top of page


Abstract Lines


  • Verification of correct configuration of devices constituting the implemented system (both for LAN and ELAN access).

  • Configuration of core devices responsible for the operation of the system.

  • Configuration of sample LAN and WLAN network switches.

  • Configuration of 802.1x supplicant on stations running Windows, Linux, and macOS, which use authentication based on X.509 certificates.

  • Configuration of other devices, such as printers, IP phones, and video terminals, using other authentication methods.

  • Verification of whether the complete scope of events related to network access and the ability to detect abuse is logged.

  • The core part of testing consists of actively verifying the possibility of breaching security and gaining unauthorized access to the network. The method used in testing includes verifying threats presented in the OWASP Top 10 Mobile Risks Test findings are used to create a report, delivered in an electronic form, including the description and proof of identified vulnerabilities and guidelines aimed at their elimination.


A zero-day vulnerability remains unknown even to the party or parties responsible for their patching. Once a zero-day vulnerability is made public it is referred to as an n-day or one-day vulnerability.

Zero-day vulnerabilities pose a particular threat as there are virtually no means of defending against them - the updates that would fix them are yet to be developed. One-day vulnerabilities are especially dangerous at the beginning of their life cycle as many users of the compromised product will not have updated to a patched version yet.

Cyber-security R&D plays a central role in being able to conduct quality penetration tests and lies at the core of our identity as a company. The tools developed based on in-house research enable us to run penetration tests, including

APT Red Team tests, more efficiently. True to the slogan "hack the unhackable", our extensive R&D efforts enable us to succeed where others fail.

Key areas of interest:

  • creating RAT-type software for MS Windows/Android systems

  • design and implementation of secure and hidden communication channels between malware and the management center

  • creating droppers for Windows systems, including bypassing indicated EDR/AV mechanisms

  • creating fuzzers that enable, among others, detecting zero-day vulnerabilities

  • creating PoC for one-day class vulnerabilities for specified CVE

  • comparing updates to filter out one-day vulnerabilities

  • reverse engineering in Linux and Windows systems

  • searching for vulnerabilities in selected frameworks, web applications, thick client applications, servers

  • attacks on mechanisms that enable remoting methods such as Java RMI, Java JMX, .NET Remoting

  • Gain access to unknown vulnerabilities discovered by our Engineers



Under this service, we perform a simulation of a multi-level targeted attack on an organization based on the earlier agreed attack vectors.

The operation may include such elements as:

  • creation of dedicated exploits/tools/malware attempts at a controlled infection

  • running a dedicated phishing campaign

  • simulated exfiltration of the client's key data

  • controlled infection of selected machines and verification of whether we can infect client's machines with the existing protections in place

  • simulated communication between malware and the management center inside the client's network using HTTP protocols and DNS-checking network security to identify malware traffic.

  • attacks on the client's infrastructure, including its components connected to the Internet, IT systems, wireless networks, internal networks, security systems, etc.

  • social-engineering attacks

  • attempts to breach physical protections, including trying to enter the facilities or protected areas.


Post-incident analysis recreates the actions taken by the attacker, including manual and automatic analysis of malicious software, identification of tools and methods, detecting rootkits, backdoors, keyloggers, and Trojan horses used to perform the attack, as well as securing the evidence so that it is undisputed in possible future proceedings.

The following activities are performed within the scope of the analysis:

  • securing copies of virtual machines

  • analysis of changes to configuration files and logs

  • analysis of changes to permissions

  • analysis of other data aimed to find out who, when, and how broke into the system

  • analysis of the scope of a potential data leak

  • preparing a report with recommendations.

Below you may find brief Wikipedia definitions of types of malware. If you would like to learn more on the topic to raise your awareness of the threat and be better prepared to defend, our engineers may introduce you to the secrets of creating malware and exploits during one of our training.


a tool that enables breaching the security of IT systems. It masks dangerous files and processes, which allow for maintaining control over the system.


A type of software or device that registers the keys pressed by the user.


A loophole in system protections was placed to exploit it in the future. A backdoor may be left in the system by, for instance, a hacker who broke in exploiting another software loophole.

Trojan horse

Malicious software is disguised as an application that seems functional or attractive to the user; additionally, it implements various unwanted functions that are hidden from the user (spying software, logic bombs, loopholes that enable taking control of the system by unauthorized persons).


Frequently clients scan their infrastructure for vulnerabilities whose results show no critical threats. They are, therefore, convinced that the infrastructure is secure. Specialist-targeted Active Directory tests show that a skilled attacker can obtain domain administrator permissions simply by using domain configuration flaws that remain unnoticeable to traditional vulnerability scanners.

  • Active and passive analysis

  • attempting to obtain authorizing data within the network

  • attempts to escalate authorizations within the Windows domain

  • attacks on SMB, as well as NTLMv1 and NTLMv2 authorization

  • searching for users with high broad authorizations and undertaking attacks on their workstations

  • attempts to gain password abbreviations from the LDAP.

bottom of page