Offensive security is a craft. The certifications below are held collectively by members of the KAOS practitioner team. We list them at the team level so individuals retain control over their personal disclosure.
Hands-on penetration testing certification from OffSec. 24-hour practical exam against a live network. The industry baseline for ethical offensive testing.
Composite credential covering advanced web exploitation (OSWE), evasion techniques (OSEP), and exploit development (OSED). Recognises end-to-end advanced offensive capability.
Advanced web application exploitation, including white-box code review, authentication bypasses, and chained vulnerability research.
Advanced evasion, AV/EDR bypass, lateral movement, and red team tradecraft against hardened enterprise environments.
Zero Point Security adversary simulation certification covering Cobalt Strike tradecraft, OPSEC-aware C2, and Active Directory abuse.
Advanced red team leadership focused on multi-operator engagements, custom tooling, evasion at scale, and engagement management.
CREST-accredited credentials widely required by UK, EU, and government procurement for assured penetration testing services.
Advanced web application security assessment with a fully practical examination against modern application stacks.
PortSwigger’s practitioner credential covering modern web vulnerability classes, advanced Burp tooling, and academy-grade lab exam.
Our team has authored CVEs across enterprise software vendors, contributed to open-source offensive tooling, and ranks in the top percentiles on Hack The Box and PortSwigger’s Web Security Academy. We publish research and detection content, and we encourage our practitioners to give back to the community through conference talks and write-ups.
Read more about our published research and tooling on the research page.