We carry out penetration tests for companies of different sizes
From small and medium-sized companies to corporations, public administration and critical infrastructure organizations – we carry out tests of all sizes. Up to date, in accordance with standards such as the OWASP Top 10 and based on ISO 27001.
Rely on the expertise of our pentesters, it’s that simple
1. establishing contact & exchanging initial details
Once you have contacted us, we will schedule an initial meeting to discuss your request in more detail. We reserve the desired implementation period subject to reservation and determine the work packages and scope. You will then receive a quote.
2. offer acceptance and kick-off date
Your appointment is reserved as soon as you have accepted the offer. You will receive an order confirmation and all necessary contracts. All necessary information should be available for the kick-off meeting.
3. carrying out the test
We start carrying out the test on the agreed date, which is accompanied by an intensive exchange.
4. dispatch of the report and presentation of the results
We provide you with the report and, if required, we then hold a meeting to present the test results and recommended measures to your technicians and management.
Silas Borgmeier
Information Security Officer
Would you like a personal consultation?
I will be happy to assist you with our expertise and send you an individual offer within 24 hours.
Our 360° analysis at a glance
Analysis of the external & internal attack surface
External pentest
From the outside, we analyze your attack surface and examine the IP addresses provided or obtained
Internal pentest
We analyze your attack surface from the inside. Experience the potential damage if an attacker has managed to penetrate your infrastructure
Evil Employee
A targeted investigation is carried out to determine what options are available to an employee who could cause an incident through gross negligence.
WLAN audit
Do you provide wireless connection options? We investigate how securely these are designed.
Your contact person
Vincent Heinen, MSc
Head of Offensive Services
Vincent Reckendrees is a penetration tester, software developer, and cybersecurity consultant at AWARE7 GmbH. During his computer science studies, he gained theoretical and practical knowledge about how networks, software, and hardware work. He specialized in IT security during his master’s degree. His certifications (OSCP+, OSWP, OSWA, and many more) attest to his strengths in web service and network security. In his role as Head of Offensive Services, he coordinates the team’s penetration testing activities.
Callback service
Write to us with your request. We will be happy to call you back at a specific time.
Appointment service
Arrange a digital appointment with us so that we can discuss your requirements.
Contact form
Leave a message via our contact form. We will get back to you.
Find out more about our completed projects
Success stories
IT security made in Germany
Attacking and testing applications is the means to an end. The medium-term goal is always to increase the level of IT security and thus enable the long-term protection of customer and company data. We have been awarded the “IT Security made in Germany” seal by the TeleTrust Bundesverband IT-Sicherheit e.V. (German IT Security Association). The document declaring and authorizing the use of the seal is available for inspection.
Even though we operate worldwide, our headquarters will remain in Germany
AWARE7 GmbH has been based in Germany since its foundation. The location in Germany is valued by our international customers due to the high quality standards.
Products and services are free of hidden accesses
All of the services we provide are carried out in accordance with ethical principles. The removal of all access points after a test is mandatory and firmly integrated into the process.
Research & development takes place exclusively in Germany
New products and collaboration with students and scientific institutes are part of our corporate DNA. We are always at the cutting edge of research and development and are based exclusively in Germany.
Plan your next penetration test now
Our methodology for conducting penetration tests
Even though each penetration test is a unique service, every test is characterized by its systematic approach and methodology. The methodology we use consists of the following components.
- Kick-off
Depending on the complexity of the penetration test, the kick-off takes place between one month and one week before the agreed implementation period. During this meeting, roadblocks and agreements for successful implementation are evaluated. AWARE7 GmbH’s penetration testers and project management team participate in this meeting. The following stakeholders should participate in the kick-off meeting:
– All relevant risk or project owners
– Information security officers
– Technical personnel with knowledge of the target system - Recon
Reconnaissance, recon, or reconnaissance refers to the work of gathering information before a real attack is carried out. The idea is to collect as much information as possible about the target. To achieve this, many different publicly available sources of information are used. The extracted information often already provides detailed insight into the affected systems.
In a penetration test of Active Directory, for example, this means that the first step is to enumerate all systems that are part of Active Directory. The identification of the systems is carried out in parallel with the identification of the network services using common network scanners such as nmap or massscan. - Enumeration und Vulnerability Identification
In the enumeration phase, passive information gathering, as in the reconnaissance phase, is replaced by active information gathering, thereby further enriching the information collected. In addition, the information from the reconnaissance phase is used to identify potential attack vectors. In the enumeration phase, automated scans are started and a vulnerability assessment is performed on the relevant systems. During the enumeration phase, in the context of an Active Directory penetration test, for example, an investigation of the Active Directory configuration would take place. The pentesters would collect information about groups, users, GPOs (Group Policy Objects), policies, and shares.
- Exploitation
In the exploitation phase, penetration testers actively attempt to exploit security vulnerabilities. Exploits are developed, for example, to collect sensitive information or to enable pentesters to compromise a system and manifest themselves on it. For new targets, the reconnaissance and enumeration phases are repeated in order to gather information about these new systems and exploit them. For example, in an Active Directory penetration test, password attacks are carried out on previously collected user accounts in order to take over these accounts. In addition, many other different attacks, such as relay attacks, are also carried out.
- Post Exploitation
In the post-exploitation phase, changes to systems, processes, and users are reversed in collaboration with the respective technical contacts and administrators. Since it cannot be ruled out that system configurations may be manipulated or exploit scripts placed during a penetration test, it is important to ensure that these are deleted and reset after the test.
- Report
Documentation is an essential part of every penetration test. During the penetration test, all steps leading to a successful attack are documented in detail. This ensures that everything can be traced in detail after the test. At the end of the penetration test, this documentation serves as the basis for an individual report that makes the test results comprehensible for both technical administration and management. Recommendations for action are an important part of the documentation.
