Red Teaming Penetration Test

holistic penetration test

Red Teaming Penetration Test

Attackers can spend an average of 56 days in foreign corporate networks before they are discovered. Time to check how safe they really are.

IT security strategies are based on the fundamental pillars of prevention, detection and response. IT infrastructure should be state of the art, an appropriate IT security culture should be maintained, physical IT security should be ensured.

But can all your security strategies withstand an attack? Many security concepts sound tempting in theory, but fail in practice. Which of them are actually effective can rarely be judged without a practical review.

Time to see if your security measures are paying off, too.

Attackers usually pick the most vulnerable link in a chain – and that doesn’t always have to be IT. Often, attack vectors in physical IT security or even in the company’s security culture can be used to obtain information worth protecting. As part of the Red Teaming penetration test, we check your company holistically – with any means that could also be available to a potential attacker.

This gives you a realistic view of your company’s defense and response capabilities.

We test holistically:

Technology We carry out attacks against your corporate IT.
People We check how your employees react to actual hacker attacks.
Is IT security really part of the corporate culture?
Physical IT security We check how your company building, server rooms as well as other relevant facilities of your company are secured.
Recognized standards We work according to recognized standards such as ISECOM OSSTMM, PTES, OWASP Testing Guide as well as the specifications and recommendations of the TIBER-EU Framework of the European Central Bank. Furthermore, all our security audits are based on the recommendations of the German Federal Office for Information Security. In addition, our projects are insured for financial loss as well as personal injury and property damage.
    We believe that IT security must be different today . Security means trust in independent solutions. Safety is not a product, but a continuous process. This is exactly why we work with holistic consulting methods and understand companies as holistic security factor - just as an attacker would . Because a concept does not make a system.
    We work according to recognized standards such as PTES, NIST, OWASP Testing Guide, PCI-DSS, Cyber Kill Chain as well as the implementation concept for penetration tests of the Federal Office for Information Security . In addition, our projects are insured for financial loss as well as personal injury and property damage.

Procedure of the tests

During the initial meeting, we get to know you and your company better. In the second round of the meeting, we discuss the next steps together with all decision-makers. The methodology of penetration testing to be applied is determined.

Once the penetration test has identified possible attack vectors and determined their probability of occurrence and the extent of damage, we present the results to you in a final report.

This includes a management summary, a detailed description of the inherent risks, and a proof of concept so that you can track the vulnerabilities internally with your own IT experts.

At the heart of the documentation are the comprehensive recommendations for action, which you can use to carry out independent remediation of the weak points in a simple and comprehensible manner.

Independently of a free debriefing to clarify open questions or ambiguities, we are also happy to provide you with a confirmation of the successful execution of a penetration test upon request. You can use this as proof for customers and business partners.

 

 

The final report contains the following components:

  • Project frame data (project name, contact person, test period, scope)
  • Management summary
  • Description of the approach and methods used
  • Summary and assessment of the identified vulnerabilities in terms of their criticality (including CVSS values and CVE entries) and technical proof of concept
  • Detailed technical description of the identified vulnerabilities / inherent risks.
  • Recommendation of measures to eliminate the vulnerability as well as listing of all vulnerabilities in tabular form (Excel).

Your contact

You can always reach us personally. Because loyalty based on partnership is far more important to us than short-term success.

Philipp Kalweit

Philipp Kalweit

Managing Partner

 

+49 40 285 301 257

hello@kalwe.it

Philipp Kalweit is an experienced IT security consultant on the topics of security awareness and offensive IT auditing. For the past six years, he has been advising and auditing clients from the SME and group environment, in particular ECB and BaFin-regulated organizations as well as groups in the retail sector. His consulting focus is on holistic IT security. He was honored for his work in 2019 by DIE ZEIT as “Hamburger of the Month” and in the same year was included in the Forbes “30 under 30 DACH” list.

 

Arrange a non-binding initial meeting now