Ethical Hacking
Ranging from thorough manual Pen Testing to Red Teaming
Hackers are creative and are often one step ahead of their victims. You can engage our ethical hackers to inspect and pentest your network infrastructure and systems. With their findings, they help to make your digital environment more secure.
Dedicated Hackertime
- Intake call for time estimation
- Your unique project for a fixed price
Documented Vulnerabilities
- Overview of all found vulnerabilities
- Classified according to criticality
Comprehensive Reporting
- Full report including all details
- With executive summary
Clear Recommendations
- Solution-focused advice
- Independent and not biased
Company Security Score
- How you score against hackers
- Based on criticality of errors
Personalized Debriefing
- Explained in human language
- We remain on standby after the test
What can you choose from?
BLACKBOX TEST
- Pentester has no prior knowledge
- Full test from outside
TIMEBOX TEST
- Pentester based on time
- We penetrate as far as possible
GREYBOX TEST
- Pentester has partial information
- Combining external and internal test
BUDGETBOX TEST
- Pentester based on budget
- We penetrate as far as possible
WHITEBOX TEST
- Pentester has full prior knowledge
- Full test from the inside
RED TEAMING TEST
- All possible hacking and social engineering techniques
- We work with predefined objectives
Possible Pentest Targets
Web Applications
Websites, e-shops, portals or CRM systems are a gateway from the Internet to sensitive data. We identify all vulnerabilities and advise on measures to be taken.
Mobile Applications
Mobile apps process sensitive data linked in various ways to other (web) services and systems. We test all possible links of iOS, Android, and Windows apps with or without the corresponding web application.
WiFi
Hackers can easily get in via WiFi. The signal is then picked up outside by criminals so that they can hack remotely and quietly without being noticed.
Software Defined Radio
More and more communication between our systems is wireless. Software Defined Radio (SDR) has increased the risks enormously. We map out everything (think of IoT devices).
ICS-SCADA
Industrial control systems and SCADA are connected to internet and corporate networks but do not have optimal security. We check this thoroughly.
Compliance Audits
A pen test is often a mandatory part of an ISO 27001 or GDPR certification process. We thoroughly check whether you meet all the requirements.
Cloud Security
Your company works in the cloud. But are the links to your own environment safe? Maybe they create unforeseen security holes?
Company Network
We check whether hackers can penetrate your internal network and also whether malicious employees or visitors can misuse data from within.
Other Hacking Services
Red Teaming
We carry out realistic cyber-attacks, using the latest hacking techniques, to test your security. It is a complete cyber fire drill on the staff and the company network. So that you are prepared for a real attack.
Check-ups
Teleworking and migrations to the cloud allow staff to work flexibly from different locations. In the process, little consideration has been given to security risks. The check-ups detect all security leaks in your cloud environment.
Mystery Guest
How far does an unannounced visitor physically get into your company? We come on-site incognito, test it out and deliver a comprehensive report.
Forensic Research
If you are a victim of a cyber intrusion or ransomware, we track down the hacking path trying to find the malware so that you can restore the security of your network.
Hack-proof Tools
We have online backups, cyber insurance, the most efficient anti-ransomware scanner and a security score to check the digital footprint of your own company and your suppliers.
Cyber Threat Hunting
Through proactive and in-depth forensic analysis you can check if you have been hacked and if there are systems that leak information.
Criticality and Predefined Bugs
Low urgency (K4)
Medium urgency (K3)
High urgency (K2)
Very critical (K1)
- Server Security Misconfiguration - Misconfiguration DNS (zone transfer)
- Server Security Misconfiguration - Mail server misconfiguration (e-mail spoof to Inbox as a result of miss/misconfiguration DMARC on e-mail)
- Server Security Misconfiguration - Database Management System Misconfiguration (DBMS) (overly privileged user / DBA)
- Server Security Misconfiguration - Lack of Password Confirmation (Delete account)Server Security Misconfiguration - No tariff restriction on the form (registration)
- Server Security Misconfiguration - No tariff restriction on the form (login)
- Server Security Misconfiguration - No rate restriction on the form (e-mail triggering)
- Server Security Misconfiguration - No tariff restriction on the form (SMS triggering)
- Server Security Misconfiguration - Missing secure or HTTP only cookie flag (session token)
- Server Security Misconfiguration - Clickjacking (sensitive action)
- Server Security Misconfiguration - Captcha bypass (implementation vulnerability)
- Server Security Misconfiguration - Lack of security headers (cache-control for a sensitive page)
- Server Security Misconfiguration - Web Application Firewall (WAF) bypass (direct server access)
- Server-Side Injection - Spoofing content (external authentication Injection)
- Server-Side Injection - Spoofing content (email HTML injection)
- Broken Authentication and Session Management - Cleartext transmission of the session token
- Broken Authentication and Session Management - Weak login function (other plaintext protocol without secure alternative)
- Failed Authentication and Session Management - Weak login function (LAN only)
- Failed Authentication and Session Management - Weak login function (HTTP and HTTPS available)
- Broken Authentication and Session Management - Error or invalid session (log out on client and server)
- Broken Authentication and Session Management - Error or invalid session (on password reset/change)
- Failed Authentication and Session Management - Weak registration implementation (over HTTP)
- Sensitive data exposure - EXIF geolocation data not stripped from uploaded images (manual user enumeration)
- Sensitive data exposure - Visible detailed error/Debug page (detailed server configuration)
- Sensitive data exposure - Token leakage via referer (unreliable 3rd party)
- Sensitive data exposure - Token leakage via referer (over HTTP)
- Sensitive data exposure - Sensitive token in URL (user-facing)
- Sensitive data exposure - Weak password reset Implementation (password reset token sent over HTTP)
- Cross-Site Scripting (XSS) - Saved (privileged user to no privileged elevation)
- Cross-Site Scripting (XSS) - Flash-Based
- Cross-Site Scripting (XSS) - IE only (IE11)
- Cross-Site Scripting (XSS) - Reference
- Cross-Site Scripting (XSS) - Universal (UXSS)
- Cross-Site Scripting (XSS) - Off-Domain (Data URL)
- Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (External)
- Broken access control (BAC) - Username/Email enumeration (non-brute force)
- Unvalidated Redirects and Forwards - Open redirect (GET-Based)
- Insufficient Security Configuration - No Password Policy
- Insufficient Security configuration - Weak password reset Implementation (the token is not invalid after use)
- Insufficient Security Configuration - Weak 2FA Implementation (2FA secret cannot be rotated)
- Insufficient Security Configuration - Weak 2FA Implementation (2FA secret remains available after 2FA is enabled)
- Use of components with known vulnerabilities - Rosetta Flash
- Unsafe data storage - Sensitive application data stored unencrypted (on external storage)
- Unsafe data storage - Server-Side credentials storage (plaintext)
- Unsafe data transport - Executable download (no secure integrity check)
- Privacy Concerns - Unnecessary data collection (WiFi SSID+password)
- Automotive Security Misconfiguration - Infotainment (source code dump)
- Automotive Security Misconfiguration - Infotainment (Denial of Service (DoS / Brick)
- Automotive Security Misconfiguration - Infotainment (default credentials)
- Automotive Security Misconfiguration - RF Hub (unauthorized access/power on)
- Automotive Security Misconfiguration - CAN (injection (prohibited messages))
- Automotive Security Misconfiguration - CAN (Injection (DoS))
- Server Security Misconfiguration - Misconfigured DNS (basic subdomain takeover)
- Server Security Misconfiguration - Mail server misconfiguration (no spoofing protection on email domain)
- Server-Side Injection - HTTP response manipulation (response splitting) (CRLF)
- Server-Side Injection - Content spoofing (iframe Injection)
- Broken Authentication and Session Management - Two Factor Authentication (2FA) Bypass
- Failed Authentication and Session Management - Weak login function (HTTPS not available or HTTP default)
- Failed Authentication and Session Management - Session fixation (remote attack vector)
- Exposure sensitive data - EXIF Geolocation data not stripped from uploaded images (automatic user enumeration)
- Cross-Site Scripting (XSS) - Saved privileged user to Privilege Elevation
- Cross-Site Scripting (XSS) - Saved CSRF/URL-Based
- Cross-Site Scripting (XSS) - Reflected Non-Self
- Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal scan and/or medium Impact)
- Application-Level Denial-of-Service (DoS) - High impact and/or medium difficulty
- Client-Side Injection - Binary planting (default folder privilege escalation)
- Automotive Security Misconfiguration - Infotainment (Code execution (not CAN Bus Pivot))
- Automotive Security Misconfiguration - Infotainment (unauthorized access to services (API/endpoints))
- Automotive Security Misconfiguration - RF Hub (Data leakage/pull encryption mechanism)
- Server Security Misconfiguration - Wrongly configured DNS (Subdomain takeover)
- Server Security Misconfiguration - OAuth Misconfiguration (Account takeover)
- Exposure to sensitive data - Weak password-reset implementation (Token leakage via Host Header Poisoning)
- Cross-Site Scripting (XSS) - Saved (Non-Privileged User to Everyone)
- Broken Access Control (BAC) - Server-Side Request Forgery (SSRF) (internal high impact)
- Cross-Site Request Forgery (CSRF) - Application-wide
- Application-level Denial-of-Service (DoS) - Critical impact and/or easy difficulty level
- Insecure OS/Firmware - Hardcoded Password ( Non-Privileged User)
- Automotive Security Misconfiguration - Infotainment (Code Execution - CAN Bus Pivot)
- Automotive Security Misconfiguration - RF Hub CAN Injection (Interaction)
- Server security misconfiguration - Use of standard certificates
- Server-Side Injection - File Injection Local
- Server-Side Injection - Remote Code Execution (RCE)
- Server-Side Injection - SQL Injection
- Server-Side Injection - XML External Entity Injection (XXE)
- Broken Authentication and Session Management - Authentication bypass
- Exposure to sensitive data - Critically sensitive data (disclosure of passwords)
- Exposure to sensitive data - Critically sensitive data (private API keys)
- Insecure OS/Firmware - Command Injection
- Insecure OS/Firmware - Hardcoded Password (Privileged User)
- Broken cryptography - Cryptographic error (improper use)
- Automotive Security Misconfiguration - Infotainment (PII Leakage)
- Automotive Security Misconfiguration - RF Hub (Key Fob Cloning)
All tests are performed in a very thorough and professional manner according to the CVSS standard.