PILATUM positions itself as a cybersecurity consulting and offensive/defensive assessment provider. It consists of COR SEC, which leans toward security operations and management consulting, and T HACK TICAL, which focuses more on technical consulting, penetration testing, and red teaming. Its core offering is not a standalone software product, but expert services for enterprises, helping clients design security concepts, assess existing defenses, and validate security capabilities through offensive testing.
In terms of protection coverage, PILATUM spans security operations, risk and compliance management, web application audits, Android mobile application audits, network penetration testing, code review, threat hunting, incident response, purple team exercises, and security training. For delivery model, public information suggests it is mainly consulting- and project-based. Its security orchestration services use IRP/SOAR platforms to enhance SOC detection and response, but it does not specify whether it has its own platform or a SaaS offering. On compliance, the site mentions designing or reviewing security controls around ISO 27001, GDPR, and PCI-DSS, and it also provides maritime cyber risk assessments that meet IMO Resolution MSC.428(98) requirements. Management and alerting capabilities are centered on SOC processes, detection use cases, triage, incident handling, post-incident review, and continuous improvement.
The website does not disclose pricing, packages, billing models, or minimum project size, so engagement likely requires separate discussion based on the consulting, audit, or emergency response project. Its integration capabilities mainly involve evaluating third-party MSSP, SOC as a Service, EDR, and log management solutions, as well as optimizing security orchestration and automation around IRP/SOAR platforms. This makes it suitable for organizations that already have a security operations framework and want independent review and enhancement.
The strengths are its coverage across governance, compliance, offensive and defensive security, and the full security operations loop, along with an emphasis on vendor-neutral recommendations. Its testing methodology references OWASP WSTG, OWASP MSTG, and OSSTMM, giving it a relatively clear professional framework. The drawbacks are limited public transparency: there is no pricing, case studies, SLA, team credentials, sample reports, or customer portal information. Mobile auditing is explicitly stated only for Android, with no clear mention of iOS capabilities.
PILATUM is better suited to mid-to-large enterprises, multinational organizations, regulated industries, teams that already operate or plan to build a SOC, and customers needing red teaming, purple teaming, incident response, or custom training. The site does not state access from mainland China, payment methods, or local delivery capabilities, so china_access can only be assessed as unknown. For localized compliance, Chinese-language delivery, and on-site response in China, alternatives include Qi An Xin, DBAPPSecurity, NSFOCUS, and Venustech. For international offensive security assessments, comparable providers include NCC Group, Bishop Fox, and Mandiant.
โ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on thacktical.com official site.
thacktical.com is an Germany Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach thacktical.com directly.