Hi!
We are SecCore GmbH and are convinced of one fundamental principle: Only those who are well prepared have a real chance against actual cyber attacks. This motto runs through our company philosophy and our projects. That is why we at SecCore GmbH have set ourselves a major goal: Simulating cyber attacks that are as realistic as possible and uncovering relevant technical and organisational weaknesses as well as gaps in defence. Of course, all this can only be achieved if projects are carried out to the highest possible standard and with the latest knowledge. We see ourselves as a European company, operating from two locations in Austria (Tyrol and Styria) and working for customers throughout Europe.
Who are we
SecCore GmbH is backed by two founders who have gained years of experience in offensive security through hundreds of projects.
Benjamin Floriani & Patrick Pongratz
We have been working together in a large international red team since 2018. At that time, we were able to learn from the 'big names' in the industry and further expand our knowledge in the field of penetration testing and red teaming. This often led us to work on projects together, with our drive for perfection uniting us from the very beginning. This common ground became even stronger over the years, which was a major factor in the success of our projects and also made it easier for us to decide to found SecCore GmbH.
In 2025, we finally decided to take the plunge into self-employment and start our own business. Our goal is to build a company that stands out for its high quality, individuality and independence. We wanted to create an environment where we could fully devote ourselves to our passion for cybersecurity without having to compromise. Freedom to innovate, flexibility and the opportunity to continuously develop are our main concerns. These factors are crucial for us to be able to provide our services in the best possible way.
Outside of work, we also bond over participating in capture-the-flag events, especially the Austrian Cyber Security Challenge, which is where we both developed our passion for ethical hacking. Of course, this passion still drives us today, and we continue to successfully participate in tournaments, primarily to gain further experience and improve our skills. Most recently, we achieved overall victory in the AIT Stealth Cup, where we competed as the team 'Leberkas Club (Vegan)' together with two other friends.
But why?
We are convinced that in this day and age, it is more important than ever to arm ourselves against cyber attacks. The threat situation is becoming increasingly complex and attacks increasingly sophisticated. A robust defence strategy must cover both technical and organisational aspects of security. Simple penetration tests that only reveal technical vulnerabilities (or, in the worst case, are merely automated scans) are no longer sufficient.
In addition, offensive security services are often used as a 'door opener' to market products, services or licences. As an independent company, we want to consciously set ourselves apart and therefore place great importance on the quality, individuality and relevance of our services.
We place great importance on further training, conferences, research and exchange with the community in order to remain at the cutting edge of technology, but also to give something back from our knowledge. Research and development therefore play a very significant role in our daily work, as demonstrated by our numerous certifications (OSCP, OSCE³, CRTO II, etc.). This can only be achieved with the creative freedom afforded by running our own company.
What do we offer?
We have carefully selected our services to ensure that we can offer the greatest possible value. Our focus is on red team engagements and purple team exercises, in which we simulate realistic attacks and cover all aspects comprehensively. Our expertise in these areas also enables us to conduct penetration tests in such a way that they are truly relevant and meaningful. We therefore carefully select the scenarios to be tested in our penetration tests, tailoring them to the individual needs and risks of our customers.
In order to improve security in companies in the long term, we also conduct technical security workshops and training courses to prepare IT teams and security operation centres (SOCs) for current attack methods.
Finally, we also offer specialised consulting services to support companies in developing and implementing their security strategies, regardless of the manufacturer. We attach great importance to ensuring that our recommendations are practical and independent. A detailed list of our services and how we provide them can be found on the services overview on our website.
What don't we offer
Due to their lack of relevance and significance for the overall security of our customers, we do not offer automated vulnerability scans or audits, nor do we offer general social engineering tests (phishing simulations) as a service. Such tests are not effective without context and follow-up.
What happens next?
We are delighted to be embarking on this new journey together and are already looking forward to all the challenges that lie ahead. We are convinced that our passion, knowledge and experience enable us to make a valuable contribution to the security of our customers. Our first public appearance will take place on 3 October 2025 at ITSecX in St. Pölten. We would like to emphasise from the outset how important research and exchange with the cyber security community are to us. The content of our presentation is the introduction of unconventional initial access vectors that can be used for red team engagements.
If our approach has piqued your interest, we look forward to hearing from you via our contact page. We are happy to offer a no-obligation initial consultation to discuss your individual needs and see how we can help you.