VCS-Pentest is a penetration testing service offered by Viettel Cyber Security that simulates attacker behavior to identify exploitable vulnerabilities in customer IT systems. The service tests various targets including web applications, APIs, mobile applications (iOS and Android), desktop applications, and IoT devices. The service offers three testing methodologies: Black Box (zero knowledge of the system, simulating external attackers), Gray Box (partial system knowledge with user-level access), and White Box (full system knowledge including source code and architecture for in-depth analysis). The testing process follows a structured workflow: Discovery (initial information gathering), Pre-assessment (method and plan preparation), Implementation (active penetration testing), Reporting and Remediation (delivery of findings with fix guidance), and Re-testing (verification of remediation efforts). Reports are delivered within 7-14 working days and include technical details, prioritized recommendations based on security impact and exploitability, and align with frameworks such as CREST compliance, OWASP Top 10, MITRE ATT&CK, MASVS, and BugCrowd Vulnerability Rating Taxonomy. The service is delivered by a team of security researchers who have identified vulnerabilities for major platforms and won cybersecurity competitions. Testing is conducted with controls to maintain system stability and minimize disruption to production environments.