„An IT system house or an internal system administrator takes care of operations - but not automatically IT security. Detecting attacks, assessing risks and securing vulnerabilities requires specialized expertise. We are your holistic partner for all IT security issues. “
Known from
A successful cyber attack has serious consequences
A successful cyber attack
has serious consequences
A successful cyberattack can have far-reaching consequences for SMEs. In addition to direct financial losses due to data theft or blackmail, there is often the threat of long-term damage. Business interruptions lead to a loss of sales, while reputational damage can shake customer confidence in the long term. Legal consequences in the event of a breach of data protection regulations, high costs for restoring systems and possible liability claims from affected customers or business partners are an additional burden.
Gain control. Minimize liability.
Many managing directors have a gut feeling when it comes to their IT security – but no reliable picture of the situation. They do not know whether their protective measures are sufficient, what risks exist or where specific weak points lie. This is exactly where a penetration test comes in: it makes visible what often remains hidden in everyday life.
Our security experts simulate targeted attacks on your IT systems – just as a real attacker would. We check networks, applications and access rights for vulnerabilities that could allow unauthorized access or data loss. In the end, you will not only know where you are vulnerable – but also what to do.
Uncover all weak points. Clearly prioritized.
A breath of fresh air
We are convinced that IT security must be thought of differently today. It is not a product, but an ongoing process – and begins with trust in independent solutions. We advise holistically, independently and always from the perspective of a potential attacker – technically, organizationally and strategically.
Clear overview of affected systems
Our experts specialize exclusively in penetration testing – with proven qualifications such as GPEN (comparable to OSCP) and an academic background in IT security. No generalists, no sub-contractors – just in-depth technical expertise.
Tested procedure. Fully secured.
Our penetration tests are based on recognized standards such as PTES, NIST, OWASP Testing Guide, PCI-DSS, the Cyber Kill Chain and the BSI implementation concept for penetration tests. All projects are comprehensively insured – against financial loss, property damage and personal injury.
Deeply specialized in penetration testing
As an independent consultancy with a focus on IT security, manual, methodically clean penetration tests are at our core. We work transparently and comprehensibly and also meet industry-specific requirements – for example in regulated sectors such as banking or healthcare.
How do you benefit from a pentest?
Clear overview of affected systems
Identification of safety-critical systems – clear, structured, comprehensible.
Attacker perspective on your company
Real attack scenarios from an external perspective – risks made tangible.
Prioritized weak points with risk analysis
Evaluation according to criticality – a sound basis for decisions.
Concrete recommendations for action
Measures to the point – prioritized, implementable, process-oriented.
Pentest packages - tailored to your requirements
External penetration test with phishing simulation & darknet check
9,900 € all-inclusive price plus VAT.
Objective: To test publicly accessible systems and attack surfaces from the perspective of an external attacker.
- Testing of web applications, firewalls, VPNs, mail servers, etc.
- Identification of remote vulnerabilities (e.g. RCE, SQLi, XSS, etc.)
- Analysis of password policy and configurations
- Reporting with risk assessment and recommendations for action
- Phishing simulation (1 wave, 1 scenario) Targeted phishing campaign with realistic scenario Tracking of clicks, entries & execution of potential payloads Evaluation of awareness and risk situation
- Darknet screening (superficial) Rough screening of relevant sources for indications of leaked access data, domains or user names Assessment of possible attack vectors from leaked data
- Final discussion & management summary
Internal penetration test with phishing & network attacks
14,900 € all-inclusive price plus VAT.
Objective: Simulation of a compromised workplace or internal perpetrator in the company network.
- Internal pentest (white box or assumed breach) Analysis of network segmentation & internal services Exploitation test of servers & clients Lateral movement, privilege escalation, password hygiene Access tests on sensitive data & systems
- Phishing simulation (1 wave, 1 scenario) Implementation as in package 1 Option for connection with Initial Access in the internal test
- Darknet screening (superficial) Implementation as in package 1
- Final workshop (technical + non-technical) Presentation of results & recommended measures Optional: Awareness briefing for managers
Every IT security requirement from a single source.
Varying
As your external security officer (vCISO), we can take full responsibility for your IT security on request. Whether it’s vulnerability management, employee training, GDPR consulting, phishing simulation, compliance support or regular penetration tests – we ensure that your security requirements are met reliably, efficiently and to a high standard.
The prices quoted are indicative and may vary depending on the size and complexity of the IT infrastructure.
Weak points that audits regularly uncover
Outdated or insufficiently patched systems
Security updates that have not been installed in operating systems, servers, applications or network devices are a perennial issue – often associated with known vulnerabilities (CVEs) that are publicly documented and exploitable.
Misconfigurations in IT systems and cloud services
Open ports, overly broad authorizations, default passwords or unsecured cloud buckets (e.g. with Microsoft 365 or AWS) offer attackers easy entry points.
Weak or compromised access data
Reused, weak or already leaked passwords (e.g. from previous data leaks) enable brute force or credential stuffing attacks – often with success.
Inadequate access control & authorization concepts
“Anyone can do anything” – unfortunately, this principle is more common than you might think. A lack of segmentation, admin rights for standard users or unlogged access to sensitive data are typical findings.
Web applications with security vulnerabilities
Individually developed portals, stores or internal tools in particular often contain weaknesses such as cross-site scripting (XSS), SQL injections or inadequate session handling mechanisms.
Missing or inadequate logging and monitoring measures
There is often a lack of basic security monitoring, which means that attacks go unnoticed. Logs are not evaluated or cannot be used for analysis in an emergency.