Rekon is the software layer behind teknic. This platform is where it shows up.
Rekon is not a side tool. It is the software engine behind the entire company: scoping, recon, analyst workflow, reporting, retesting, and customer delivery. The platform turns that engine into a working system customers can actually use.
Our Testing Methodology
We follow industry-standard frameworks like OWASP, PTES, and NIST, but Rekon is what makes the methodology operational. It gives the team a shared software layer for discovery, validation, evidence capture, and delivery.
1. Scoping & Reconnaissance
Defining the rules of engagement and using Rekon to structure target inventory, passive discovery, and initial attack-surface mapping before active work begins.
- Rekon target inventory
- Threat modeling
- OSINT and surface mapping
2. Vulnerability Analysis
Active scanning and manual probing to identify weaknesses in network services, applications, and infrastructure, with Rekon coordinating repeatable execution and evidence collection.
- Rekon-driven scanning workflows
- Manual verification
- Configuration review
3. Exploitation
Safely attempting to exploit identified vulnerabilities to determine real-world impact, while Rekon keeps findings, artifacts, and analyst context tied to the same engagement record.
- Payload delivery
- Privilege escalation
- Lateral movement
4. Reporting & Retesting
Delivering comprehensive documentation and a retest path through the same software layer, so remediation and verification do not disappear into email threads.
- Executive summary
- Technical findings
- 30-day retest window
Rekon Leads the Tooling Stack
Rekon is the system that ties the rest of the stack together. Commercial tools, open-source utilities, and custom scripts still matter, but Rekon is the software backbone that normalizes targets, jobs, results, and delivery across all of them.
Web Application
Rekon Engine, Burp Suite Pro, OWASP ZAP, and custom fuzzers operating through a shared workflow.
Network Infrastructure
Nmap, Nessus, Metasploit Pro, Wireshark, Responder.
Cloud Environments
Pacu, ScoutSuite, Prowler, Cloudsplaining.
Custom Scripts
Python and Go utilities built around the same Rekon-centered engagement model.
Rekon Turns Findings Into Delivery
Reports are only part of the story. Rekon keeps executive context, technical evidence, remediation guidance, and retest status in the same system so customers are not buying a PDF and a disappearing thread.
Executive Summary
High-level risk posture, strategic recommendations, and business impact generated from the same engagement data Rekon tracks underneath.
Technical Findings
Detailed vulnerabilities, CVSS scores, affected endpoints, and supporting evidence captured inside Rekon workflows.
Remediation Roadmap
Prioritized fixes tied back to the same findings record, with code and configuration guidance where useful.
Retest Policy
One complimentary retest within 30 days, managed through the same Rekon-backed delivery flow.
Finding T-001
CRITICAL (CVSS: 9.8)Remote Code Execution via Insecure Deserialization
Description
The application endpoint `/api/v1/import` accepts serialized Java objects without proper validation. By crafting a malicious serialized payload, an attacker can execute arbitrary code on the underlying server with the privileges of the application process.
Proof of Concept
Host: api.target.com
Content-Type: application/x-java-serialized-object
[Binary Payload Triggering calc.exe]
Remediation
Avoid deserializing untrusted data. If necessary, implement strict type checking using a look-ahead deserialization approach (e.g., overriding `resolveClass` in `ObjectInputStream`) or switch to a safer data format like JSON.
Frequently Asked Questions
Everything you need to know about our pen testing engagements.
What exactly do you test?
We tailor our testing to your needs. This typically includes external/internal network infrastructure, web applications, APIs, mobile applications, and cloud environments (AWS/Azure/GCP). We also offer social engineering and physical penetration testing upon request.
How fast can we start an engagement?
What do we need to provide?
Will testing disrupt our services?
Put Rekon to Work on Your Environment
Start the scoping process to see how Rekon supports the entire engagement lifecycle, from target definition and recon through reporting, retest, and customer delivery.