FX-01 / OFFENSIVE SECURITY
N 25.0330° E 121.5654°

Think Like an Attacker Find the Weakness

FenryX is an offensive security team founded in Taipei in late 2025.
We find the vulnerabilities attackers exploit — before they do.

Get a Pentest Quote Our Services
5Intl. Certifications
38ZeroDay Reports
2025Founded in Taipei
Curiosity Never Ends
fenryx://pentest/live_engagement.log● REC
RECON · Ω
HTB CPTS HTB CWES HTB CJCA PWPA eJPT OWASP TOP 10 PTES METHODOLOGY MITRE ATT&CK
HTB CPTS HTB CWES HTB CJCA PWPA eJPT OWASP TOP 10 PTES METHODOLOGY MITRE ATT&CK
HTB CPTS HTB CWES HTB CJCA PWPA eJPT OWASP TOP 10 PTES METHODOLOGY MITRE ATT&CK
SERVICES / 02

Offensive Security
Services

Defense starts with understanding offense. Every engagement is executed by hands-on engineers who replicate real attacker behavior — from recon and intrusion to lateral movement and exfiltration.

01 VAS

Vulnerability Assessment

Automated + Manual

CVE/CWE-based full-asset scanning. Identifies known vulnerabilities and classifies them by risk level.

≤ 500
Scan Nodes
3–5 Days
Cycle
100%
Manual Review
TOOLING
NessusOpenVASNucleiShodan
View methodology
02 PT

Penetration Testing

Manual Adversary Simulation

Certified engineers execute manual attack chains. Web, Mobile, Cloud, Network, IoT — black/white/grey box.

2–4 Wks
Cycle
CPTS
Certified By
OWASP+
Coverage
TOOLING
Burp SuiteMetasploitSqlmapCustom Scripts
View methodology
03 SE

Social Engineering

Email-Based Phishing

Custom phishing campaigns simulate real attacker behavior — quantifying employee security awareness and actual risk.

≤ 500
Simulated Users
MTTR
Response Time
4–6 Wks
Cycle
TOOLING
GoPhishCustom Kit
View methodology
METHODOLOGY / 03

Six-Phase
Kill Chain

Based on PTES / NIST SP 800-115 / OSSTMM — refined into the FenryX Six-Phase Kill Chain. Every phase has deliverables, tooling, and quality gates.

01·RECON

Reconnaissance

Passive intel gathering, attack surface mapping, digital fingerprinting.

02·SCAN

Scanning

Active port/service scanning, web component enumeration, CVE/CWE cross-referencing.

03·EXPLOIT

Exploitation

Manual vulnerability validation, attack chain chaining, WAF/EDR bypass.

04·POST-EXPLOIT

Post-Exploitation

Privilege escalation, lateral movement, persistence — assessing real data exfiltration impact.

05·REPORT

Reporting

CVSS 3.1 ratings with PoC, impact scope, remediation guidance, and retest verification.

06·RETEST

Retest

Full re-validation after fixes — confirming vulnerabilities are closed with no regressions.

GLOBAL FEED / 03

Attackers
Never Sleep

Taiwan faces millions of external cyberattacks daily. We track global threat intelligence and arrive at your systems before the attackers do.

FENRYX · TPE
GLOBAL THREAT FEED
LIVE
ATTACKS / 24H
847,293
TOP SOURCE
CN · RU · KP
TW TARGETS
+23.4%
CAPABILITIES / 04

How We Find
Critical Vulnerabilities

Tools are to a security team what weapons are to a hunter. We use industry-leading automation, backed by manual verification of every finding.

CAP · 01 / SAST + DAST
Real-Time Code Vulnerability Scanning
NODE.JS · PYTHON · GO · JAVA · PHP
We perform static and dynamic analysis on every line of code. The demo below shows FenryX's internal scan engine detecting vulnerabilities in a typical Node.js auth flow in real time.
auth.service.js · line scan
SCANNING
01app.post("/api/login", async (req, res) => {
02 const { username, password } = req.body;
03 const sql = `SELECT * FROM users`
04 + ` WHERE name = '${username}'`;
05 const user = await db.query(sql);
06 if (user.password === password) {
07 const token = jwt.sign({ id: user.id },
08 "hardcoded-secret-2024");
09 res.cookie("session", token);
10 res.redirect(req.query.returnTo);
11 }
12});
RISK SCORE
0/ 100
FINDINGS · 0
— awaiting scan —
CAP · 02 / NETWORK
Network Topology & Packet Analysis
Real-time tracking of request flows through your infrastructure, flagging high-risk nodes and anomalous traffic patterns.
CLIENTFIREWALLLB / WAFAPIAUTHDATABASE
CAP · 03 / AUTH
Authentication Strength Testing
Simulates credential stuffing, token hijacking, MFA bypass, and modern identity attacks to validate your access controls under real conditions.
AUTH REQUIRED
CAP · 04 / LIVE
Live Attack Traffic Sample
RECEIVING · 847 pkt/s
00000000111111111111000000000000011111111111100000000000001111111111110000000000
00000000000111111111111100000000000011111111111110000000000001111111111111000000
11000000000000111111111111100000000000011111111111110000000000001111111111111000
11111000000000000111111111111100000000000001111111111110000000000000111111111111
ADVANTAGES / 04

Why Choose
a Lean Team

Every engagement is executed and delivered by the founders themselves — no outsourcing, no subcontracting. The person you contact is the person who does the work.

Certified Expertise

We hold HTB CPTS, CWES, PWPA and other offensive certifications — ability proven by real exam, not paper.

Real Attacker Perspective

Every report tells an attacker story — not a tool output PDF, but a readable operation record.

Flexible Schedule & Pricing

Engagements completable within 2–3 weeks; competitive pricing and flexible timelines during our founding period.

Web & Network Specialization

Focused on Web App / API, internal and external networks, and Active Directory attack surfaces.

Compliance-Aligned

Report structure references industry standards, suitable as internal audit reference documents.

Transparent Collaboration

No black-box pricing, mid-engagement progress syncs, verifiable testing process. Reports you can actually read.

CREDENTIALS / 05

Built on 5 International Certifications

Founded in late 2025, we believe certifications are not a destination — they are our baseline commitment to proven capability.

HTB CPTS
PENETRATION TESTER
HTB CWES
WEB EXPLOITATION
HTB CJCA
JUNIOR ANALYST
PWPA
WEB PENTEST ASSOCIATE
eJPT
JR. PENETRATION TESTER

We are a team founded at the end of 2025. We have no impressive client list to show off — but we have a transparent methodology, a first-hand attacker perspective, and a commitment to making every report tell a complete attack story.

FenryX Founding Team — Taipei, Taiwan
2025Founded
38ZeroDay Reports
Flexible Pricing
INTEL FEED / 06

Latest Intelligence

FenryX publishes original vulnerability research, offensive tactics breakdowns, and security observations.

SECURITY·2025.11.26
DOCUMENTATION

OWASP Top 10 2025:完整解析與防禦指南

1 min read
SECURITY·2025.11.23
SECURITY

Fenryx 技術部落格正式上線

1 min read
View all intel
FAQ / 07

Common
Questions

If your question isn't listed below, reach out directly — we'll respond within 3–5 business days.

Q.01 Will penetration testing disrupt live services? +

We define scope, test windows, and risk thresholds in the kickoff meeting, and maintain a 24/7 kill switch. High-risk attack modules are scheduled during off-peak hours or in isolated environments to minimize impact on live operations.

Q.02 What is the difference between a vulnerability scan and a penetration test? +

A vulnerability scan is automated, breadth-first, and finds known vulnerabilities. A penetration test is manual, depth-first — validating real exploitability and chaining attacks. We recommend quarterly scans and annual full-scope penetration tests.

Q.03 Is social engineering testing legal? +

Yes. We obtain legal approval, signed SOW, and employee disclosure statements before any engagement. All phishing infrastructure is built and destroyed by FenryX — no real sensitive data is ever accessed.

Q.04 How long does an engagement take? How is pricing determined? +

Vulnerability assessment: 3–5 business days. Penetration testing: 2–4 weeks. Social engineering: 4–6 weeks. Pricing is scoped per engagement — contact us and we will provide an assessment direction within 3–5 business days.

Q.05 Will you help us remediate after the report? +

Yes. Every report includes prioritized remediation guidance, and one free full retest after fixes. Our lean team means you talk directly to the engineer who found the issue — no PM in between.

Q.06 Our data is in the cloud. Can you test that? +

Yes. We have audit and penetration capabilities across AWS, Azure, and GCP. For cloud engagements we will help you complete the cloud provider authorization process in advance.

READY · TO · ENGAGE

Your next engagement,
starts with FenryX.

Tell us about your security needs. We'll get back to you within 3–5 business days.

Contact Us All Services