Simulate realistic attacks

Uncover critical vulnerabilities

Recommend tactical solutions

Educate security awareness


Pentastic is a team of professional consultants working towards proactively safeguarding client’s critical systems, networks, and data by providing security assessments, implementing solutions and promoting security awareness.

Penetration Testing

Ethical hacking is performed to exploit vulnerabilities in your systems, networks, and web applications. We follow standards such as NIST SP 800-115, OWASP Top 10, OWASP MASVS. Systems that we test include:

Web Application

External Network

Internal Network

Wi-Fi Network

Mobile Application

Active Directory


Cybersecurity Solutions

We help protect clients from cyberattacks by proposing and implementing cybersecurity solutions. Security products include:

Identity & Access Management

Next-Generation Firewall

Intrusion Detection System

Web-Application Firewall

EndPoint Detection and Response

Virtual Private Network

SFC Cybersecurity Guideline Assessment

We assess the level of conformance with the 20 baseline requirements of SFC’s Cybersecurity Guidelines to identify best practices and deficiencies for internet brokers. A security gap analysis is conducted by using three approaches:

Policy and Procedure Review

Network Configuration Review

Client Account Testing

Vulnerability Assessment

Automated tools are utilized to detect and identify weaknesses on your network, web servers and applications that hackers could exploit, by relying on a database of known security vulnerabilities. Types of assessment include:

External Network Scan

Internal Network Scan

Application Scan

Security Awareness Training

Awareness training programs are customized for your company to promote a stronger cybersecurity culture. A Phish-and-Train Your Staff campaign will be launched to drive their behavioral change. Training topics include:

Email Safety

Safe Web Browsing

Password Security

Remote Workplace Safety

Use Mobile Devices Safely

Security Risk Assessment and Audit (SRAA)

We are a category B sub-contractor under the Standing Offer Agreement for Quality Professional Services 5 by the HKSAR OGCIO. The services are conducted by referencing to HKSAR OGCIO / departmental IT security standards, guidelines, regulations and policies.


Privacy Impact Assessment (PIA)

We are a category B sub-contractor under the Standing Offer Agreement for Quality Professional Services 5 by the HKSAR OGCIO. We assess and ensure compliance with the Personal Data (Privacy) Ordinance and other relevant Ordinances, prevailing guidelines and recommendations from the Office of the Privacy Commissioner for Personal Data.

Why Us?



Over 20 years of professional experience covering projects from various industries, with quality accreditations.


Our Certifications

Screenshot 2021-08-11 at 11.01.49 PM.png
Picture 1.png
Screenshot 2020-10-16 at 2.33.01 PM.png
Screenshot 2021-03-16 at 10.17.24 AM.png
Picture 1.png