Penetration Test
Discover the optimal solution for the security of your IT systems with RedTeam Pentesting! Our teams of specialists provide customised penetration tests to uncover security vulnerabilities in networks, applications, and devices. Invest in the future of your data - trust RedTeam Pentesting!
News
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions.
Customer Opinions of RedTeam Pentesting
Reputable, German company with high competence, especially in detecting vulnerabilities in web applications.
Even when you already suspect that a penetration test will uncover a few weaknesses, it is always fascinating to see what vulnerabilities are exposed that you would never have thought of. This creates awareness for IT security and provides insight into the world of the 'bad actors'.
As a provider of cloud applications, security is an important topic for us. With their expertise, RedTeam Pentesting actively supported us in implementing high security standards.
Sobering illustration of one's own capabilities of developing a secure web application.
RedTeam Pentesting demonstrated professionalism and contributed to making our systems more secure. The way in which vulnerablities were identified, exploited and counter-measures were presented was impressive.
We invited RedTeam Pentesting to test our website and associated infrastructure, to emulate possible real-world threats. An approach that pays off and is part of our security standard: perform a penetration test once a year.
FAQ
Why should we conduct a penetration test?
Computers and the associated IT infrastructure have become an indispensable part of every business today. However, this leads to a growing amount of critical data being stored in IT systems, as well as a dependence on these systems to function reliably. Consequently, attacks on corporate IT systems in the form of industrial espionage, disruption of system availability, ransomware attacks, and other methods to significantly harm a company are on the rise. A penetration test provides insights into the security status of your systems and the likelihood of a successful attack on your structures. It also offers recommendations on how to better protect yourself from potential compromises in the future. For a detailed explanation of why penetration testing is beneficial, refer to the Definition section.
What is the workflow of a penetration test?
Before every penetration test, a personal preliminary meeting takes place as a fundamental step. During this preliminary meeting, the possibilities of a penetration test concerning the customer’s systems are presented. A penetration test only makes sense if it is conducted in a customised and customer-oriented manner. Once the details are clarified, the penetration test is carried out within an agreed-upon period. Immediately following the test, a final presentation takes place, providing insight into the discovered vulnerabilities along with corresponding solution proposals. Additionally, a detailed report is handed over. More detailed information about the process of a penetration test can be found under workflow.
How is RedTeam Pentesting different from other companies that offer penetration tests?
RedTeam Pentesting specialises exclusively in penetration testing, unlike many other companies in the IT security industry that offer penetration testing as one of many services in their portfolio. At RedTeam Pentesting, the purpose of the penetration test is not to sell additional services but to provide an independent security assessment.
Security specialists at RedTeam Pentesting work closely in teams to achieve practical results. The results are thoroughly documented with the aim of conveying the necessary knowledge about vulnerabilities in an understandable way. This allows our customers to fully understand and efficiently address any vulnerabilities found. Furthermore, all employees of RedTeam Pentesting are permanent staff. Even during peak periods, no subcontractors or freelancers are used to ensure both the consistently high quality of the tests and confidentiality.
At the end of the penetration test, we provide the customer not only with a detailed report describing the vulnerabilities, risks, and proposed solutions but also present the results in a personal meeting. This allows the customer not only to view the systems from an attacker’s perspective during live demonstrations of the vulnerabilities but also to discuss the vulnerabilities with the security specialists.
Advisories
Additionally to penetration tests, RedTeam Pentesting conducts research in the area of IT security. Penetration tests may also yield interesting security flaws for the public. After consulting with the customer, those will be published, too, as long as the security of the customer is not compromised. A list of all published security advisories can be found here.
Read more