Core concept: the sandbox

Pentrova is launching soon. Join the waitlist for early access.Join the waitlist

For every confirmed Critical or High finding, Pentrova reproduces the exploit inside a sealed sandbox and captures the result as evidence. The sandbox is the only place an exploit is reproduced, and its behaviour is conservative by design.

Proof without harm#

Destructive actions — writes, deletes, mutating operations — are held back in favour of read-only equivalents, and customer data is redacted at the boundary before any artifact leaves the sandbox. The aim is real proof an exploit works, captured safely enough to run against live systems.

What the sandbox produces#

Each reproduction produces captured output, a reproducible command, and a response hash. These ship with the finding so your engineers can re-run the exploit in staging and confirm the same result — without needing Pentrova’s tooling.

Where it applies#

Sandbox reproduction runs for confirmed Critical and High findings. Lower-severity findings ship with their captured request/response evidence.

/* When JS is disabled the IntersectionObserver never runs, so the `opacity: 0` initial state of reveal elements would hide content permanently. Snap everything visible. */ .scroll-reveal, [data-reveal], .reveal-group > .reveal { opacity: 1 !important; transform: none !important; animation: none !important; } .section-rule { transform: scaleX(1) !important; }