 — Blog

From the blog & research

CVE analyses, OWASP methodologies and pentesting fundamentals.

05 — Contact

Let's talk about your company's security

Free consultation and a reply within 24 hours. Tell me what you want tested — I'll prepare the scope and a quote.

Grzegorz Tworek
Grzegorz Tworek
Ethical Hacker
linkedinin/gtworek
Available for new projectsReply < 24h