SecAlliance DORA TLPT is a penetration testing service designed to help financial entities comply with the Digital Operational Resilience Act (DORA) requirements. The service delivers threat-led penetration testing (TLPT) engagements that simulate real-world cyberattacks based on tailored threat intelligence. The service is structured around two main components: Threat Intelligence Assessment and Targeting Assessment. The Threat Intelligence Assessment analyzes the client's threat landscape, identifying credible threats based on sector, geography, technology stack, and critical business functions. It defines attack scenarios that include associated threat actors, MITRE ATT&CK techniques, recent campaigns, and relevant TTPs. The Targeting Assessment provides an in-depth review of an organization's attack surface from a threat actor's perspective, performing attacker-like reconnaissance against the organization, its assets, and its people. SecAlliance has experience with frameworks including CBEST, TIBER, GBEST, and iCAST. The service is designed to validate an organization's ability to detect, respond to, and recover from sophisticated cyberattacks. DORA mandates that critical financial institutions and ICT third-party providers undergo intelligence-led penetration testing at least once every three years. The testing must be conducted by qualified external testers and align with existing frameworks such as TIBER-EU and CBEST.