PentStark
About

We exist because annual pentest PDFs stopped being useful a decade ago.

PentStark was founded by operators to replace the one-shot audit with an always-on offensive practice — built for teams that ship daily and still need to pass the audit.

500+
Engagements
42
Published CVEs
2
Global offices
2022
Founded

What we believe

Operator-led

Every engagement is led by practitioners, not a practice-area sales engineer. You talk to the people finding the bugs.

Evidence over prose

Reports are PoC-driven. Every finding reproduces, every remediation is engineering-specific.

Transparent pricing

Scope units and flat retainers — no per-consultant-day billing games.

Retainers, not PO cycles

Modern engineering ships daily. Security should match that cadence, not fight it.

Open methodology

We publish the frameworks, the tools, and the evidence format. Nothing is black-box vendor magic.

Culture of teaching

Operators who can't explain a bug to an engineer don't get to find them for our customers.

Our story

We started PentStark after a decade of watching engagement reports go untouched in a SharePoint drive. Engineers wanted fix guidance. Auditors wanted structured evidence. Leaders wanted a number they could trust. The one-shot annual pentest couldn't serve any of them.

So we built the practice we wished existed: a continuous engagement model, findings delivered the moment we discover them, unlimited retests within the window, and a report format a developer will actually read.

Three years in, PentStark is a distributed team of operators with delivery heritage from Fortune 500 consultancies, FAANG red teams, and independent research.

  1. 2022
    PentStark founded by three operators out of Bangalore.
  2. 2023
    First 50 engagements delivered. Published first CVE batch.
  3. 2024
    ISO/IEC 27001 certified. Cross-continent operator team expanded.
  4. 2025
    Launched PTaaS platform. Cross-100-customer milestone.
  5. 2026
    AI/LLM practice becomes the fastest-growing service.

Our team

Our engineers hold OSCP, OSCE³, OSWE, CRTO, CISSP, and CCSP among other credentials. We publish CVEs, speak at conferences, and maintain open-source security tooling.

OSCPOSCE³OSWECRTOCISSPCCSPGXPNGPEN
42 CVEs publishedRegular conference speakersCTF finalists (DEF CON, Google, HTB Uni)

Offices

India
Citadel A1, Manipal County Club Road
Bangalore South, Karnataka, India

Research & press

Public write-ups, conference talks, and disclosures from our research team.

Dark Reading
LLM red team findings disclose 8 novel chains
BleepingComputer
Supply-chain flaw in payments platform
InfoSecurity Magazine
Purple team model cuts MTTD by 62%
Read our research
Talk to an operator

Your next finding is one scoping call away.

Thirty minutes with a real operator tells us what you need and what we can deliver. No BDR handoff, no sales engineer theater — the person you talk to is the person who scopes the work.

hello@pentstark.com
Talk to an expertBook a demo
Responses in < 1 business day