Pentests

When conducting a pentest we analyze the security of your systems with special focus on:

 

  • Bypassing Authentication

  • Correct use of Cryptography

  • System and Software Hardening

  • Protected Transport of sensitive Data

  • Weaknesses in Design and Execution of Processes

  • Infrastructure Hardening

  • Threats, Risks and Impacts

 

Our Red Team is skilled as follows:

 

Scanning           

Port Scanning, Vulnerability Scanning, Firewall Evasion

Protocols       

DNS, FTP, HTTP, HTTPS, IMAP, Kerberos, LDAP, MSSQL, MySQL, MariaDB, NetBIOS, SMB, Samba, NFS, NNTP, Oracle, POP3, PostgreSQL, RDP, RMI, RPC, RTSP, SMTP, SNMP, SSH, Telnet, VNC, WebDAV

Payloads     

Metasploit Framework, Staging, Payload Injecting, Web Delivery, Remote Code Execution, AV Evasion

Exploiting     

Stack-based Overflows, SEH-based Overflows, Metasploit Modules, Bypassing DEP and ASLR, ROP Chains, Egg Hunting, Unicode, Shellcoding, Heap Spraying, Use After Free

Password Cracking  

Dictionary Attacks, Brute-Forcing, Pass the Hash, Mimikatz, Kiwi

Client-Side Attacks    

E-Mails, PDFs, Phishing, Browser Exploits

Web Application Attacks

SQL Injection (SQLi), Command Injection, Cross-Site Scripting (XSS), Authentication Bypass, XML External Entities (XXE), Cross-Site Request Forgery (CSRF), Local File Inclusion (LFI), Remote File Inclusion (RFI)

Privilege Escalation  

Enumeration, Kernel Exploits, Service Configuration, Cron Jobs, Abusing Sudo rights and Suid bits, Library Injection, Path Hijacking, Shared Library Preloading

 

Post Exploitation  

Sensitive Files, Passwords, SSH Keys, Log Files, Kerberos Tickets

Port Redirection

Local Port Forwarding, Remote Port Forwarding, Dynamic Forwarding, Tunneling (SSH, SSL, HTTP, DNS, ICMP, TCP/IP)

 

 

Exploit Development

Security is my profession! For years I am researching in the field of exploit techniques. I have specialized on Windows Exploit Development and exploiting vulnerabilities in network services and Linux systems:

  • Network Scanning

  • Port Scanning

  • AV Evasion

  • Network Protocols and Services

  • Vulnerability Scanning

  • Payload Injection

  • File Transfers

  • Exploit Techniques

  • Password Cracking

  • Client-Side Attacks

  • Web Application Attacks

  • Privilege Escalation

  • Post Exploitation

  • Port Redirection, Port Tunneling, and Port Forwarding

 

 

Please take notice of my bookes "Deep Dive" and "Ethical Hacking".

 

 

Information Security

Gemarkenweg 1

51467 Bergisch Gladbach

GPG: 45E1715630AEA748