Penetration Testing & Red Teaming

Penetration Testing

Penetration tests as a method of offensive security are used to check the security of applications and IT systems by simulating an attack by a hacker. Our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSCP- and OSWE-certified pentesters use the techniques and tools of a hacker to uncover security vulnerabilities in the IT environment under investigation. This allows systematic identification of security vulnerabilities across all relevant attack vectors. The attack vectors range from the network level to the host level (client and server) to the application and database, whereby both the architecture and the source code can contain security vulnerabilities.

The primary goal of a penetration test is to develop security measures to eliminate the identified security vulnerabilities. These security measures form the basis for defining a system and network hardening that meets your system requirements.

Procedure according to established standards

We offer a structured approach in accordance with established standards. Overall, all our penetration tests are based on the "Implementation Concept for Penetration Tests" of the German Federal Office for Information Security (BSI) to ensure a structured and comprehensible phase-based procedure. Depending on the use case, other international standards such as the OWASP Security Verification Standards and the associated OWASP Testing Guides are included in order to analyse your IT systems and applications according to best practices.

Whether as a black box penetration test without any information or as a white box penetration test with access data, architecture information or even source code, together we will plan the optimum penetration test for you. Using Threat Modeling according to STRIDE, we identify potential threats and define a suitable scope. We are also happy to offer you a multi-stage approach, which could, for example, consist of an upstream offsite blackbox penetration test of your external IT infrastructure, a subsequent whitebox penetration test of the same, as well as an onsite penetration test of your internal company network.

With our Purple Team approach, we look at your IT environment not only from the attacker's perspective (Red Team), but also from the defender's perspective (Blue Team) in order to effectively improve the security of your company. The identified vulnerabilities are divided into risk categories using the Common Vulnerability Scoring System (CVSS) and prioritised in a final report. In addition to a management summary, the report contains technical details on the identified vulnerabilities as well as specific recommendations for their elimination. On request, we can enter our findings directly into your ticket system to provide your developers with the best possible support in eliminating vulnerabilities.

The effectiveness of the implemented security measures can then be verified with the help of an optional post-test. Tests are also carried out for newly implemented security vulnerabilities that have become known in the meantime, as well as security-related side effects.

Our penetration testing services

• IT-Infrastructure (Onsite & Offsite)
• Web Applications / Web APIs
• Apps (iOS, Android, Windows App)
• Internet of Things (IoT)
• Backend-Systeme
• SAP

Red Teaming

As part of a Red Teaming Assessment, we examine the security of your organisation as a whole from an attacker's perspective. Our aim is to penetrate your company network undetected by any means necessary in order to extract sensitive data, be it through social engineering, physical access, vulnerabilities in IT systems and applications, the use of malware or the bypassing of firewalls and anti-virus systems. Using the Mitre ATT&CK Matrix, we simulate a complex, targeted attack by a professional, organised hacker group (APT simulation).

Red Teaming allows you to uncover not only technical, but also human and organisational weaknesses within your company. Last but not least, such an assessment also shows how effective your reactive measures are in the event of a security incident. Is an attack detected? Does the Blue Team succeed in isolating the threat? Our Red Teaming Assessment provides you with answers and recommendations for optimisation.

Open Source Intelligence (OSINT) Penetration Testing 

OSINT stands for Open Source Intelligence and refers to the sourcing, collecting, analysing and collating of freely available information from public sources such as the internet. These sources include mass media, social media, websites and other open sources of information. OSINT enables security teams to track down internal data that should not be publicly available. This includes, for example, internal resources such as open ports and networked devices. However, a lot of information that should not be made public can also be found on company websites and social networks. Particular zero-day vulnerabilities pose an extremely high risk here.

We offer OSINT penetration tests (offensive security) carried out by our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSCP and OSWE certified pentesters. This is crucial to improve security practices while minimising potential risks. Other important reasons are:

1. Early identification of vulnerabilities: OSINT makes it possible to collect publicly available information about an organisation. This enables security teams to recognise potential vulnerabilities at an early stage and take proactive measures.

2. Exposure detection: OSINT helps identify open ports, networked devices and other internal resources that are inadvertently exposed to the public. By analysing this information, security gaps can be closed.

3. Threat detection: OSINT makes it possible to collect information about potential threats from external sources. This can help to recognise attacks at an early stage and take appropriate countermeasures.

4. Prevention of data leaks: Through OSINT, companies can detect sensitive information on their own websites or social networks and ensure that it is not inadvertently published.

5. Information database for defenders and attackers: Both security officers and cyber criminals use OSINT tools to access relevant information.

 Threat Intelligence-based Ethical Red Teaming (TIBER)

TIBER-EU is a European framework for threat intelligence-based ethical red teaming testing. It provides comprehensive guidance on how authorities, companies, threat intelligence and red team providers should work together to test and improve the cyber resilience of organisations through controlled cyber attacks.

We offer TIBER attacks conducted by our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSCP and OSWE certified pentesters (offensive security). TIBER is critical to the IT security of organisations for the following reasons:

1. Early identification of vulnerabilities:

   • TIBER-EU tests mimic the tactics, techniques and procedures of real attackers.
   • These tests uncover vulnerabilities in the critical functions of organisations.
   • Early identification makes it possible to take proactive measures to improve security.

2. Increasing cyber resilience:

   • TIBER-EU aims to strengthen the resilience of organisations to complex cyber attacks.
   • The results of the tests help to eliminate vulnerabilities and optimise security practices.

3. Cooperation and harmonisation:

   • TIBER-EU promotes cooperation between authorities, companies and providers.
   • It standardises the approach to ethical red-teaming testing across Europe.