WHAT I DO…
As a consultant focused on IT security, I offer you a wide range of services, especially Penetrations Tests for web and mobile applications as well as web services and clients, SOC Consulting to enhance you’re SOC capabilities, Security Code Reviews, IT Forensics, Malware Analysis and Incident Response
Penetration testing is one of the main pillar in information security. As a certified penetrations tester the penetration tests that I perform focuses on providing deep technical insight about the security and maturity of a given test target, therefore not only I document vulnerabilities but also results for each given test case. With a comprehensive report like this, which contains not only vulnerabilities but also details on detected and working security aspects including management relevant aspects, you can further improve your overall information security.
IT Forensics is the key to get the answers for the important W-Questions within a security incident. Who did What, When and Why? Every attacker leaves traces. As a certified forensic analyst (GCFA) I will try to find these traces and to answer you these questions through a qualified forensic investigation, always making sure that the evidences collected are usable in court if needed.
In case of an emergency I support you immediately in eliminating the threat as soon as possible, investigate the cause of the incident, identify thread actors if possible and provide technical guideline to prevent further incidents. This service is most of the time combined with IT-Forensics, malware analysis and also focused penetrations tests to proof results from other analysis tasks (like entry vector for example). However, immediate support can not be guaranteed for new customers.
Building and running a security operations center is a very complex task for organizations and prone to fail if handled without experience. However, it is essential for a strong cyber defense. With my experience in building security operations centers from the ground in major international companies i help your company in choosing the right strategy, tools, people and implement the essential processes to make your SOC a success story.
Malware analysis is a extremely challenging task as it requires very deep knowledge of a variety of topics. As a certified malware analyst I offer you examination of IT systems to detect the presence of malware and analyzing the malicious code once it is identified. My services includes static and dynamic analysis of all kind of malware for x86/x64 malware and as a client you will get a comprehensive report about the detected threat.
The threat detect service includes hunting for critical vulnerabilities and thread actors inside the corporate infrastructure. Within the classic vulnerability hunting i use various techniques to detect the vulnerabilities that matters most to the business. When hunting for threat actors i use a whole set of self developed honey traps which, carefully placed, provides the required intelligence to detect and act on threat actors, inside and outside the company.
Security awareness is all about helping your staff to better protect them self against attacks that do not only rely on technical attack vectors, usually called social engineering attacks. Usually the entry vector is the human. The security awareness training’s i provide help your’e company to better protect against these threats. Regularly checking the effectiveness of the training (for example with social engineering attacks, moonlight audits and phishing campaigns) allows you to understand the companies attack resilience against these threats.
Introducing security source code reviews into your (S)SDLC process allows you to faster detect vulnerabilities therefore reducing the costs in mitigating them. Within security source code reviews the reviewer gets also a lot more details then he would get within a penetrations test. Best phase to do this is when there is a first stable version to run allowing the tester to also verify complex findings.
Security code reviews are currently limited to the languages PHP, .NET (Web/Client) and JAVA (JSP, JSF, Servlet, GWT and other)
If you need consulting in other languages i am happy to get you in contact with individuals that can support you best.
You can always contact me for security consulting activities not specifically listed here.
I am against the “learning by doing” approach within consulting projects. If its out of scope for my services or out of my abilities i am happy to recommend you other companies or individuals that can better conduct the tasks.
NEWS FROM THE BLOG…
The latest from my blog
GET IN TOUCH…
To arrange a consultation or workshop, send me a message.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.