STAR Penetration Testing Providers
Simulated Targeted Attack and Response · Published by CREST International
STAR (Simulated Targeted Attack and Response) is a CREST-developed framework for intelligence-led security testing that provides a structured approach to simulating advanced persistent threat (APT) attacks against organisations. STAR assessments combine threat intelligence, red team operations, and blue team evaluation to provide a comprehensive assessment of an organisation's ability to detect, respond to, and recover from sophisticated cyber attacks.
The framework builds on CREST's penetration testing methodology but extends it to cover the full attack lifecycle, including pre-attack reconnaissance, initial compromise, establishing persistence, lateral movement, privilege escalation, data exfiltration, and covering tracks. STAR assessments require providers to hold specific STAR accreditation from CREST, demonstrating advanced red team capabilities and experience in conducting complex, multi-phase attack simulations. The framework emphasises collaboration between the red team and the organisation's defensive teams during the replay phase, ensuring that lessons learned from the simulated attacks translate into concrete improvements in detection rules, response procedures, and security architecture.
STAR is particularly relevant for organisations in sectors including financial services, critical infrastructure, and defence where the threat of targeted attacks from sophisticated adversaries is a primary concern. The framework provides a standardised, quality-assured approach to advanced adversary simulation that goes beyond traditional penetration testing to test the full spectrum of people, processes, and technology involved in cyber defence.
Key Features
- —CREST-developed advanced framework
- —Full APT simulation lifecycle
- —Combined red/blue team assessment
- —Replay and improvement workshops
- —STAR-specific provider accreditation
Best For
- —Advanced adversary simulation
- —Financial services organisations
- —Critical infrastructure operators
- —Defence and government
- —Organisations with mature security operations
Providers using STAR (6)
CovertSwarm
Subscription-based offensive cybersecurity firm delivering continuous cyber attack services with CREST STAR and CBEST accreditations from its London headquarters.
Cyberis
CREST and CHECK-accredited UK penetration testing consultancy with CBEST approval, specialising in infrastructure, application, and simulated attack assessments across the public and private sectors.
Dionach
Global enterprise cybersecurity consultancy founded in 1999 in Oxford, holding rare CREST STAR-FS accreditation and delivering penetration testing, red and purple teaming, and PCI QSA services across five international offices.
MDSec
Elite UK offensive security consultancy specialising in CBEST/STAR/TIBER red teaming, advanced adversary simulation, and CREST-accredited penetration testing for FTSE 100 clients.
Pen Test Partners
The UK's largest independent security testing firm, renowned for IoT/OT research, CBEST red teaming, and CHECK/CREST-accredited penetration testing across all sectors.
PwC Cyber Security
Global Big Four professional services firm delivering CREST, CHECK, and CBEST-accredited penetration testing and red teaming services from London, serving the UK's largest enterprises and regulated organisations.
STAR FAQs
How does STAR differ from CBEST?+
STAR is a CREST framework available to organisations across sectors, while CBEST is specifically designed for UK financial services under Bank of England supervision. STAR provides a similar intelligence-led approach but is not limited to a single regulatory context.
What accreditation do providers need for STAR?+
Providers must hold specific STAR accreditation from CREST, which requires demonstrating advanced red team capabilities, threat intelligence expertise, and experience in conducting complex multi-phase attack simulations beyond standard CREST penetration testing accreditation.
Is STAR suitable for all organisations?+
STAR is designed for organisations with mature security programmes that want to test their resilience against advanced threats. Organisations should have functioning detection and response capabilities (SOC, SIEM, EDR) before undertaking a STAR assessment to gain maximum value.