Consultation

You are interested in cyber attacks and would like to arrange a non-binding consultation.
I would be happy to advise you on questions relating to ethical hacking and how you can improve your security through controlled cyber attacks.
Arrange a consultation

External penetration test

An external penetration test is a comprehensive process that aims to identify and exploit security vulnerabilities in an organization’s external network resources as if an attacker were acting from outside the corporate network.
Price:
Daily rate: 1040€
The minimum duration for an external penetration test is 3 days and depends heavily on the infrastructure to be tested. You will receive an exact estimate during a non-binding consultation.
Request

Methodology:

1. Preperation and planning
It is determined which systems, applications and networks are to be tested, as well as the test period.

2. Information gathering (reconnaissance)
Active and passive collection of information about the target system. This includes DNS research, OSINT (Open Source Intelligence), port scans or the investigation of web services.

3. Vulnerability analysis
The information obtained is analyzed using manual and automated methods. This involves looking for vulnerabilities in web applications, software used or authentication procedures, and more.

4. Exploitation (exploitation of vulnerabilities)
An attempt is made to penetrate the system by exploiting security vulnerabilities. Actions are then carried out to ensure control, exfiltrate data or extend access to other systems.

5. Reporting and presentation
Documentation of the tests performed, the vulnerabilities found, the exploits and the effects, as well as recommendations for eliminating vulnerabilities. In addition, an overview is created for the company management and the results are presented in a fellow meeting.

6. Retesting (if required)
If necessary, retesting is carried out to ensure that the vulnerability remediation measures were successful.

Internal penetration test

An internal penetration test simulates an attack from inside your network to uncover potential vulnerabilities and security gaps before they can be exploited by malicious actors.
Price:
Daily rate: 1040€
The minimum duration for an internal penetration test is 5 days and depends heavily on the infrastructure to be tested. You will receive an exact estimate during a non-binding consultation.
Request

Methodology:

1. Preperation and planning
The systems, applications and networks/subnets to be tested, the test period and whether the test is to be carried out on your premises or remotely are determined.

2. Information gathering (reconnaissance)
The network is scanned with tools such as Nessus and Nmap to obtain an overview of the network structure, the connected assets and their configuration. The individual assets are examined using fingerprinting and the data is summarized.

3. Vulnerability analysis
The information collected in phase 2 is used to identify potential vulnerabilities. These include, for example, unpatched software, weak passwords, outdated encryption protocols, insecure Active Directory configurations or unprotected sensitive data.

4. Exploitation (exploitation of vulnerabilities)
An attempt is made to exploit the vulnerabilities found, e.g. to gain control of system assets, to move laterally and vertically in the network or to exfiltrate data.

5. Reporting and presentation
Documentation of the tests performed, the vulnerabilities found, the exploits and the effects, as well as recommendations for eliminating vulnerabilities. In addition, an overview is created for the company management and the results are presented in a fellow meeting.

6. Retesting (if required)
If necessary, retesting is carried out to ensure that the vulnerability remediation measures were successful.

Security analysis of a web application

A web application security analysis is a systematic attack on a web application that aims to identify and exploit vulnerabilities in order to assess and improve the security of the application. The test is carried out in accordance with the OWASP Web Security Testing Guide
Price:
Daily rate: 1040€
The minimum duration for a security analysis of a web application is 2 days and depends heavily on the application to be tested. You will receive an exact estimate during a non-binding consultation.
Request

Methodology:

1. Preperation and planning
It is determined which application and domains/subdomains are included in the test scope, as well as the test period.

2. Information gathering (reconnaissance)
Information about the application(s) is collected using methods such as DNS research, OSINT, port and website scanning. Local proxies are used to map the structure of the application and HTTP methods are recorded.

3. Vulnerability analysis
Using automated and manual methods, the application is examined for vulnerabilities based on the previously collected information, in accordance with the OWASP Testing Guide.

4. Exploitation (exploitation of vulnerabilities)

Simulation of real attacks to check the vulnerabilities found.

Typical web vulnerabilities:

SQL injection: attempt to extract database information.
XSS: Execution of script injections to steal user information or perform actions on their behalf.
CSRF (Cross-Site Request Forgery): Attempting to perform unauthorized actions on behalf of an authenticated user.
Local File Inclusion: Attempts to gain unauthorized access to data.

5. Reporting and presentation
Documentation of the tests performed, the vulnerabilities found, the exploits and the effects, as well as recommendations for remediation. In addition, an overview is created for the company management and the results are presented in a joint meeting.

6. Retesting (if required)
If necessary, retesting is carried out to ensure that the vulnerability remediation measures were successful.