Offensive Security

Red Team Engagement

A Red Team Engagement is a comprehensive and realistic assessment of your organization's security posture. It simulates unannounced real-world attack scenarios to identify vulnerabilities and weaknesses in your systems, processes, and people.

The scope of this engagement is very broad and can include everything from social engineering attacks to physical security assessments, external website exploitation and more.

This realistic simulation is conducted over a period of time, typically several weeks, to provide a thorough evaluation of your security defence processes.

Our report contains detailed findings of technical and organizational nature, along with detailed attack paths and time-stamped attack logs. A debriefing workshop is conducted to discuss the findings and provide recommendations for improvement. Optionally, we offer replay sessions to demonstrate the attack paths and techniques used during the engagement.

Contact Us Download Onepager
Network infrastructure icon

Realistic Attack Simulation

We simulate attacks that mimic real-world adversaries, providing a true test of your security measures and defence processes.

Threat detection icon

Test your Incident Response

Only direct members of the project are aware of the engagement, allowing us to test how your IT, Management and Security Operations Center reacts in a real attack.

Collaboration icon

Debriefing and Outcome

We document the attack paths, techniques used and vulnerabilities exploited. A debriefing workshop is conducted to discuss the findings and provide recommendations for improvement.

Offensive Security

Purple Team Exercise

Purple Teaming combines the Blue and Red Team in a collaborative exercise to improve detection and incident response capabilities. It focuses on realistic attack simulations, which are conducted in coordination with the Security Operations Center.

The attack simulations are designed to test and improve the effectiveness of your security controls and incident response processes. They can simulate various stages of an attack according to the Unified Kill Chain, including initial access, lateral movement and data exfiltration.

While conducting the exercise, we jointly develop new custom Indicators of Compromise (IoC), create and fine tune alert rules and assist in improving your incident response playbooks. This approach ensures that your team gains practical experience in detecting and responding to real-world threats.

Contact Us
Attack chain integration icon

Realistic Attack Simulation

We simulate attacks in various stages of the Unified Kill Chain, providing a comprehensive test of your incident response processes in every stage.

Defense testing icon

Review your Incident Response

Our simulations not only test for vulnerabilities and attack paths, but also evaluate your organization's capability to detect and respond to real-world threats.

Security improvement metrics icon

Outcome and Improvements

We develop custom Indicators of Compromise, create and fine-tune alert rules and assist in improving your incident response playbooks together with your SOC.

Offensive Security

Penetration Testing

Penetration Tests are structured, targeted assessments of specific systems, applications, or networks. They are designed to identify vulnerabilities and configuration problems, allowing you to address them before they can be exploited by malicious actors.

In order to ensure maximum efficacy, we always define scenarios and objectives for each engagement in advance. This allows us to focus on the specific areas that are most relevant to your needs and requirements.

In contrast to Red Team Engagements, Penetration Tests are typically announced in advance and conducted within a defined timeframe. Developers, IT- and Security Teams are aware of the engagement.

We offer various types of Penetration Tests, including:

  • Internal & Cloud Infrastructure
  • External Infrastructure
  • Mobile & Web Application

Scoping and initial consultation is free of charge. We are happy to discuss your specific requirements and provide an example report.

Contact Us Download Onepager
Targeted testing icon

Vulnerabilities and Attack Paths

Our scenario based approach allows us to focus on specific areas. We conduct attacks and uncover vulnerabilities that are relevant to your environment.

Technical assessment icon

Methodical and Reproducible

The test itself and all findings are documented in a structured manner, allowing you to reproduce the attacks and understand the vulnerabilities. This includes a detailed engagement overview.

Compliance reporting icon

Reporting and Recommendations

In addition to reproducible proof of concepts for findings, we provide recommendations for remediation and improvement.

Training & Advisory

Strategic Cyber Security Advisory

As independent and certified security experts, we provide strategic advisory services to help you improve your security posture. We assist in choosing products, services and hardening measures that match your current security level, budget and future goals. We help you to make informed and cost effective decisions about your security strategy.

In regular meetings, we discuss next steps and conduct technical reviews of existing and newly implemented security measures. This ensures that your security posture is continuously improved and adapted to the evolving threat landscape.

Contact Us
Security expertise icon

Attacker's Point of View

We provide advisory services with an attacker's point of view, recommending measures that are effective against real-world threats.

Risk assessment icon

Independent and Unbiased

With no vendor affiliations or incentive to sell products, we provide unbiased consulting that is tailored to your specific needs and requirements.

Security maturity growth icon

What Really Matters

Many improvements can be achieved by focusing on the basics and implementing effective hardening measures. This not only saves costs, but also ensures that your security measures are effective and sustainable in the long run.

Training & Advisory

SOC & Security Workshops

We train SOC Analysts, Incident Responders, and Security Engineers in various areas of cyber security. Our workshops are technical and designed to provide practical knowledge. All trainings are interactive, allowing participants to apply what they learn in real-world scenarios. We provide several labs and topics, including:

  • Active Directory enumeration and attack vectors
  • Windows client and server security
  • Web application security and OWASP Top 10
  • Cloud & Microsoft 365 security
  • Social engineering and phishing
  • External attack surfaces and vulnerability management

While a technical background is required for all workshops, they are designed to be accessible to all levels of experience.

Contact Us
Hands-on training icon

Realistic and Interactive Labs

We keep our environments up to date with the latest attack techniques and have a big emphasis on realism. The attacks we show are meant to be replicated and practiced in a safe environment.

Threat simulation icon

Attack is the Best Defense

By learning about current attack techniques and how to defend against them, your team will be better prepared to handle real-world threats.

Workshop instruction icon

Perfect for Admins & SOCs

Our workshops are designed for system administrators, security engineers, and SOC analysts. They cover vulnerabilities, attack paths and how to defend and respond.