Controlled attack

Identify your vulnerabilities before attackers do.

We simulate real-world attacks on your IT systems, applications, and physical security. The result is not a generic scan, but a prioritized action plan.

Schedule an initial consultation

Penetration Test Report

In progress

CRITICAL

SQL Injection: /api/users/search

Remote Code Execution · Unauthenticated

CRITICAL

Kerberoasting: Active Directory

Domain User → Domain Admin Escalation

HIGH

TLS 1.0 enabled: mail.domain.at

POODLE attack possible · Outdated protocol

MEDIUM

Server room: Tailgating possible

Physical Access · No Access Control

FIXED

Stored XSS: Comment field

Verified after patch · Closed

Penetration Testing Red Teaming Physical Security FAQ

The problem

You don't know what an attacker might find in your IT system. We do.

Most companies don't discover security vulnerabilities until they are exploited. By that point, attackers have often had unhindered access to systems, data, and accounts for weeks.

Regular testing under controlled conditions shows you exactly where your vulnerabilities lie before a real attacker finds and exploits them.

78%

of the systems tested have critical or high-severity vulnerabilities

60%

Many small and medium-sized businesses become insolvent following a cyberattack

Vulnerabilities remain undetected

Automated scanners detect known vulnerabilities. Manual testers think like attackers and find what scanners miss.

Reports with no effect

Generic penetration test reports list CVEs without specifying their priority. A good report shows what needs to be done first and why.

Forgot about physical security

Firewalls don't stop someone from walking into the office. Physical security is often the blind spot.

01 Penetration Tests

Systematic vulnerability assessment. Prioritized action plan.

We test your systems using the same methods that real attackers use. No automated scanners—just experienced testers who think critically, make connections, and escalate issues manually.

Network & Infrastructure

External & Internal · Firewall · VPN · Services

Web Apps & APIs

OWASP Top 10 · REST · GraphQL · Logic errors

Cloud & Microsoft 365

Azure · AWS · GCP · Microsoft 365

Active Directory

Kerberoasting · Pass-the-Hash · Escalation

What's included in every penetration test

Preparation

Scoping & Goal Setting with Your Team

Written Authorization & Approval

Emergency contact for urgent reports

Implementation

Manual testing based on OWASP, PTES, and MITRE

Critical findings are reported immediately

Complete documentation of all steps

Result

Prioritized report with proof of concept

Action Plan Based on Risk and Effort

Follow-up test for verification included

Our testing process: what to expect and when

Scoping & Contracting

Together, we define the scope, methodology, and timeline. Written approval is required before testing begins.

1–2 days

Reconnaissance & Analysis

Information gathering, attack surface analysis, and initial vulnerability identification.

1–3 days

Exploitation & Escalation

Manual exploitation of the vulnerabilities found. Critical findings will be reported to you immediately.

2–5 days

Report & Presentation

Prioritized report including a proof of concept, action plan, and a personalized presentation of the results.

2–3 days

Follow-up test included

Once the issue has been resolved, we will verify that the measures are effective. There is no extra effort required on your part.

including

Automated Scan vs. Manual Penetration Test

Scan in progress

Automatic Scanner0%

Web App

Waiting

Active Directory

Waiting

Network

Waiting

Cloud / M365

Waiting

HIGH CVE-2023-44487 (HTTP/2 Rapid Reset) Web App

MEDIUM SMBv1 enabled: known vulnerability Network

Found only manually

MANUAL Kerberoasting → Domain Admin in 4 Steps Active Directory

MANUAL Business Logic Error: Unlimited Data Access Web App

What an automated scanner finds. What only a human tester can find.

When was the last time you really tested your IT systems?

In 30 minutes, we'll discuss which test is best suited to your situation.

Schedule an initial consultation

02 Red Teaming

A real attack. A specific target. Several weeks.

Red Teaming goes beyond a penetration test. Our Red Team operates with a specific objective, without prior knowledge of the systems, and combines technical, social, and physical attack vectors over a period of weeks.

Phishing & Spear Phishing

CEO Fraud · Credential Harvesting · Payloads

Technical Exploitation

Vulnerabilities · Lateral Movement · Privilege Escalation

Physical access

Tailgating · Impersonation · Device Dropping

Blue Team Testing

Detection · Response Time · Escalation Processes

Difference from a penetration test

Penetration test

Known scope, defined systems, 1–2 weeks. Identifies technical vulnerabilities in specific areas.

1–2 weeks

Red Teaming

Open-ended scope, goal-oriented, several weeks. Tests the overall resilience, detection, and response capabilities of the entire team.

4–8 weeks

What a Red Team engagement entails

Attack vectors

Technical Exploits & Vulnerabilities

Phishing & Spear-Phishing Campaigns

Attempts to gain physical access

Objectives & Scope

Access to financial data or production systems

Compromise domain admin accounts or critical systems

Only Management & White Cell are informed

When is it appropriate?

After several penetration tests with no critical findings

Companies with existing monitoring and SOC capabilities

Critical Infrastructure & High-Value Targets

Interested in a red team engagement?

We'll discuss whether and how red teaming makes sense for your situation.

Schedule an initial consultation

03 Physical Security Tests

The blind spot in the security strategy.

Firewalls and EDR solutions don’t protect against someone walking into the office and plugging in a USB drive. Physical security is often underestimated and is therefore frequently the weakest link in the entire security chain.

New Office Locations & Relocations Following incidents involving physical access Before ISO 27001 & NIS2 Audits

Access controls

Tailgating · Badge Systems · Server Rooms

Social Engineering

Technician · Supplier · New Employee

USB & Device Disconnection

Prepared Sticks · Measurement & Evaluation

Surveillance systems

Blind Spot Camera · Alarm · Sensors

What is assessed in the Physical Security Test

Entrances & Perimeter

Entrance, Reception & Security Checkpoints

Server Rooms & Secure Areas

Underground parking garages & side entrances

Employee behavior

Response to unknown individuals

Clean Desk Policy & Screen Saver

USB Usage Patterns

How secure is your office, really?

Physical security tests almost always reveal something unexpected. Talk to us before someone else does.

Schedule an initial consultation

Why ITanic

Tested. Fixed. Retested.

A penetration test that only provides a report is incomplete. We support you every step of the way, from identifying the initial vulnerability to verifying that it has been resolved.

Follow-up test included. Always.

Once the issue has been resolved, we will verify whether the measures are effective. No extra budget, no additional scope.

No standard report. Every finding is prioritized.

Risk assessment, proof of concept, and specific recommendations for action based on risk and effort. Not just a list of CVEs.

NDA, encryption, EU infrastructure.

Medical records, login credentials, and system information are transmitted and stored exclusively in encrypted form via Austrian infrastructure.

Compliant with NIS2, ISO 27001, and more.

Our reports are recognized for NIS2, ISO 27001, BSI Basic Protection, and cyber insurance. They are fully structured and documented.

FAQ

Frequently asked questions.

Penetration tests

What is the difference between a penetration test and a vulnerability scan?

A vulnerability scan automatically identifies known vulnerabilities. A penetration test goes a step further: our testers actually attempt to exploit, combine, and escalate vulnerabilities. This uncovers attack vectors that no scanner can detect.

How long does a penetration test take?

That depends on the scope. A web application test typically takes 3–5 days, while an internal infrastructure test takes 5–10 days. Red Teaming engagements last 4–8 weeks. We’ll define this together during the scoping phase.

Is the follow-up test really included?

Yes. Once the vulnerabilities we identified have been addressed, we will test again to ensure the measures are effective. This is an integral part of our service, not an extra.

Will our systems be damaged by the test?

No. We agree in advance exactly which actions are permitted. Destructive tests, such as actually deleting data, are never part of the scope. If there is any uncertainty, we stop and ask for clarification.

Red Teaming & Physical

Does our IT team know about the Red Team engagement?

This is a strategic decision you are making. Typically, only senior management and a "White Cell" contact are aware of it. The IT team is intentionally not informed so that detection can be tested under realistic conditions.

Can physical security tests be ordered without a penetration test?

Yes. Physical security tests can be booked separately. Many customers start with this because it is the most neglected area, and the results are often surprising.

Procedure & Privacy Policy

How often should we conduct security tests?

At least once a year as a standard practice. Additionally, following major changes such as new systems, cloud migrations, or M&A, as well as in preparation for NIS2 and ISO 27001 audits.

Where are test data and reports stored?

Exclusively in Austria. ISO 27001-certified data center, AES-256 encryption, no U.S. providers. Reports are completely deleted upon request after project completion.

Next step

Vulnerabilities have been found. Now we need someone who can detect real attacks.

View Detection & Response

Ready for a controlled attack on your systems?

In 30 minutes, we'll discuss which test is right for your situation and how much it costs.

Schedule an initial consultation +43 664 252 0495

Free and with no obligation

30 minutes, focused

A specific offer based on that