Offensive IT Security

Does shadow IT exist within my organization, and if so, how can I identify it? An IT infrastructure penetration test helps you identify the vulnerabilities in your system environment.

All modern IT systems need a sound infrastructure for devices to communicate with each other and exchange data. This infrastructure can consist of simple routers and switches, but also more complex elements such as firewalls, load balancers, and other equipment. We examine your entire system environment with an infrastructure penetration test to find potential vulnerabilities. We assume the role of an inside perpetrator who either has access to certain areas or systems. Or we may assume the role of an external attacker who has taken over the system – for example, through phishing. We check – naturally only after consultation – all accessible systems in the network, so that measures for network segmentation can also be evaluated. We also check whether DMZ areas are configured correctly and whether vulnerabilities exist there. We perform the test either remotely via VPN or on-site.

Well-designed identity and access management (IAM) is also crucial for the security of your organization’s data and resources. We use the open source tool Keycloak to provide a long-term solution to your IAM challenges. We would be happy to conduct an IT infrastructure penetration test if you would like us to evaluate your existing IAM concept.

What is a shadow IT?

Shadow IT is when employees secretly use IT systems, software, and apps without the IT department knowing or having approved them. They often do this to make their work easier and faster. The problem with this, however, is that these unofficial solutions can pose real security risks because they do not meet your organization's official security standards.

How secure is my production network? The OT infrastructure penetration test shows you whether your production network is really secure against attacks or whether it has vulnerabilities. Since conventional penetration testing methods can quickly jeopardize system availability, we coordinate particularly closely with you when performing OT infrastructure penetration tests.

Digitalization is becoming increasingly widespread in production networks and has proven indispensable. However, different production environments are increasingly encountering interfaces to office IT and the Internet, allowing highly vulnerable systems to be targeted by professional criminal groups. Preventive testing can give you an accurate picture of the state of your security and help you work with experts to plan and implement effective measures. 

Testing these infrastructures is particularly challenging if you wish to prevent systems from failing or suffering damage. This is why we always perform these tests in close consultation with system administrators and plan them precisely.

Are my web applications really secure? A web application penetration test quickly reveals potential vulnerabilities. 

Checking a website for security vulnerabilities is a complex task. We thoroughly examine your website based on best practices such as the OWASP Top Ten and the OWASP Web Security Testing Guide, as well as our experience gathered in over 100 penetration tests. We also take a close look at the business logic and complex attack scenarios at the technical and abstract level and analyze them thoroughly. How long a penetration test takes depends entirely on how complex the web application is. We provide clear recommendations for how to fix each vulnerability we find.

And how long does a web application penetration test take?
How long a web penetration test takes depends to a large extent on the complexity of the application. While we can often test static websites in as little as three days, we usually need seven days for websites with interactive features and different roles (users, administrators, etc.). We obviously need a little more time if the applications, features, and authorization concepts are even more complex. 

What sensitive information can you find about me and my business on the Internet? You can find this out with the help of open source intelligence (OSINT).

Simply put, open source intelligence (OSINT) is the process of collecting information about a specific business. This involves the collection and aggregation of freely available information from a wide variety of sources.

Every successful attack on IT structures, whether by penetration testers or malicious actors, is based on an in-depth study of publicly available data. This data provides the basis for preparing possible attack scenarios, for example so-called phishing attacks.

During our OSINT assessment, we conduct thorough research on your behalf in open data sources. Our goal is to collect as much information as possible in order to gain a detailed picture of your business. In doing so, we obtain all kinds of data – from the structure of the organization, to the locations and the technologies used, as well as any leaked passwords. We delve deep into the Internet and into the darknet to find sensitive information that might be important for the organization's security. We identify where your business may be most vulnerable to attack. Based on this, we recommend suitable measures such as training courses or phishing campaigns to strengthen your company against attacks. When conducting OSINT research, we do not actively attack the infrastructure or employees – the aim is simply to collect information without anyone noticing.

How do I protect myself and my business from phishing attacks? Simulated attacks allow you to assess the level of awareness of attacks within your organization and how your team would respond if they occurred. 

Phishing and spearphishing are, so to speak, the "bad boys" in the IT security universe. These devious attackers attempt to gain access to confidential information or systems through manipulation and deception. And how do they do it? Most often in emails or other means of communication that pretend to come from a trusted source.

You need both good technical tools such as spam filters and a strong awareness of security issues among employees when dealing with fraudulent emails in order to protect yourself from phishing attacks. And this is where we come in. We simulate attacks to assess the scope and effectiveness of potential phishing and spearphishing attacks. In doing so, we check the awareness and the reaction of your colleagues to such attacks. We analyze what we have learned anonymously and work with you to develop strategies to improve your organization's resilience.

Phishing versus spearphishing 

Spearphishing is a targeted type of phishing that specifically targets a particular individual or organization. Attackers often use publicly available information to better deceive victims.

How do I protect myself against physical attacks? "I have already implemented some IT security measures. How safe am I from real, deliberate attacks?"

You expect us to break in? No problem. We assume the role of an attacker in a red team exercise. But why?

Nowadays, attackers are no longer limited to remote attacks. There are many scenarios where they need to be in close (physical) proximity to the target, for example because the target cannot be attacked from the outside. We create an attack scenario that is as realistic as possible by involving only a few people in your organization.

Before we start, we work with you to define clear objectives. These tests are often very comprehensive and hardly constrained. Using an in-depth approach, we achieve the objective, which can range from a physical break-in to the server room and social engineering to the targeted manipulation of a specific device or mailbox. And these are only a few possible examples.