Black Ghost Corp

PRICING & ENGAGEMENT MODELS

Offensive security, priced like infrastructure.Not consulting theater.

Transparent packages built around what we test and how deep we go. No hidden retests, no compliance markups, no "enterprise" pricing for SMBs. Start with a $2,000 diagnostic — scale to continuous coverage when it makes sense.

Moeda / Currency
01 / DIAGNOSTIC

Start here. Low risk, real signal.

Our diagnostic assessment — designed for teams who want to see how we work before committing to a full engagement.

RECON
★ Best for first-time clients

Recon Assessment

A passive, non-intrusive evaluation of your external attack surface. We map exactly what an attacker would see in their first 72 hours of reconnaissance — exposed services, leaked credentials, misconfigurations, known CVEs. No exploitation. No noise. Just signal.

  • Complete OSINT footprint and digital exposure analysis
  • Subdomain enumeration, port and service mapping
  • Known CVE identification across the exposed surface
  • Credential leak and public data exposure check
  • Technical report + executive summary
  • 45-minute readout call with the lead operator

Fixed price · 3–5 business days

R$2.500

All-inclusive. No surprises.

Book a Recon →
02 / DEPTH TIERS

Three tiers. Across every product.

Every pentest product below ships in three tiers. Same methodology — different depth, cadence, and support.

CapabilityEssentialAdvancedPOPULARContinuous
OSINT & enumeration
Manual + automated testing
Privilege escalation & lateral movement
Technical + executive report
MethodologyGray boxBlack / Gray / WhiteBlack / Gray / White
Business logic deep-diveStandardExtendedExtended
Threat modeling
Retests1× / 30 days2× / 90 daysUnlimited
Jira / Slack integration
Dev remediation support
Attestation letter (SOC 2 / ISO / PCI)
Kickoff SLA10 business days5 business days3 business days
FrequencyOne-shotOne-shot2–4× / year
03 / PRODUCTS

Pick what to test. We price per asset, not per company size.

Six standardized products. Custom scopes available upon request.

P01 · Application Layer

Web Application

One web application. Up to 2 user roles and 1 environment. Authentication, session, business logic, and OWASP Top 10 coverage.

Essential

7 business days

R$ 16.000

Advanced

12 business days

R$ 28.000

Continuous

4 tests / year

R$ 75.000/yr

ADD-ONS

+ Extra role: R$ 3.000 · Extra env: R$ 4.000

P02 · Application Layer

API

REST, GraphQL, or SOAP. Authentication, authorization, rate limiting, schema introspection, and business logic abuse.

Essential

6 business days

R$ 14.000

Advanced

10 business days

R$ 24.000

Continuous

4 tests / year

R$ 62.000/yr

ADD-ONS

+ Até 50 endpoints. A cada +25: R$ 2.500

P03 · Application Layer

Mobile App

iOS or Android. Static analysis, dynamic instrumentation, and backend coverage. Reverse engineering and runtime manipulation.

Essential

8 business days

R$ 18.000

Advanced

13 business days

R$ 32.000

Continuous

4 tests / year

R$ 82.000/yr

ADD-ONS

+ Segunda plataforma: +60%

P04 · Infrastructure

External Network

Internet-facing IP ranges, perimeter services, VPN gateways, exposed admin panels. The attacker's view from the outside.

Essential

6 business days

R$ 14.000

Advanced

10 business days

R$ 24.000

Continuous

4 tests / year

R$ 62.000/yr

ADD-ONS

+ Até 50 IPs. A cada +50: R$ 3.000

P05 · Infrastructure

Internal Network

Active Directory, lateral movement, segmentation testing, domain escalation. Simulates an established foothold inside your perimeter.

Essential

10 business days

R$ 35.000

Advanced

15 business days

R$ 55.000

Continuous

2 tests / year

R$ 135.000/yr

ADD-ONS

+ Até 250 IPs · Assumed breach: R$ 7.500

P06 · Cloud

Cloud Security Review

AWS, Azure, or GCP. IAM policies, storage exposure, network segmentation, identity boundaries, and secret hygiene.

Essential

8 business days

R$ 24.000

Advanced

13 business days

R$ 40.000

Continuous

2 reviews + monitoring

R$ 100.000/yr

ADD-ONS

+ Conta extra: +30% · Multi-cloud: +50%

04 / SUBSCRIPTION

PTaaS. Always-on offensive coverage.

Annual subscription combining multiple products with unlimited retests and async support. Built for SaaS teams shipping weekly.

Starter

For teams running 1–2 critical assets

R$75.000

por ano · cobrança anual

  • +2 products of choice (e.g. web + API)
  • +2 tests per product, per year
  • +Unlimited retests
  • +Portal access with real-time findings
  • +Async chat support (Mon–Fri)
  • +Jira / Slack / Linear integration
  • +3-business-day kickoff SLA
Get a quote
RECOMMENDED

Growth

For SaaS in active expansion

R$140.000

por ano · cobrança anual

  • +3 products of choice
  • +4 tests per year
  • +Unlimited retests
  • +Attestation letters (SOC 2 / ISO 27001)
  • +Quarterly Business Review
  • +Dedicated lead operator
  • +Async + scheduled call support
  • +3-business-day kickoff SLA
Get a quote

Enterprise

Custom scope, custom scale

R$230.000+

por ano · scoping customizado

  • +Up to 5 products in scope
  • +Unlimited tests and retests
  • +Compliance-grade reporting (PCI, FedRAMP)
  • +Dedicated team of 2–3 operators
  • +Custom SLAs and on-call coverage
  • +Threat intelligence briefings
  • +Multi-environment / multi-region
  • +Same-week kickoff
Talk to us
05 / SPECIAL

Special engagements. Quoted case-by-case.

Engagements that require custom scoping. The ranges below are starting points — final pricing after a 30-minute scoping call.

Red Team Engagement

Objective-based · multi-vector · 3–6 weeks

R$ 100K – 250K

Adversary Simulation

TTP emulation · purple team · MITRE ATT&CK aligned

R$ 90K – 200K

Social Engineering & Phishing

Targeted campaigns · vishing · pretexting

R$ 12K – 35K

Source Code Review

Manual + SAST · architecture-aware

R$ 20K – 60K

IoT / Hardware Pentest

Firmware · radio · embedded · supply chain

R$ 50K – 150K

AI / LLM Security

Prompt injection · model abuse · data leakage

R$ 25K – 75K

// Fine print worth reading

  1. 01Every package includes at least one retest. Advanced and Continuous tiers include additional retests as listed in the comparison table.
  2. 02Prices reflect standard scopes. Complex environments may require adjustment after a free scoping call — no hidden fees once the SOW is signed.
  3. 03Compliance-driven engagements (PCI-DSS, HIPAA, FedRAMP, SOC 2) carry a 15–30% premium to cover evidence collection and audit-ready documentation.
  4. 04Retainer model available: purchase a bucket of hours and consume across 12 months at a blended rate. Best suited for unpredictable scopes.
  5. 05USD pricing is the contractual standard for cross-border engagements. International payments accepted via wire transfer or Stripe.
  6. 06All engagements operate under a signed MSA + NDA + Statement of Work + Rules of Engagement. Nothing starts without paperwork.

Ready to know what you actually look like to an attacker?

Book a 30-minute scoping call. No sales theater. We'll tell you which package fits — or that you don't need us yet.

Book scoping callStart with $2K Recon