Increase your Cyber Resilience with the right experts.
We help companies to establish and maintain their cyber resilience.
By combining research and analysis, our team helps protect companies against cyber security threats.
Penetration Testing
During a Penetration Test, the analysts from Red-CS take the perspective of an attacker. The goal is to identify and exploit vulnerabilities on the system being tested, or use them for further attacks.
Red-CS relies on a manual testing method and, if necessary, we exploit a combination of several vulnerabilities to infiltrate systems. Of course, we adhere to the customer specifications, to protect critical environments. Our longtime experience allows us to conduct a security analysis on critical systems or environments with appropriate caution, so that they do not have a negative impact.
Subsequently, we have compiled some examples of the most common penetration tests that we offer. Of course, we have outstanding knowledge in the investigation of critical and complicated environments in different industries.
Systems accessible from the Internet are, in general, subject to regular attacks. Attackers attempt to identify vulnerabilities, which allow them to gain unauthorized access to the internal network.
Among other things, Red-CS offers security analysis from the perspective of an external, as well as an internal attacker.
Web application/web services
Web applications/web services are often attacked to gain access to sensitive data. This can lead to data protection problems.
For this platform, Red-CS offers security analysis from the perspective of an unauthenticated, as well as an authenticated user, that is trying to identify vulnerabilities.
If the source code of the testing platform can be made available, Red-CS can use this to conduct the security analysis, based using the White Box approach. This allows us to identify complex vulnerabilities more efficiently. Additional information on this can be read under “Source Code Audit” below.
Cloud Security
During a Cloud Security Test, the settings of the environment at the cloud provider (AWS, GCP or Azure) are verified and tested for misconfiguration. Additionally, the test will attempt to identify vulnerabilities in the service's APIs, applications, and cloud-based systems.
The analysts of Red-CS search, among other things, for tokens that give access to the resources used within the cloud environment, or for exposed and unprotected APIs.
Mobile applications (iOS/Android)
Mobile applications, that are now indispensable in companies, can also be used as a gateway for attacks.
Red-CS offers security analysis of mobile applications (for iOS and Android devices), from the perspective of a lost device, authenticated/unauthenticated user, etc., to identify vulnerabilities.
RED TEAM Testing
Unrestricted security tests are performed to bypass security mechanisms deployed by the customer, to do lateral movement through their infrastructure.
By emulating a sophisticated attacker and using typical, as well as unconventional methods, the analysts of Red-CS try to infiltrate the customer’s infrastructure, as far as possible. Therefore, the focus is on bypassing the security protections deployed by the customer.
The goal of Red Teaming is to verify the security measures that are deployed by the customer, as well as the identification of missing protection methods. In addition, Blue Team reactions, to advanced and/or persistent threats, are also tested and trained.
Security analyses that are based on a scenario that is developed with the customer.
At the beginning of a “Scenario Based Audit”, a procedure for the attacks is specified, in cooperation with the customer. Afterwards, the analysts of Red-CS perform the planned attacks.
The analyses which are performed during the “Scenario Based Audit” are not limited to technical approaches, but contain, among others, tests of physical access control systems or social engineering campaigns. The goal depends on the specified scenario and can increase the security awareness of the employees or verify the implemented security mechanisms.
This service is often performed by our customers, as an alternative to Red Team Testing, as it is usually a more cost-effective option.
Analyses of source code for security vulnerabilities.
In a White Box approach, the analysts of Red-CS analyze source code. During the source code analysis, vulnerabilities in the source code, and logic bugs that result in unexpected behavior, are identified. In addition, a dynamic analysis of the compiled source code is performed. A static analysis only inspects the source code of a program, while a dynamic analysis inspects the application at runtime.
By performing a Source Code Audit, vulnerabilities and logic bugs are directly identified within the source code. Afterwards, they can be fixed or mitigated, which results in an overall increase in the application’s security.
Verification of the hardening measures deployed by the customer, including advice for additional adjustments.
During a Hardening Review, the analysts of Red-CS verify the hardening measures that are deployed by the customer at client and server systems (with a Windows or Linux operating system). Also, consultation is offered for additional hardening actions.
Hardening measures improve the security of systems by significantly increasing the complexity of attacks. These result in mitigation of several attack methods. As a result, attacks with ransomware and exploitation of common vulnerabilities become more difficult to execute.
Red-CS is a team of cyber security specialists with more than 15 years of experience. With our support, numerous companies have been able to successfully increase their cyber resilience.
We specialize in technical security checks and bring experience from different industries (finance, energy suppliers, manufacturing companies and much more). Our aim is to deliver to our customers the highest possible quality, and to guarantee a very high level of customer satisfaction. For us, it is natural to support our customers after the completion of a project.
Through many years of experience, in the areas of analysis and research in cyber security, Red-CS offers investigations that go beyond the standardized methods.
The constant transfer of knowledge and participation in training ensures that our analysts are always up to date on IT security.
