Audit of a Windows client from your IT landscape for common vulnerabilities and misconfigurations.

• Security settings in AV/EDR, firewall, proxy, system components, etc.
• Options for local privilege escalation
• Possibilities for code execution
• Password policy checks
• Hardening measures like disk encryption, Credential Guard, DMA Protection
• ...

How does it work? You send me the device along with a normal and admin account. Tests are performed and documented at my location. The device is returned with a report.

Example Report

Audit of your Active Directory for critical vulnerabilities and misconfigurations as well as low hanging fruits.

• Active Directory Certificate Services
• Group Policies
• Internal AD information
• MitM attacks
• GPPs and Logon Scripts
• Attackable services
• Lateral Movement and Privilege Escalation paths
• SQL Server configurations
• Password-related tests
• Kerberoasting and AS_REP Roasting
• SCCM
• ...

How does it work? I send you a fully weaponized drop box. It runs a tailscale VPN client and needs one network interface connected to an unrestricted internet access port (could even be a dedicated guest breakout) and two connections into your internal network (client network makes most sense). Tests are then performed from that box, everything is documented and after the assessment you get a report.

Example Report

Evaluating the quality of passwords used in your Active Directory.

Checks against your password policies, legacy issues, detection of potential blindspots.

How does it work? We exchange the ntds.dit file from your AD. Hashed passwords are analyzed with wordlist and brute-force attacks. Results include percentages, distributions, and plaintext passwords (if requested).

Example Report

Advice on IT security related topics, training in Offensive Tooling, Live Hacking sessions for awareness and guidance on countermeasures based on real attack experience.