Skip to content

Our Services

Experienced Specialists, Tailored Reports, Concrete Actions

Fixed pricing, clear scope? → View SME packages

External Penetration Test

Can attackers break into your network from outside? We simulate real attacks on your publicly accessible systems and show you exactly where the gaps are.

from CHF 4,500

Learn more →

Internal Penetration Test

What happens when an attacker is already inside your network? We test whether they can spread and access sensitive data — before a real attacker does.

from CHF 7,500

Learn more →

Web & API Pentest

Are your web applications and APIs secure? We test for vulnerabilities like SQL injection, XSS, and broken access controls — manually, not just automated.

from CHF 4,500

Learn more →

OSINT & Phishing

What information about your company is freely available online? And can your employees spot a phishing email? We test both.

from CHF 4,500

Learn more →

Cloud Security

Is your cloud environment properly configured? We check AWS, Azure, or GCP for misconfigurations, excessive permissions, and security gaps.

from CHF 4,500

Learn more →

Red Teaming & Simulation

Can your defenses withstand a realistic attack? We simulate targeted scenarios — from threat intelligence to crisis exercises to full-scale incidents.

from CHF 15,000

Learn more →

How a Pentest Works

Typical duration: 2–4 weeks from kick-off to debrief

01
Scoping & Kick-off

We define goals, scope, and timeframe together.

02
Testing & Exploitation

Our specialists attack – manually and tool-assisted.

03
Reporting

You receive a detailed report with management summary and technical details.

04
Debrief

We discuss the results and measures together.

Inquire Now

Our Methodology

1
2
3
4
5
6
7
8
01 Research Under the Microscope 02 Break-In First Access 03 Weak Points Exploitation 04 Spread Through Network 05 Cloud Cloud Attack 06 Threats Simulation 07 Full Test Real Thing 08 Readiness Preparedness
01

Your Company Under the Microscope

What an Attacker Does

We gather publicly available information about your company — exactly as an attacker would. This includes employee data, email addresses, technical details, and targeted phishing attempts.

What We Check & Deliver

We check whether your systems detect leaked data and report phishing attempts — and deliver awareness recommendations with measurable results.

More on Phishing Tests & Research
02

The First Break-In

What an Attacker Does

We try to break into your systems from the outside — through your website, email server, VPN, or other services accessible from the internet.

What We Check & Deliver

We test whether your monitoring detects the intrusion attempt — and deliver the detection rules if it doesn't.

More on External Security Tests
03

Exploiting Weak Points

What an Attacker Does

We test your web applications and interfaces for weaknesses — can we access data we shouldn't see? Can we manipulate functionality?

What We Check & Deliver

We check whether your WAF and logging systems detect the attacks — and deliver specific rules for your SIEM environment.

More on Web & App Security
04

Spreading Through Your Network

What an Attacker Does

From an initial foothold, we try to move through your internal network — just like a real attacker searching for your most important data.

What We Check & Deliver

We test whether lateral movement is detected — and deliver Sigma rules and network segmentation recommendations.

More on Internal Security Tests
05

Attacking Your Cloud

What an Attacker Does

We examine your cloud environment for misconfigurations and try to access data or services that aren't sufficiently protected.

What We Check & Deliver

We check your cloud logging and alerting for gaps — and deliver cloud-specific detection rules and hardening recommendations.

More on Cloud Security
06

Simulating Targeted Threats

What an Attacker Does

We simulate real attack scenarios from known hacker groups — tailored to your industry. We specifically test whether your systems detect these threats.

What We Check & Deliver

We measure your SOC's detection rate against real TTPs — and deliver missing detection rules for every gap.

More on Threat Simulations
07

The Real Thing — Simulated

What an Attacker Does

We simulate a complete attack on your organization — from initial research to accessing critical systems, without prior knowledge of your infrastructure.

What We Check & Deliver

We assess your team's detection, response, and containment — and deliver a complete detection improvement plan.

More on Attack Simulations
08

Prepared When It Counts

What an Attacker Does

We walk through realistic attack scenarios with your team — ransomware, data breaches, system outages — and test your ability to respond.

What We Check & Deliver

We evaluate your emergency plans and escalation paths — and deliver a tested playbook with clear responsibilities.

More on Crisis Exercises

Frequently Asked Questions

The duration depends on the scope. A focused external pentest typically takes 3-5 business days. More comprehensive assessments (internal + external + web) can take 2-3 weeks. In the scoping meeting, we define the optimal timeframe together.

For an external pentest, we don't need access – we test from an external attacker's perspective. For internal tests, you provide us with network access (VPN or on-site). All details are discussed in the kick-off meeting.

A vulnerability scan is an automated process that identifies known vulnerabilities. A penetration test goes beyond that: our specialists actively try to exploit vulnerabilities and build attack chains – just like a real attacker. The pentest therefore delivers significantly deeper and more practical insights.

Yes, we typically conduct pentests during normal business hours. Our methods are designed not to disrupt business operations. For critical systems, we coordinate the schedule precisely in advance.

You receive a hand-written, detailed report including: a management summary for executives, technical details of each vulnerability including risk assessment, concrete action recommendations (prioritized), and a personal debrief meeting to discuss the results.

We recommend at least one penetration test per year. For major infrastructure changes, after migrations, or for regulatory requirements, a more frequent schedule may be advisable.
Request a Quote