Getting Started

Why Pentesting & Red Teaming?

Prevent Attacks

You can only fix vulnerabilities you know about. In pentests and red teamings, we uncover vulnerabilities and security deficits so that you can then improve your IT security.

Detect Attacks

In red teamings, we simulate attacks. This allows you to test whether you detect us and if your security solutions function as intended.

Respond to Attacks
In red teamings, only a few people are aware. If we are detected, you can realistically assess how attacks are responded to, whether existing processes work, and where potential gaps lie.
Recovery from Attacks through Backups

A typical target in red teamings is the backup infrastructure. We try to bypass implemented security measures so that you know whether your backups are well protected in an emergency.

What is What?

There is often confusion and unclarity about the terms penetration tests (pentests), red teaming, and vulnerability scans. Our understanding is:

Pentests Red Teaming Vulnerability Scans
Goal Uncover as many technical vulnerabilities as possible through manual & automated checks Uncover technical and organizational vulnerabilities in the company, possibly with social engineering and on-site physical access;
Reality check for attack detection and defense		 Automated detection of vulnerabilities, for example, to quickly identify versions with critical vulnerabilities<
Test Object A defined test object, such as an IT environment or web application Entire company/organization including response capabilities to attacks;
Verification of agreed scenarios, such as taking control of IT or backups		 External or internal company infrastructures
Communication Announced tests, all relevant personnel on the client side are informed As few people as possible on the client side are informed to avoid distorting results Announced and “loud”
Enabling in upstream protection systems is useful to allow automated procedures
Approach As in-depth and efficient testing as possible;
We can be “loud” because, for example, triggering alarms doesn’t matter		 Targeted approach in scenarios, we act “quietly” and initially don’t want to be noticed Automated, no manual testing
Goal
Pentests Uncover as many technical vulnerabilities as possible through manual & automated checks.
Red Teaming Uncover technical and organizational vulnerabilities in the company, possibly with social engineering and on-site physical access; Reality check for attack detection and defense
Vulnerability Scans Automated detection of vulnerabilities, for example, to quickly identify versions with critical vulnerabilities

Test Object
Pentests A defined test object, such as an IT environment or web application
Red Teaming Entire company/organization including response capabilities to attacks;
Verification of agreed scenarios, such as taking control of IT or backups
Vulnerability Scans todo

Communication
Pentests Announced tests, all relevant personnel on the client side are informed
Red Teaming As few people as possible on the client side are informed to avoid distorting results
Vulnerability Scans External or internal company infrastructures

Approach
Pentests As in-depth and efficient testing as possible; We can be “loud” because, for example, triggering alarms doesn’t matter
Red Teaming Targeted approach in scenarios, we act “quietly” and initially don’t want to be noticed
Vulnerability Scans Automated, no manual testing

Where to Start?

Are you ready for your first pentest and looking for guidance on which tests to start with?

Then our Pentest Starter Packages are just right for you.

Project in Planning?

Whether it’s a pentest, red teaming, or a custom request –
we look forward to speaking with you!

Contact
Configurator