Manual Penetration Testing · Australian-owned · Fixed price

Stop Guessing About Your Security.
Start Proving It.

Aussie Pentest uncovers the vulnerabilities in your web apps, APIs, and network — and hands you a certified report that wins contracts and satisfies auditors.

Self-Assessment

How exposed is your organisation?

Six questions. No sign-up. Under a minute.

Question 1 of 6

What best describes why you're looking into penetration testing right now?

Trusted by organisations across industries

Client 1
Client 2
Client 3
Client 4
Client 5
Client 1
Client 2
Client 3
Client 4
Client 5
Client 1
Client 2
Client 3
Client 4
Client 5

The people behind the work

Meet the team

Rafe Fredericks

Rafe Fredericks

Founder & Lead Penetration Tester

Rafe founded Aussie Pentest after identifying a gap in accessible, transparent security testing for SMBs who don't have enterprise budgets but face the same threats. He leads every engagement personally — no handoffs, no outsourcing. Currently completing CPTS certification.

Caleb Brooke

Caleb Brooke

Co-Founder & Technical Lead

Caleb joined a year into operations and has offered invaluable knowledge to Aussie Pentest, overseeing remediations, report writing and technical advisory.

Case Studies

Real findings. Real organisations.

A sample of what we find and what it means for the businesses we work with.

Internal Penetration Test & Remediation Validation

Azure-hosted Windows server infrastructure · Financial services sector · Black-box engagement

Assessment type

Internal Black-Box Pentest + Remediation Validation

Method

Living off the Land — built-in Windows tooling only

Turnaround

Initial report delivered · Validation completed in 4 days

What we found

10 findings identified across two hosts — including factory-default credentials on a live security monitoring platform, an unrestricted legacy remote access protocol transmitting credentials in cleartext, and no account lockout policy enabling unlimited brute-force attempts.

Critical
3
High
2
Medium
4
Low
1

Remediation outcome

Four days after delivery, a structured validation session confirmed the environment moved from a largely unhardened state to a substantially secured posture — with documented evidence for 8 of 10 findings and a clear action plan for the remaining 2.

Resolved

Verified closed

7

Partially resolved

Pending client-side platform changes

2

Accepted risk

Documented per client instruction

1

The engagement demonstrated the value of pairing a penetration test with a structured remediation validation — not just identifying what's wrong, but verifying that fixes work as intended and flagging where partial remediations leave residual risk.

Aussie Pentest · Internal engagement summary · All client details anonymised

Zero-credential black-box testingLiving off the Land methodologyCVSS-scored findingsRemediation validation includedPlain-English reportingNo tools transferred to target
Deliverables

What's in the report.

Executive summary

Written for non-technical stakeholders. Explains business risk, not just technical findings.

CVSS-rated findings

Every issue scored and ranked by real-world exploitability, not scanner output.

Proof-of-concept evidence

Screenshots and reproduction steps so findings can't be dismissed as theoretical.

Plain-English remediation

Specific fix instructions for each finding — no vague "patch and harden" advice.

Compliance mapping

Findings mapped to Essential Eight, ISO 27001, or PCI-DSS on request.

Debrief session

Optional 60-minute walkthrough with the analyst who ran the test.

FAQ

Common questions.

Do you offer payment plans?

Yes. We offer flexible payment plans capped at 12 months, structured around what works for your business. You choose the duration and the payment frequency — options range from daily through to monthly. If cashflow is a consideration, just raise it during scoping and we'll work out an arrangement before anything is signed.

Why Aussie Pentest over a larger firm?

With a larger firm, your engagement gets handed to an account manager, filtered through project coordinators, and often executed by analysts you'll never speak to. By the time a finding reaches you, it's been summarised twice and context has been lost.

With us, the person scoping your engagement is the same person running the test and writing the report. If you have a question — technical or commercial — you're speaking directly to them. No trickle-down communication, no middlemen, no translation errors. For a discipline where nuance matters, that direct line makes a meaningful difference.

How is a manual pentest different from running a vulnerability scanner ourselves?

Running a vulnerability scanner and calling it a security assessment is like plugging an OBD2 reader into your car, getting a fault code, and deciding you're a mechanic. The tool tells you something exists — it doesn't tell you whether it's actually exploitable, how severe the real-world impact is, or how to fix it properly.

What you're paying for with a manual pentest is the knowledge base behind the findings. A human tester chains weaknesses together, tests business logic, and follows paths an automated tool would never take. We don't just surface issues — we validate that they're real, demonstrate how they'd be exploited, and provide specific remediation guidance. Then we retest to confirm the fix actually worked.

Do you offer retesting after we've remediated findings?

Yes. Retesting is included as standard. Once you've worked through the findings and deployed patches, we retest each item to confirm the remediation is effective and no residual risk remains. You receive a dedicated validation report documenting what was resolved, what's partially addressed, and what still requires attention. The engagement doesn't end at report delivery.

What if you find something critical during the test?

It depends on the environment. If the system we're testing is live and publicly accessible, we'll notify you immediately for any finding where the severity warrants it — we're not going to sit on a critical vulnerability until the final report. If the system is isolated with no public access, the finding will be documented in detail in the report alongside remediation guidance and a severity rating. Either way, nothing critical gets buried.

Can you work alongside our existing IT team or MSP?

Absolutely. We're used to operating within environments where there's already an internal team or a managed service provider in place. We can coordinate directly with your IT team or MSP throughout the engagement — sharing scope details, aligning on testing windows, and handing off findings to whoever is responsible for remediation. If anything, having someone technical on your side speeds the process up.

What happens after the report is delivered?

The report is the start of the process, not the end of it. Once you've reviewed the findings and worked through remediation with your team, let us know when patches have been deployed. We'll schedule a retest, validate each fix, and issue a formal remediation report documenting what's been resolved and what still requires attention. If anything comes up during that process — questions about a specific finding, uncertainty about a fix — we're reachable. You're not on your own once the PDF lands in your inbox.

Do we need to prepare anything before the test starts?

Not much. By the time we've completed scoping, we'll have established what we're targeting, agreed on testing windows, and documented any constraints. There are occasional requests depending on the engagement type — test credentials for an authenticated web application assessment, for example — but we'll flag those during scoping, not the morning the test begins. If we've done our job in the scoping phase, the only thing you need to do on day one is nothing.

How long does it take?

2–3 business days of testing plus 1 day for reporting. Our average from signed scope to final PDF is 47 hours. We don't hold reports for arbitrary SLAs.

Do I need to be technical to engage you?

No. If you know your website address, IP range, or app name, that's enough. We'll ask the technical questions on your behalf during scoping.

Will testing cause downtime?

Not by design. We discuss disruption risk in scope and accommodate production constraints. Most findings can be identified without impacting availability.

Can the report be used for insurance or compliance evidence?

Yes. Reports are structured to satisfy cyber insurance renewals, Essential Eight assessments, ISO 27001 evidence, and government procurement questionnaires.

What are the pricing tiers?

Basic starts at $5,000 AUD (up to 25 IPs, external network). Standard is $12,000 (external + internal, web apps). Advanced is $20,000+ (full scope including social engineering). Fixed price, no hourly surprises.

Ready to see where you stand?

Takes under a minute. No sign-up required.