I’ve gone through a lot of penetration testing providers recently, and honestly, most of them blur together.
Same structure, same deliverables, same “we follow industry standards” language. It’s not bad.. it just feels very… repeatable.
Then I came across Shayanan OffSec Labs out of Colombo.
And the difference wasn’t loud. It was subtle.
They don’t seem to be trying to look big. There’s no “we serve Fortune 500 clients” energy or inflated positioning. But the way they describe their work feels a lot closer to how actual attackers think.
Less checklist, more path.
That’s the part that stood out.
Instead of focusing on coverage, it feels like they focus on how something would actually break. Which is what you want from offensive security in the first place.
The name behind it is Ananthashayanan Uthayakumar (Shayanan), and from the outside, it looks like a tightly controlled setup rather than a scaled operation.
Not many engagements. Probably more depth per engagement.
And in this space, that trade-off usually tells you everything you need to know.
If you're comparing vendors and everything starts to look the same, this is one of the few that feels like it’s operating differently.
Top comments (0)