What we offer
Clear focus, deep expertise, and a partnership built on handshake quality.
Pentests of Active Directory & internal infrastructure
Active Directory is the backbone of most companies. We show which misconfigurations and attack paths an attacker can exploit to get from a single workstation to your most critical systems.
Sample Report Active DirectoryScenario
We start where a real attacker stands after the first breach: a compromised workstation or a standard domain user. We use real attack techniques, the same ones current ransomware attackers rely on. Our aim is to find as many vulnerabilities such as misconfigurations as possible and to show how far an attack would get, for example gaining domain admin privileges or taking over your most critical systems.
Preparation
Together we agree on an assumed-breach starting point. For that you prepare a domain user without special privileges, a workstation in your domain with local administrator rights, and an overview of the networks in scope.
Checklist
First we map hosts, domain structure, and network shares. Then we test settings and configurations such as permissions and group policies, search shares for insecurely stored credentials and sensitive files such as backups, and check client and server networks for known vulnerabilities. Along the way we trace the paths attackers use to gain higher privileges and spread through the network.
Scope
Depending on environment size, plan for roughly 8-12 person-days at €1,600 each. We prefer on-site pentests; remote testing is available on request.
How we work
We gather your requirements
In a scoping call we define the scope and framework of the pentest together. We agree on what is in scope and what is explicitly excluded.
We prepare your offer
Based on your requirements we prepare a tailored offer. You receive it promptly, with a clear breakdown.
We clarify all prerequisites
After you engage us, we prepare the pentest in a kickoff. We align on access, test accounts, time windows, and communication channels.
We deliver the best pentest for you
We test within the agreed scope and timeframe. During the engagement we stay in contact and report critical findings through the agreed channels. When testing is complete, you receive the report as a secured PDF.
We discuss the results
Pentest reports are often extensive. After delivery we remain your point of contact and are happy to walk through the results and priorities with you.
We retest for free
So you can act on the report, we retest remediated vulnerabilities once at no charge if fixes are completed within eight weeks of report delivery.
Ready to work with us ?
We go on the offensive for you and uncover vulnerabilities in your applications and infrastructure so attacks never get a chance.