BLACK BAG SECURITY offense-led security for high-consequence systems
EN / TH / FR

On-Site Engagements

On-site delivery for assessment, validation, incident support, and technical advisory when location and operational context matter.

Purpose and fit

  • Assessment: scoped testing of facilities, networks, applications, and operator workflows.
  • Validation: attack-path and control verification in agreed production or production-adjacent windows.
  • Incident support: targeted adversary simulation to validate response hypotheses.
  • Advisory: technical workshops for hardening priorities and remediation planning.

Access and safety controls

  • On-site work runs with a designated client escort or approved supervision model.
  • Rules of engagement define stop conditions, no-go systems, and escalation paths.
  • Test windows and production protections are agreed before kickoff.
  • Activity pauses immediately when risk exceeds agreed thresholds.

Evidence handling

  • Collection is minimized to what is required to prove impact.
  • Evidence exports follow chain-of-custody notes (collector, time, system, transfer).
  • Photos, video, and screen captures are taken only where explicitly permitted.
  • Storage and transfer use client-approved secure channels.
  • For in-country or residency requirements, handling locations can be aligned to agreed constraints where operationally feasible.

Communication and reporting

  • Daily syncs with technical leads and engagement owners.
  • Immediate escalation for critical findings or unexpected operational impact.
  • Draft findings review to validate context before finalization.
  • Optional remediation validation or retest after fixes.

Inputs needed from your team

  • Primary and backup points of contact for technical and governance decisions.
  • Network diagrams, data-flow context, and asset inventories where sharing is allowed.
  • Test accounts and access methods with least-privilege boundaries.
  • Facility rules, escort requirements, and acceptable use constraints.
  • Applicable legal and contractual constraints, including cross-border restrictions.

Regulated and cross-border environments

Execution and evidence handling can be tailored to your sector controls, privacy requirements, and transfer restrictions.

Legal interpretation should be provided by your counsel or compliance team. We align operations to approved requirements and documented constraints.

Discuss an on-site scope ->