Foundedin2018byCosminPopescu—acybersecurityprofessionalwithtwodecadesofoffensive-securityexperience—Penteorhelpsorganizationsidentifyandremediatethevulnerabilitiesthatmattermostbeforeattackersdo.
A cybersecurity practice built on over two decades of offensive security experience.
Penteor was founded in 2018 by Cosmin Popescu, following more than a decade of hands-on consulting and penetration testing engagements for multiple Fortune 500 organizations across banking, telecom, and critical-infrastructure sectors. The founding principle was simple: combine the technical depth of a senior practitioner with the operational discipline of an established firm — while avoiding the layered billing, junior-heavy delivery, and scanner-driven reporting that define most security consultancies.
The passion for offensive security, however, goes back to 2005 — two decades of vulnerability research, exploit development, private bug-bounty programs, CTF participation, and cross-industry engagements that preceded the firm and still define every assessment we deliver today.
Help organizations uncover, demonstrate, and remediate the security weaknesses that attackers would actually exploit — with validated proofs-of-concept, prioritized CVSS-scored findings, and remediation guidance an engineering team can act on the same week.
"Keeping our clients one step ahead of the attackers."
— Penteor operating principle
How we operate.
Technical Rigour
Every engagement is delivered by senior practitioners who chain weaknesses into real attack paths — no checkbox scans, no copy-paste reports.
Discretion by Default
Mutual NDAs before access, segregated test data, and strict disclosure control. Client names and findings stay confidential — always.
Responsible Ethics
All consultants pass criminal-background vetting. We operate strictly within authorized scope and publish responsible-disclosure findings only with client consent.
From independent practice to full-service security partner.
Two decades of offensive-security practice, distilled into a focused consulting firm.
First encounter with offensive security
Cosmin Popescu begins hands-on research in vulnerability discovery and exploit development, spending years inside private bug-bounty programs, CTFs, and independent research.
Enterprise consulting engagements
Delivers penetration tests and red-team operations for multiple Fortune 500 organizations across banking, telecom, and critical-infrastructure sectors in Europe, the United States, and Africa, under senior roles at boutique security consultancies.
Penteor is founded
After more than a decade of consulting experience, Penteor is incorporated as a dedicated penetration testing and security consulting practice — built to combine senior hands-on delivery with the operational discipline of an established firm.
Full-service security testing partner
Penteor delivers 20+ specialized services across web, mobile, cloud, infrastructure, APIs, red-team operations, and AI security — aligned to OWASP, PTES, MITRE ATT&CK, CIS Benchmarks, PCI DSS, DORA, and NIS2.
Certifications are table stakes. Hands-on experience is the real qualification for offensive security.
Penteor holds multiple senior-grade certifications from Offensive Security, SANS/GIAC, and SecurityTube. They cover the technical baseline the industry — and many of our clients — expect before a contract is signed.
Our honest position
Certifications prove you can pass a test in a controlled lab that was built to be solvable. They do not prove you can find a novel bug in a production system under real-world constraints.
We hold certifications because the industry — and a portion of our clients — require them as a procurement gate, not because we believe a letter-grade qualifies anyone for offensive work. Two decades of production-environment engagements, original vulnerability research, and Fortune 500 red-team operations are what actually qualify the work we deliver. When forced to choose, we value demonstrable field experience over any credential in a PDF.
Meet our founder.
Cosmin Popescu
Founder & CEO · Penteor
Offensive-security professional since 2005. Specialized in web and infrastructure penetration testing, red-team operations, and vulnerability research. Founded Penteor in 2018 after more than a decade of senior consulting and testing engagements for multiple Fortune 500 organizations across banking, telecom, and critical-infrastructure sectors in Europe, the United States, and Africa.
Holds multiple senior-grade offensive-security certifications. Active in responsible disclosure research and regular contributor to the offensive-security community.
Connect on LinkedInReady to put your defenses to the test?
Confidential scoping call, written proposal, fixed-price statement of work — typically within one business day.
Request a cybersecurity assessment