Offensive IT Security

How resilient is your company against a realistic, targeted attack?

Find out with red teaming. Red teaming goes beyond traditional penetration testing and combines various attack methods used by real-life attackers into a comprehensive, practical scenario.

We assume the role of an attacker and use all available means to achieve a jointly defined goal – whether it's accessing sensitive data, compromising a specific account, or penetrating highly protected systems.

We use methods that real attackers would also use. These include targeted social engineering and phishing campaigns, the evaluation of publicly available information about people, systems, and structures, and targeted attacks on IT and OT infrastructures. We also test the effectiveness of identity and access control systems and uncover shadow IT. Physical security measures are also tested, for example by attempting to gain access to sensitive areas unnoticed.

Red teaming simulates threats under conditions that are as realistic as possible. The operation is coordinated in advance with only a few key individuals in order to elicit authentic reactions from the company and thus achieve maximum significance. We try to remain undetected for as long as possible. The goal is not only to identify technical vulnerabilities, but also to get a clear picture of how well the existing security architecture actually works and where dangerous blind spots are located. It is a reality check that allows us to learn from the simulation before a real attack occurs.

Do you know what sensitive information about your company is publicly available on the internet and how it could be used by attackers?

With an open source intelligence (OSINT) analysis, we find out what data about your company is freely accessible.

In an OSINT analysis, we search various open sources – including websites, social networks, online databases, and even the darknet – for information about your company. Our goal is to obtain a comprehensive picture of what technical, organizational, or personal information is visible from the outside and what potential risks this could pose.

We show you what outsiders can actually find out about your company – from its structure and IT infrastructure to sensitive details such as leaked access data. Such information often forms the basis for targeted cyber attacks, such as phishing attacks, social engineering, or direct attacks on systems and networks.

With our analysis, we create transparency about which publicly available information could be relevant to security. Based on this, we recommend appropriate measures, such as training courses or phishing campaigns, to strengthen your company against attacks. Our OSINT analysis is mainly based on passive methods. We primarily evaluate information that is freely available on the internet – without actively accessing systems or internal data.

How do I protect myself and my business from phishing attacks?

Simulated attacks allow you to assess the level of awareness of attacks within your organization and how your team would respond if they occurred. 

Phishing and spearphishing are, so to speak, the "bad boys" in the IT security universe. These devious attackers attempt to gain access to confidential information or systems through manipulation and deception. And how do they do it? Most often in emails or other means of communication that pretend to come from a trusted source.

You need both good technical tools such as spam filters and a strong awareness of security issues among employees when dealing with fraudulent emails in order to protect yourself from phishing attacks. And this is where we come in. We simulate attacks to assess the scope and effectiveness of potential phishing and spearphishing attacks. In doing so, we check the awareness and the reaction of your colleagues to such attacks. We analyze what we have learned anonymously and work with you to develop strategies to improve your organization's resilience.

Phishing versus spearphishing 

Spearphishing is a targeted type of phishing that specifically targets a particular individual or organization. Attackers often use publicly available information to better deceive victims.

Are my web applications really secure?

A web application penetration test quickly reveals potential vulnerabilities. 

Checking a website for security vulnerabilities is complex. We thoroughly examine your website based on best practices such as the OWASP Top Ten and the OWASP Web Security Testing Guide, as well as our experience gathered in over 100 penetration tests. We also analyze the business logic and complex attack scenarios on both a technical and abstract level.

For each vulnerability found, we give you clear recommendations on how to fix it to make your web application more secure.

How long does a web application penetration test take?
How long a web penetration test takes depends to a large extent on the complexity of the application. While we can often test static websites in just three days, interactive websites with different roles (users, administrators, etc.) usually take seven days. Of course, particularly complex applications and authorization concepts may take a little longer.

Does shadow IT exist within my organization, and if so, how can I identify it?

An IT infrastructure penetration test helps you identify the vulnerabilities in your system environment.

All modern IT systems need a sound infrastructure for devices to communicate with each other and exchange data. This infrastructure can consist of simple routers and switches, but also more complex elements such as firewalls, load balancers, and other equipment. We examine your entire system environment with an infrastructure penetration test to find potential vulnerabilities. We assume the role of an inside perpetrator who either has access to certain areas or systems. Or we may assume the role of an external attacker who has taken over the system – for example, through phishing. We check – naturally only after consultation – all accessible systems in the network, so that measures for network segmentation can also be evaluated. We also check whether DMZ areas are configured correctly and whether vulnerabilities exist there. We perform the test either remotely via VPN or on-site.

Well-designed identity and access management (IAM) is also crucial for the security of your organization’s data and resources. We use the open source tool Keycloak to provide a long-term solution to your IAM challenges. We would be happy to conduct an IT infrastructure penetration test if you would like us to evaluate your existing IAM concept.

What is shadow IT?

Shadow IT is when employees secretly use IT systems, software, and apps without the IT department knowing or having approved them. They often do this to make their work easier and faster. The problem with this, however, is that these unofficial solutions can pose real security risks because they do not meet your organization's official security standards.

How secure is my production network?

The OT infrastructure penetration test shows you whether your production network is really secure against attacks or whether it has vulnerabilities. Since conventional penetration testing methods can quickly jeopardize system availability, we coordinate particularly closely with you when performing OT infrastructure penetration tests.

Digitalization is becoming increasingly widespread in production networks and has proven indispensable. However, different production environments are increasingly encountering interfaces to office IT and the Internet, allowing highly vulnerable systems to be targeted by professional criminal groups. Preventive testing can give you an accurate picture of the state of your security and help you work with experts to plan and implement effective measures. 

Testing these infrastructures is particularly challenging if you wish to prevent systems from failing or suffering damage. This is why we always perform these tests in close consultation with system administrators and plan them precisely.