Open Source Intelligence Analysis (OSINT) and social engineering security assessment for an education institution
Q2 2022
Due to the sensitive nature of our field, we do not name clients. We have listed some examples of the types of projects we execute as a reference:
Grey-box security assessment of multiple web applications for the managment of human resources
Q2 2022
Grey-box security assessment of networks and software solutions to manage OT devices at a production site
Q2 2022
Configuration review of an F5 firewall and spot checks of web applications behind it to test WAF functionality
Q2 2022
Red team assessment of the control network for an energy provider, including physical security walkthrough, network review and penetration test of internal networks
Q2 2022
Grey-box assessment of a website providing credit services to customers (frontend, backend, as well as an Android and iOS app)
Q2 2022
Black-box security assessment of building-automation systems for an engineering site
Q1 2022
Security assessment of an RFQ management web application
Q1 2022
Security assessment of a financial rich client application provided over Citrix with focus on outbreaks to the underlying operating system
Q1 2022
Grey-box security assessment of the frontend of a website providing services for monthly device subscriptions
Q1 2022
Red team assessment with the goal to compromise specific target servers. An Assumed Breach Model was applied, attacks were launched from provided employee notebooks
Q1 2022
Black-box penetration test of the external IT infrastructure in combination with a phishing assessment for a client in the pulp and paper industry
Q1 2022
Security assessment of the Active Directory
Q1 2022
Red team assessment with the goal to compromise the internal network. An Assumed Breach Model was applied, attacks were launched from provided employee notebooks
Q4 2021
Grey-box assessment of a cloud-based web application for managing IoT devices
Q4 2021
Security assessment of the internal network and the internet-facing infrastructure, including a phishing assessment
Q4 2021
Configuration review and security assessment of a company's technical payment processes (white-box and grey-box)
Q4 2021
A Purple-Team Assessment of a power supply company. Attacks were performed and detection was tested and discussed in close cooperation with the internal blue team
Q4 2021
Security assessment of web services used for software updates of healthcare systems
Q4 2021
Security assessment of a company's external and internal IT infrastructure
Q4 2021
Grey-box security assessment of a web based file exchange solution
Q3 2021
Configuration review and security assessment of a company's technical payment processes (white-box and grey-box), including phishing attacks in order to practically test attacks on payment workflows and the employees' security awareness
Q3 2021
Red team assessment with the goal to compromise specific target servers. Initial access vectors were attacks on the IT infrastructure accessible from the intranet
Q3 2021
Black-box assessment of the external facing IT services
Q3 2021
Grey-box security assessment of a loan management application, including different views of the web applications and the infrastructure
Q3 2021
Security assessment of iOS and Android apps used by shops to allow payment with voucher codes
Q3 2021
Configuration review and security assessment of a company's technical payment processes (white-box and grey-box)
Q2 2021
Security assessment of the kiosk mode implementation of a mobile device (Android) including a black-box-check of the associated landing page
Q2 2021
Red team assessment with the goal to compromise specific production server and not be detected by the blue team. Initial access vectors were attacks on IT services accessible from the network
Q2 2021
Security assessment of a healthcare web application which stores and processes PII and PHI data
Q2 2021
Grey-box security assessment of a web app and its corresponding iOS and Android apps for flexible payments
Q2 2021
Grey-box check of a backend web application used to create and administrate commissions and energy rates
Q2 2021
Grey-box check of a web application for education, student and training management
Q2 2021
Grey-box security assessment of a website, including a chat bot and it's WordPress configuration backend
Q1 2021
Security assessment of an access control system, including a web application, thick client and white-box check
Q1 2021
Black-box assessment of the external and internal infrastructure of an IT consulting and outsourcing company. The assessment included a security assessment of the WiFi infrastructure of the customer
Q1 2021
White-box assessment and penetration test of a communication middleware for health services
Q1 2021
Grey-box security assessment and Azure configuration review of a risk management application
Q1 2021
Security assessment of a company's payment processes and the corresponding infrastructure, followed by a phishing assessment in order to simulate an attack
Q1 2021
Red team assessment with the goal to gain administrative privileges in the Windows domain and to access industrial control systems. Initial access vectors included phishing, phone calls and attacks on IT services accessible from the Internet
Q1 2021
Grey-box security assessment of the internet facing frontend of a mobile device management application
Q4 2020
Security assessment from an external point of view, conducted via active attacks from the Internet and via a phishing assessment (password phishing and document with malware)
Q4 2020
Internal and external security assessment of an IT service provider including web applications, Active Directory exploitation and network based attacks
Q4 2020
Red team assessment of an industry company with an additional white-box check of an employee notebook with focus on the attacker being in the same WiFi network or the attacker stealing a device
Q4 2020
Security assessment of a web application for case management
Q4 2020
Security assessment of critical infrastructure, consisting of a social engineering assessment, physical security walkthrough, a network review and an internal penetration test
Q4 2020
Red team assessment of critical infrastructure including social engineering, physical security walkthrough, network review and an internal penetration test
Q4 2020
Grey-box security assessment of a web application for master data and product information management
Q3 2020
Grey-box assessment of a cloud-based ticketing system
Q3 2020
Red team assessment in an industrial environment with the defined worst case of a factory shutdown in Germany
Q3 2020
Thin-client Citrix breakout with an additional internal network risk analysis
Q3 2020
Grey-box security assessment of a web application used for facility and real estate management
Q3 2020
Grey-box check of an online banking solution and other banking-related applications
Q3 2020
Grey-box security assessment of APEX-based web applications for risk management workflows and role management
Q2 2020
Black-box check of a hospital's external facing IT services
Q2 2020
Grey-box assessment of an aerospace positioning system
Q2 2020
External grey-box check of a financial treasury application
Q2 2020
Grey-box security assessment of the servers in the DMZ including a configuration analysis
Q2 2020
Examiniation of the network segmentation and search for weak points in a production plant
Q2 2020
Security assessment of a browser extension, which is used to interact with a cloud service
Q1 2020
White-box check of systems involved in an application used for handling medical data
Q1 2020
White-box web-security assessments of a web applications with login and provided source code
Q1 2020
External black-box perimeter test (infrastructure and web)
Q1 2020
Grey-box web-security assessment of a privacy management system and white-box of the backend systems, including the application's database server and a container environment
Q1 2020
Assessment in an industrial environment with the defined worst case of a factory shutdown
Q1 2020
Grey-box check of a web application used to administrate and view data of measurement devices
Q4 2019
Internal and external security assessment of a provider in the aerospace industry including a Wi-Fi assessment, web applications, Active Directory exploitation and network based attacks
Q4 2019
Risk analysis of a remote administration solution for distribute power plants
Q4 2019
Internal security assessment of a critical water supply infrastructure in Austria
Q4 2019
Internal security assessment of an industrial software supplier in Shanghai
Q4 2019
Red Team Assessment of a R&D department with the defined worst case of access to and manipulation of source code
Q4 2019
Security assessment of the network infrastructure and critical components of a public transport infrastructure
Q4 2019
Grey-box web-security assessment of a web plattform with a login portal and white-box check of a server configuration
Q4 2019
Security assessment of an IoT device to collect and transfer measurement data
Q3 2019
Security assessment of a VPN gateway and an internal application server
Q3 2019
Security assessment of core systems and websites of an internal infrastructure
Q3 2019
Security assessment of a large-scale wifi infrastructure
Q3 2019
Security assessment of the payment process including process and technical review
Q3 2019
Grey-box web-security assessment of an administration portal
Q3 2019
Red Team Assessment of a software supplier in Budapest with the defined worst case of source code modification prior release
Q3 2019
Grey-box web application assessment of a customer support platform
Q2 2019
Re-Check of an electronic data exchange platform for energy providers
Q2 2019
White-box infrastructure assessment of a Mexican marked place for financial institutions and corporations to access and transact with analyzed SMEs
Q2 2019
Social Engineering and physical security assessment for a financial institution
Q2 2019
Grey-box web application assessment of a platform for displaying medical figures
Q2 2019
Basic and advanced security training for security managers throughout the whole company
Q2 2019
Security assessment of the payment process including process and technical review
Q1 2019
Red Team Assessment in an industrial environment with the defined worst case of a factory shutdown in the Czech Republic
Q1 2019
Security assessment of a payment and treasury software in order to identify weaknesses in the web portal and the thick client
Q1 2019
Security assessment of the payment process including process and technical review
Q1 2019
Red Team Assessment in a corporate environment using spear phishing, rubber duckies, and lateral movement
Q1 2019
Check of bypassing McAfee whitelisting ruleset for SCADA systems
Q1 2019
Red Team Assessment of several locations of a critical infrastructure provider
Q1 2019
Red Team Assessment in an industrial environment with the defined worst case of a factory shutdown in India
Q1 2019
Social Engineering and physical assessment of a digital service provider
Q4 2018
Grey-box check of a risk assessment platform for critical infrastructure
Q4 2018
Security assessment of payment processes focusing on secure transmission and server configurations
Q4 2018
Penetration test of a cloud solution to digitise internal and external business processes
Q4 2018
Security assessment of an application white-listing concept within critical infrastructure
Q4 2018
Security assessment of charging infrastructure for electric vehicles
Q4 2018
Grey-box assessment of an open cloud platform providing access to valuable information of industrial devices
Q3 2018
Grey-box check of a platform for processing x-ray images
Q3 2018
Grey-box check of a crypto-currency trading platform
Q3 2018
External black-box penetration test of an ISP infrasturcture
Q3 2018
Internal and external security assessment of a real-estate service agency
Q3 2018
Security assessment of the payment process including process and technical review
Q3 2018
Grey-box check of an incident management solution for critical infrastructure
Q2 2018
Security assessment of the payment process including process and technical review
Q2 2018
Grey-box security assessment of a performance management and analysis platform
Q2 2018
Red Team Assessment on critical locations and networks of a public transport provider
Q2 2018
Security analysis of an ATM's internal communication protocol
Q2 2018
Grey-box check of an industry ordering platform
Q2 2018
Reverse engineering and analysis of a file encryption software
Q2 2018
Security assessment of the payment process including process and technical review
Q1 2018
Reverse engineering and communication analysis of client-side agents
Q1 2018
Reverse engineering of an industrial black-box to evaluate the security of the project for installation in existing networks
Q1 2018
Security assessment of a security operation center including IT systems, applications, network and WLAN
Q1 2018
Grey-box check of a single-sign-on solution for internal applications
Q1 2018
Red Team Assessment of various clinical locations to determine possible attack points on sensitive data via IT, social engineering or physical access
Q1 2018
Security assessment of the payment process in a manufacturing company including process and technical review
Q4 2017
White-box check of a customer service portal, including source code review
Q4 2017
External grey-box check of REST APIs used for data exchange in the public transportation sector
Q4 2017
WLAN and infrastructure security assessment, including 802.1x implementation
Q4 2017
Red Team Assessment of various clinical locations to determine possible attack points on sensitive data via IT, social engineering or physical access
Q4 2017
Security assessment of the payment process of company dealing with renewable energy including process and technical review
Q4 2017
Social engineering assessment and grey-box check of the web services of a cloud provider
Q4 2017
Grey-box check of a web-based management interface for public transportation
Q4 2017
Black-box check of the company's premises to determine vulnerabilities from the Internet
Q3 2017
Security assessment of an internet provider's back-end customer services and the modem infrastructure
Q3 2017
Security assessment of an electronic data exchange platform between energy providers
Q3 2017
Social Engineering Assessment of a production plant in order to test the resilience against industrial espionage
Q3 2017
External grey-box check of a financial treasury application
Q3 2017
External black-box check of the company's premises and single-sign-on solution for clients
Q3 2017
White-box security assessment of the test lab for public transportation before put into production
Q2 2017
Grey-box assessment of a recruiting software for various clinical institutions available over the Internet
Q2 2017
Open Source Intelligence Analysis (OSINT) of a company to identify possible IT, social engineering and physical attack points
Q2 2017
Grey-box assessment of a mobile app to view household electricity usage in combination with smart meters
Q2 2017
Security assessment of electronic charging stations
Q2 2017
Assessment of an Android and iOS app for service management
Q2 2017
External black-box check of the company's premises to identify possible attack points from the Internet
Q2 2017
Red Team Assessment on the headquarters and a production facility to test the resilience against targeted attacks
Q1 2017
Security assessment of mobile devices to evaluate the risks against device theft
Q1 2017
External black-box assessment of the company's premises against attacks from the Internet
Q1 2017
Grey-box assessment of service portal for customers
Q1 2017
Black-box check of the company's main web site
Q1 2017
Grey-box check of a mobile device management solution including central service and device agents
Q1 2017
Red Team Assessment on a power plant to test resilience against targeted critical infrastructure attacks
Q4 2016
Performing a phishing campaign to evaluate the awareness of management personnel
Q4 2016
Internal penetration test of a company's network and core services
Q4 2016
Security assessment of a fat-client for team collaboration
Q4 2016
Security assessment, including IT and web services and their configuration settings, of a data exchange platform between clinical institutions
Q4 2016
Assessmenet of IT infrastructure, web interface and APIs of analytical compontents of an enterprise-wide CRM solution
Q4 2016
IT security assessment of selected external web sites and and a data exchange platform for patients and doctors
Q4 2016
External penetration test of the organization's web site and other external facing services
Q4 2016
Binary and behavioural analysis of a security product deployed across the enterprise
Q3 2016
External grey-box check of a financial treasury application
Q3 2016
Re-check of an internal payment solution including IT infrastructure, server hardening measures and web interfaces
Q3 2016
Penetration test of a cloud solution for power plant providers
Q3 2016
Performing a security analysis of integrating smart cards into HSMs for network use
Q3 2016
Security assessment of a software license management solution
Q3 2016
IT penetration test of a team collaboration tool for enterprises, including encrypted chats, file exchange and video conferences
Q3 2016
Security assessment of security- and privacy-related issues concerning Google Chromebooks in a corporate environment
Q2 2016
Penetration test of an industrial network, including components, like VPN, HMIs, PLCs, engineering work station, etc., in a lab environment
Q2 2016
Vulnerability scanning workshop and consultation during internal vulnerability scans
Q2 2016
Review and re-design of the company's internal network design and recommendations for additional security measures
Q2 2016
Re-check of an internal, online PKI center (HSM, Java application server and infrastructure assessment)
Q1 2016
Penetration test of an electric power transformation substation's internal network including infrastructure, SCADA and control systems
Q1 2016
Penetration test of a third-party one-time-pad (OTP) solution for mobile devices (app) and desktops
Q1 2016
Grey-box penetration test of several internal high-profile targets within the network, including infrastructure and web-based checks
Q1 2016
External penetration test of the backend of an online banking solution
Q1 2016
Large-scale (> 6.000 IP addresses) black-box scanning with identification of vulnerabilities
Q1 2016
Security review of the architecture of a mobile entertainment systems for patients
Q4 2015
Support in the development of user and security guidelines for a web-based administration system
Q4 2015
Penetration test of a third-party system and network monitoring appliance
Q4 2015
Advanced penetration testing training for the company's development and security team, especially adapted to the company's needs
Q4 2015
Review and re-design of the company's internal network design and security policies
Q4 2015
External grey-box assessment of various internet-facing web sites of the company
Q4 2015
Internal white-box security assessment to secure an application used to communicate health-related information to public authorities
Q4 2015
External black-box assessment of internet-facing systems (intranet, e-learning, etc.) including infrastructure and web-based checks
Q4 2015
Penetration test of an ISP infrastructure from the viewpoint of an end-user (modem SW/HW hack, infrastructure check, …)
Q3 2015
External black-box check of a banking infrastructure
Q3 2015
Grey-box check of a web application for administering job applicants and members
Q3 2015
Assessment of an application written in Microsoft Excel
Q3 2015
Security check of an enterprise source code management platform fully integrated into Windows environments (Thick Clients)
Q3 2015
Grey-box check of a web application to manage power line customers
Q3 2015
Internal grey-box assessment of a business intelligence / warehouse environment
Q3 2015
External penetration test of a time registration web application for employees
Q3 2015
Penetration test of public transport system (management network, SCADA and vehicle control network)
Q2 2015
Grey-box check of an internal network and its PKI infrastructure
Q2 2015
Black-box check of an internal network
Q2 2015
External grey-box check of a financial treasury application
Q2 2015
Internal grey-box check of a fleet management system (telematics system)
Q2 2015
Internal white-box assessment of SCADA networks
Q1 2015
Red Team Assessment targeting the internal network, VoIP systems, mobile clients and dedicated offices and additional phishing campaign
Q1 2015
Security assessment of a hardened notebook installation for high-secure applications
Q1 2015
External black-box scan of all available Internet-facing systems of an enterprise
Q1 2015
Grey-box check of support portal for customers
Q4 2014
External black-box check of the company website
Q4 2014
White-box check of a secure environment for key and password storage
Q4 2014
Grey-box check of a data exchange platform for military and industry
Q4 2014
Grey-box check of an assessment platform for job applicants
Q4 2014
Grey-box security assessment of SCADA and PCL control network in transportation
Q4 2014
Grey-box check of a platform for managing orders and customers
Q3 2014
White-box assessment of a physical access control system and procedures
Q3 2014
Grey-box assessment of a satellite communication system for hazardous environments
Q3 2014
White-box physical security walk-through of the company’s head quarters
Q1 2014
White-box assessment of an internal payment solution and corresponding processes
Q1 2014
External black-box scan of all available Internet-facing systems of an enterprise
Q1 2014
White-box IT security assessment of live SCADA environment (power plant)
Q4 2013
External black-box security check a new company website
Q4 2013
Black-box assessment of a new Typo3 website for clients
Q4 2013
Reverse engineering of a BMS application (for physical access control, doors, bars and gates)
Q4 2013
Grey-box security assessment of a third-party remote administration software
Q4 2013
Re-check of a social media platform for large corporations
Q3 2013
Security awareness training for local security personnel
Q3 2013
Large-scale (> 18.000 IP addresses) black-box scanning with identification of vulnerabilities
Q3 2013
Red Team Assessment on a production facility for off-shore energy production to steal production plans
Q3 2013
Grey-box security assessment of an online bidding platform
Q3 2013
Red Team Assessment of a data center to gain physical access to the server room
Q3 2013
Grey-box security check of a mobile solution for order management
Q2 2013
Grey-box security assessment of an internal registration authority (RA)
Q2 2013
Penetration testing workshop to educate an internal team to conduct security assessments
Q2 2013
Grey-box security check of a web-based solution for management of excavations
Q2 2013
Grey-box security check of an online shop before its go-live
Q2 2013
Grey-box security assessment of an online-solution for order management
Q2 2013
Security architecture review of a customer self-service portal during development phase
Q1 2013
Grey-box assessment of an application running on SAP Enterprise Portal
Q1 2013
Black-box security assessment of a third-party, high-class video conferencing solution
Q1 2013
Large-scale black-box DMZ scanning with identification of vulnerabilities
Q1 2013
Grey-box security assessment of GPS location services
Q1 2013
Grey-box Red Team Assessment on a data center to gain physical access to the server room
Q4 2012
External black-box IT penetration test (infrastructure and web)
Q4 2012
Black-box assessment of an internal IT infrastructure
Q4 2012
Grey-box web assessment of a social media platform for big companies
Q4 2012
Grey-box assessment of an online platform for banking services
Q3 2012
Grey-box web application assessment of an online shop for end customers
Q3 2012
Grey-box assessment of an online portal for sales
Q3 2012
Black-box security check of a dedicated list of corporate websites including Denial-of-Service tests
Q3 2012
Grey-box security assessment of a self-service online portal for end users
Q3 2012
White-box physical security assessment and practical Red Team Test on dedicated security personnel
Q3 2012
Grey-box assessment of a single sign-on solution from the intranet for intranet applications
Q2 2012
Black-box assessment including reverse engineering of a Windows application used to manage large-scale Windows AD services
Q2 2012
Grey-box security check of a third-party remote VPN solution for the company
Q2 2012
Grey-box security assessment of a third-party mobile management platform
Q2 2012
Grey-box assessment of a Windows rich client application using web services
Q2 2012
Black-box assessment of the company's infrastructure and web applications accessible from the Internet
Q1 2012
Grey-box web security assessment of a cloud-based environment including in-house developed services
Q1 2012
Security analysis of the usage of Microsoft Outlook Web Access on untrusted clients
Q1 2012
Audit of a Microsoft SharePoint environment including some web applications for reporting
Q1 2012
Grey-box security assessment of SCADA power components (transportation)
Q1 2012
Black-box assessment of the external infrastructure and the online services provided by a company
Q1 2012
Red Team Assessments to test the overall security of an enterprise's proprietary research data
Q4 2011
OSINT analysis of a big company to identify possibly leaked company data on the Internet
Q4 2011
Grey-box infrastructure- and web application assessment for customer portals
Q3 2011
Grey-box infrastructure- and web application assessment of a new online platform
Q3 2011
Theoretical and practical security analysis of social media integrations
Q3 2011
Advanced IT Penetration Testing training for security consultants and penetration testers
Q3 2011
Grey-box security assessment of an electronic brokering platform
Q3 2011
Grey-box assessment of two user administration web applications
Q3 2011
Content Management System (CMS) audit and analysis of the company's website
Q3 2011
Grey-box assessment of a Microsoft SharePoint application
Q2 2011
Risk analysis workshop for a product in the development phase
Q2 2011
Grey-box web application and infrastructure assessment
Q2 2011
Large-scale black-box DMZ scanning with identification of vulnerabilities
Q2 2011
Internal grey-box SAP Enterprise Portal application assessment
Q1 2011
Review of group policies
Q4 2010
Infrastructure / SAP audit (DMZ) and web application audit of a customer portal
Q4 2010
Black-box server infrastructure, Typo3 and website assessment
Q4 2010