Train How You Fight:

Real Prep for
Real Threats
Made Simple

The Emulated Criminals team doesn’t theorize, we go one step away from real crime, to get your defenses ready for real threats.


Finding it difficult to present a hign-level overview of your security posture to your leadership that clearly demonstrates its potential business and financial impact? From the high-level overview you need for leadership to the in-the-weeds details of the work behind every observation we make, you will find everything you need in ECRallyPoint, our purple teaming portal.

Let's Talk!
Emulated Crime as a ServiceTM

Rapidly Evolving
Real-World Threats

Threats targeting organizations change daily, spanning cyber, social, and physical domains, outpacing traditional defenses. Like criminal threat actors, we take advantage of this changing landscape to pwn you.

Periodic Testing and Compliance Fall Short

Many organizations conduct security testing just once a year, relying on outdated methods like compliance checks which foster a false sense of security. This is no match for real-world crime. Organizations need to learn how to defend themselves, from modern, coordinated attacks.

One Step Away from Real Criminals

EC is operated by veterans of U.S. Special Operations and Offensive Cyber Operations, industry professionals, and experts who are just one step away from being real criminals. The only thing stopping them is strong morals, a fear of prison, and the fun involved in beating the baddies.

Continuous Monitoring and Improvement

Our human-led approach includes continuous security validation proven through criminal emulation, targeted monthly operations, and collaborative tools for continuous improvement. Red Teaming isn't about a schedule; it's about always being prepared and having a good sparring partner to teach you how to defend yourself. You know: Train How you Fight!

Targeted Operations

Targeted to Emulate
Real Criminal Behavior

Operations are targeted threat emulation engagements included in ECaaS that emulate the TTPs of a particular APT actor, threat actor category, or threat actor region.


Operations allow you to observe the reactions of your team and tools to the tactics of the specified threat. Will you survive?

Included in Subscription Package

Operations are included in our annual subscriptions, and invitations are sent based on your subscription size and the relevance of the operation category to your organization. Subscribe to four and get invited to more? No worries, there's no extra charge! We will pwn you and make you want more!

Flexible and Transparent

Opt-In or Opt-Out: Trusted Agents on the client side are informed before operations begin and can opt-out if wanted/needed.

Duration and Continuity

Operations typically run for one month or until defined objectives are achieved. After the operation, clients can opt to extend testing for deeper insights or continued analysis by using Specialized Services hours.

How Operations Work

Operations Unique Identifiers

Social Engineering Focused

Raccoon

Focuses on social engineering tactics to exploit human vulnerabilities through phishing, vishing, smishing, and physical impersonation attacks.
Data Exfiltration & Espionage

Owl

Focuses on data exfiltration attacks, where attackers stealthily extract sensitive information such as IP, customer data, or financial records.
Russian APT

Bear

Tests resilience against supply chain attacks, disinformation, and espionage by Russian APTs.
Ransomware & Criminal Ecosystem

Jackal

Assesses defenses against ransomware campaigns from initial compromise and encryption to ransom demands and negotiations.
Social Engineering

Falcon

Emphasizes tailored attacks targeting executives or leadership through spear phishing or impersonation.
North Korea APT

Dragon

Replicates North Korean tactics like cryptocurrency theft and destructive cyberattacks.
Ransomware & Criminal Ecosystem

Fox

Focuses on Initial Access Broker (IAB) tactics, where attackers gain access to systems and either sell that access to other threat actors or use it for further exploitation.
Chinese APT

Panda

Mirrors the actions of Chinese attackers, focusing on prolonged espionage and intellectual property theft strategies.
Iranian APT

Viper

Mimics Iranian-sponsored cyberattacks targeting disruption, espionage, or regional conflicts.
Specialized Services

Dedicated Engagements
When You Need Them

Specialized Services are one-off tasks outside the scope of ECaaS continuous monitoring and targeted operations. They provide a way to address ad hoc needs like testing to meet compliance or regulatory requirements, offering adaptability for situations that fall outside the predictable rhythm of Continuous Security Validation or Operations.

Use of your contracted Specialized Services hours will be tailored to the level of risk involved for the requested assessment:

Low-Risk activities

such as web app or external penetration testing, only require one resource.

Higher-Risk activities

such as internal penetration testing or adversarial emulation, call for a two-person accountability structure and therefore require two resources.

Specialized Services

Enhance Your Operations with Specialized Testing

Although many of these services will be included in ECaaS processes, you can use Specialized Services hours to run additional tests to accomplish specific goals, such as those required for audits or compliance. Service types beyond this list, including extension/expansion of Targeted Operations, can be approved at the discretion of EC.

• Web-App
• Mobile App
• API
• External Network
• Internal Network
• WIFI
• Cloud
• Internet of Things (IoT)
• Physical
• Phishing Campaigns
• Vishing Campaigns
• Smishing Campaigns
• Ghost Employees
• Physical Entry
• Adversarial Emulation
• Assumed Compromise
• Ransomware Simulation
• Insider Threat
• APT Simulation
• Fraud Emulation
• Custom Malware Development
• Social Engineering
• Red Teaming
• LE/Mil OpFor Actors
List Pricing

Flexible Packages for
Every Organization

Our services combine advanced technical expertise with a practical understanding of real-world criminal behavior.

Tactical
For orgs with 1-500 employees
$150K/yr
2 year Bundle $120K/year
Includes:
Emulated Crime Subscription
Continuous evaluation and attack throughout the year
Monthly touchpoints
2 targeted operation invitations per year
400 Specialized Services hours
ECRallyPoint access
Operational
For orgs with 501-1000 employees
$300K/yr
2 year Bundle $240K/year
Includes:
Emulated Crime Subscription
Continuous evaluation and attack throughout the year
Monthly touchpoints
4 targeted operation invitations per year
800 Specialized Services hours
ECRallyPoint access
Strategic
For orgs with >1000 employees
$450K/yr
2 year Bundle $360K/year
Includes:
Emulated Crime Subscription
Continuous evaluation and attack throughout the year
Monthly touchpoints
6 targeted operation invitations per year
1200 Specialized Services hours
ECRallyPoint access
$20K budget to support on-site operation T&E expenses

Need something unique? Reach out and we’ll put together a custom package that works for you.