IT infrastructure penetration tests on & offsite

Offsite-Penetrationstests (extern)

Externally accessible IT infrastructures are exposed to a large number of potential attackers. As part of an offsite penetration test (offensive security) carried out by our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSCP and OSWE certified pentesters, we take on the role of an external attacker from the Internet to check all exposed IT systems and web applications for vulnerabilities or zero-day vulnerabilities. In this way, security gaps can be closed before they can be exploited by real attackers.

Our procedure for carrying out offsite penetration tests is described below:

Onsite-Penetrationstests (intern)

External attackers could gain access to the internal company network by exploiting a security gap within an exposed system or through social engineering attacks such as phishing. However, an attack by internal personnel cannot be completely ruled out either.

With an on-site penetration test (offensive security) carried out by our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSWE-certified pentesters, we evaluate how well your IT infrastructure is protected against an attack from the internal network. The test is carried out using the following procedure:

Active Directory Whitebox Assessment

If Active Directory is used, an Active Directory whitebox assessment can also be carried out as part of an on-site penetration test. Using the access data provided, we check your AD infrastructure for the state of the art. Such an assessment can include the following test points:

  • Enumeration of all AD components:
    • Forests, Trees, Domains, OUs, Hosts, Groups, Accounts, GPOs, Password information
  • Review of the operational processes
  • Review of privileged accounts/group membership and regular account hygiene
  • Review of forest and domain trusts
  • Checking the configuration of the operating system, security patches and update levels
  • Checking the domain and domain controller configuration against the guidelines recommended by Microsoft
  • Check the Active Directory object authorization delegation key
  • Suggest measures for improvement

scroll to top