Arrange a initial consultation!

Simply make an appointment online for a non-binding and free initial consultation with one of our employees.

Arrange Call

What does our IT infrastructure penetration test offer?


The penetration test for critical IT infrastructure (KRITIS) checks the security of server systems, VPN systems, WLAN networks and firewalls. As a basis for secure applications, the system as well as the Network infrastructure should not be neglected. Automated tools are absolutely necessary for this type of evaluation, but a Detailed understanding of Web-based client/server interaction required to use most of the available tools correctly.

Advantages


Penetration tests are carried out by our specially trained analysts according to recognised standards. planned, and evaluated.

Benefit from the many years of experience of our analysts.
  • Our analysts have an extensive academic education and many years of experience in the field of Experience Identify and fix all types of vulnerabilities.
  • Through regular training and education, we ensure that new tools and tools are techniques can be used as quickly as possible.
  • We are constantly developing our tools and processes further in order to provide our customers with the best possible outcome to be able to deliver.
  • Extensive research ensures that even daily updated vulnerabilities be identified can.
We conduct safety analyses on the basis of recognised standards and guidelines.
  • Our processes are based on the Praxis-Leitfaden für Penetrationstests des Bundesamts für Information Security (BSI).

Procedure


Penetration tests carried out by us are an agile process and are carried out in close consultation with the customer.

Kick-Off

The preparation of the pentest takes place in the context of a kick-off meeting with the technical and organizational responsible persons of your company. The framework conditions to be tested are specified, necessary user accounts and access routes are agreed, contact persons and escalation routes are defined and the pentest is discussed in detail together.

Research

Our analysts try to collect as much information as possible. Based on this information, analysis strategies are developed to identify possible attack vectors. These attack vectors are then examined for vulnerabilities in extensive tests.

Exploitation

In this phase, an attempt is made to actively exploit the identified vulnerabilities in order to gain access to the target systems. Depending on the service or technical environment, our pentester writes new exploits or uses existing ones. Potential vulnerabilities can turn out to be false positives. Only verified vulnerabilities are included in the final report and classified according to their criticality.

Report

You will receive a comprehensive final report consisting of a Management Summary and a Technical Report. The criticality of the weak points and recommendations for action are described in detail.

Remediation (Optional)

In this phase, the identified weak points are eliminated by your company. If required, you will be supported by our experienced security engineers.

Nachprüfung (Optional)

After the remediation you have the opportunity to have us carry out a follow-up check. Here we check the effectiveness of your measures and adjust the result report.

Abschlussgespräch (Optional)

In this final discussion, all critical points in the results report are discussed and all final questions clarified.

Interested? Convinced? Interested?

Request a sample report or our service portfolio today. We will be happy to assist you!

We have received your message. We will get back to you shortly. An error has occurred. Please try again.

The technical scope


The following section describes our test modules. As a rule, the longer our analysts have been able to Web application, the more meaningful the results are. If you have special requirements have, we will be happy to make you an individual offer.

Information Gathering

  • Search Engine Education
  • Port Scanning
  • Service Fingerprinting
  • Application Enumeration
  • Network Architecture
Patch Management

  • Obsolete Software
  • Publicly reported vulnerabilities
VPN analysis

  • Configuration
  • Cryptography
Network Manipulation

  • Routing Protocols MiTM
  • VLAN Hopping
  • ARP Spoofing
  • HSRP/VRRP MiTM Attacks
Privilege Escalation

  • Kernel Attacks
  • AD Privilege Escalation
  • Golden Ticket
identity Management

  • Role Definitions
  • Account enumeration and guessable user accounts
  • Weak and guessable passwords