$ rootkit.sh
$ ./book
root@rootkit:~ — zsh

$ whoami

rootkit.sh // offensive security · tallinn · remote-first

$ cat ./mission.txt

ship.code.that_works.

We are five offensive-security engineers who break things on purpose, then tell you exactly how to fix them. Pentests, code & infra audits, red-team exercises and 24/7 incident response — for European product teams.

$ ./book --slot=next-available

[ ./book ] [ ./services --list ]

$ uptime

6 years  ·  load avg: 0.04  ·  all systems nominal

$ _

# services

Four offerings. No upsell.

Pick the engagement that fits your threat model. We don't run discovery calls longer than 30 minutes and we don't write proposals longer than two pages.

$ ./run --service=pentest

Penetration Test

Black-box and grey-box engagements against your web, mobile, API or internal network. Final report in five working days. Findings prioritised by exploitability and blast radius.

$ ./run --service=audit

Code & Infra Audit

Static plus dynamic review of source, IaC, CI/CD pipelines, and cloud accounts. Critical findings paged to your on-call within the hour we find them.

$ ./run --service=redteam

Red-Team Exercise

Multi-week adversary simulation against a real production environment, with your blue team in the loop or fully covert. Goal: change how your detection feels on day 30.

$ ./run --service=ir

Incident Response

24/7 retainer for European tech teams. Boots on the keyboard within 90 minutes of your call. We talk to your lawyer, regulator and exec team — not just your SOC.

# threat-stack

Engagements, in the order we run them.

  1. $ ./run --service=pentest

    01. Penetration Test

    Black-box and grey-box engagements. Web, mobile, API, network. Report in 5 working days.

  2. $ ./run --service=audit

    02. Code & Infra Audit

    Static + dynamic review of your stack, IaC, CI/CD. Critical findings paged within the hour.

  3. $ ./run --service=redteam

    03. Red-Team Exercise

    Multi-week adversary simulation against a real production environment. With your blue team or without.

  4. $ ./run --service=ir

    04. Incident Response

    24/7 retainer. Boots on the keyboard within 90 minutes of your call. EU only.

# proof

Selected captures.

Code on a dark monitor A reverse-shell on engagement 24-07-B Server racks A client SOC, photographed with consent Abstract data viz Burp request graph — 14k requests, one CSRF Network cables close up Network drop test, Tallinn lab Terminal screen tmux session — the bread and butter Dashboard with alerts Live alerting console during a red-team

# reel

A red-team week, in 60 seconds.

./reel.mp4 — playing

Filmed at our Tallinn lab, October 2025. Faces blurred, no client logos.

# book

$ ./book --interactive

Pick the engagement, pick a date, pick a slot. We answer within four hours, scoping call within two working days, contract within five.

# contact

$ echo "hi" | ssh rootkit

For incidents in progress, use the Signal number in the footer. For everything else, this form works. PGP-encrypted email also fine.

# hq

# /etc/location

View larger map ↗

rootkit.sh OÜ

Rotermanni 8

10111 Tallinn, Estonia

By appointment only. NOC at Rotermanni; field team is remote across EU.

← Back to showroom