Penetration testing
Realistic penetration tests for IT, OT and physical access - put together your desired package in the pentest configurator.
Expert knowledge:
IT & OT expertise incl.
KRITIS experience
Confidentiality:
Highest standards in handling
sensitive data
Sector experience:
Rail, industry, transportation, energy,
Healthcare
Customized solutions:
Individual configuration
according to BSI
Individual test procedures:
White-Box, Gray-Box &
Black-Box
Quality & traceability:
Fixedscope definition & audit-compliant documentation
Think like an attacker. Test before it gets serious.
Companies and public authorities are targeted by digital attacks every day - from targeted phishing campaigns to complex ransomware attacks. The economic damage is enormous: in Germany alone, it amounts to around 206 billion euros a year - and the trend is rising.
With penetration testing and offensive security, we specifically uncover vulnerabilities in IT, OT and the cloud - before anyone else does. Our certified experts simulate real attacks, check technical, organizational and human vulnerabilities and deliver auditable results. Instead of rigid standard packages, ICS provides you with individually tailored tests - standard-compliant, practical and without risk to ongoing operations. We offer in-depth expertise in legacy systems, physical security and social engineering, particularly in complex KRITIS environments.
All types of pentesting at a glance
Vulnerability Assessment
- Identification of vulnerabilities in the system
- Automated using tools such as NMAP, Nessus Pro or Nikto
- Manual testing of devices, servers and web applications
- No active attack
IT penetration test
- Identification of vulnerabilities in the IT system
- Verification of found vulnerabilities through active attacks
- Comprehensive investigation by considering various attack possibilities
OT penetration test
- Identification of vulnerabilities in the OT system
- OT expert team with knowledge of sensitive components and special protocols
- Comprehensive investigation by considering various attack possibilities
Physical penetration test
- Identification of physical security gaps (access and entry)
- Checking the security of buildings and systems
- Specialist attempts to gain unauthorized entry or access
- Application of social engineering
Red Team Assessment
- Application of tactics, techniques and procedures (TTPs) of a real attacker
- Blue Team review: Red Team has high priority to remain undetected
- Detailed debriefing
Phishing campaign
- Checking the security awareness of employees
- Various options, with and without recording access data
- Anonymized evaluation
Configure IT-Pentest now!
Select the scope, systems andadd-ons - you will immediately receive a transparent result. From 50 systems or special cases, we will prepare an individual offer.
Request a free vulnerability analysis now!
How secure are your systems really? Our free vulnerability analysis provides clarity. Cyber attacks are on the rise and regulatory requirements are increasing at the same time.
Configure IT-Pentest now!
Select the scope, systems andadd-ons - you will immediately receive a transparent result. From 50 systems or special cases, we will prepare an individual offer.
Customization of the configuration of your penetration test
We deliberately do not offer rigid pentest packages - and this is exactly what our customers like about us. Instead of predefined standards, ICS allows you to flexibly combine all modules yourself: Information basis, aggressiveness, scope, approach, technique(s) and starting point - everything is tailored to your requirements. Our modules are based on the BSI classification. The result: maximum informative value, efficiency and relevance - precisely for your system, your sector and your security objective.
-
Information basis
-
Aggressiveness
-
Scope
-
Procedure
-
Technique(s)
-
Starting point
How much prior knowledge does the test team receive? From complete transparency (white box) to partial insights (gray box) to zero information (black box), you determine how realistic the test should be from the perspective of an internal or external attacker.
You determine the intensity of the pentest: from passive analysis to aggressive attack simulation. Whether cautious, deliberate or uncompromising - we test as deeply as makes sense for your objectives.
You determine the scope - whether it's a targeted test of individual systems, a fully integrated infrastructure test or a deliberately limited scope.
Depending on the objective, we test covertly or overtly: Either without warning in order to simulate real attack scenarios - or deliberately visible in order to observe technical reactions and internal processes in a targeted manner.
In penetration testing according to the BSI, attacks are classified into four areas: Technical access to networks, physical access to buildings and devices, attacks on alternative communication channels such as remote maintenance or radio, and social engineering for the targeted manipulation of people.
We carry out penetration tests both from the outside and from the inside - depending on which scenario is more relevant for your organization. You decide whether we simulate the view of an external attacker or test what happens if someone is already in the system.
Our approach
Transparent, structured and comprehensible
Our penetration tests uncover vulnerabilities in your company before attackers can exploit them. Systematic, realistic and standard-compliant. Whether IEC 62443, ISO 27001, TISAX or the requirements of the BSI guidelines - our offensive security services meet the highest requirements and provide clarity about your actual security situation. You not only receive a technical test report, but also specific recommendations for action to strengthen your defenses in a targeted manner.
Do not rely on assumptions. Test your company under real conditions and protect your systems before things get serious.
RECONNAISSANCE & SCANNING
- Internet and server addresses and components
- Checking the IP address for activities
- Capture domains of the website
- Analyze operating systems, protocols and ports
- Identify vulnerabilities
PENETRATE & CLEAN UP
- Attack target system
- Gain access to the system
- Extend access rights in the system
After completion of the tests:
- Restore the original state
- Delete created accounts
- Reset configurations
- Acceptance report
- Penetration test report
REPORTING & CATALOG OF MEASURES
- Procedure and test cases
- Identified security vulnerabilities
- Risk assessment per vulnerability
- Assessment with CVSS
- System hardening measures
IMPLEMENTATION OF SYSTEM HARDENING
- Support in closing the security gaps
- If required: definition of alternative measures (e.g. for existing technology)
FAQ - Frequently asked questions
What does a pentest at ICS cost?
The costs of a penetration test vary depending on the scope, type of test and protection requirements. On request, we can provide you with a customized, transparent offer - compliant with standards and with a clear scope.
Will a pentest disrupt my ongoing operations?
No, our tests are planned in a coordinated manner, often using non-invasive methods or in test environments. In productive environments, we test in a low-risk and transparent manner.
How long does a penetration test take?
Depending on the complexity, a penetration test takes between 2 days and several weeks. The scope, test depth (e.g. red teaming, OT systems) and preliminary clarification have a significant influence on the duration.
How often should a pentest be carried out?
Regularly! At least once a year or in the event of system changes, migrations or new applications. Threats continue to evolve.
Is a pentest mandatory for KRITIS operators?
Yes, according to §8a of the BSI Act, regular security checks are mandatory. Our pentests are BSI-compliant and auditable.
How often does a KRITIS company have to carry out a penetration test?
According to §8a BSIG, at least every two years - even more frequently in the event of significant changes. Our reports are fully BSI-compliant and suitable for the obligation to provide evidence.
What is the difference between vulnerability assessment and penetration test?
Vulnerabilities are listed automatically during the vulnerability assessment. The penetration test continues - with manual attacks, risk assessment and an action plan. The vulnerabilities can be verified or refuted in the pentest.
Is there a difference between penetration testing and Red Team?
Yes, penetration testing is about identifying as many vulnerabilities as efficiently as possible within a defined time frame - with the aim of uncovering and evaluating technical gaps.
In contrast, red teaming takes a different approach: the focus here is on the realistic simulation of a targeted, long-term attack - including social engineering, physical access and lateral movement. The aim is to penetrate deep into systems as undetected as possible in order to put security mechanisms and response capabilities (Blue Team) to the test.
Which tools are used in the pentest?
Our ethical hackers use tools such as Nmap, Nessus, Burp Suite, ZAP and our own scripting and automation solutions. OT tests are carried out in the test environment or on the customer's production system.
Are penetration tests mandatory for ISO 27001 / TISAX?
Yes, technical security checks such as pentests are an integral part of risk management in accordance with ISO 27001 / TISAX. We deliver audit-compliant reports including CVSS assessment.
What is an internal penetration test?
In the internal pentest, we simulate an attacker with physical or VPN access (e.g. compromised employee). Objective: to uncover weaknesses in segmentation, access control and the configuration of internal services.
Can cloud environments also be tested?
Yes, we offer cloud penetration testing for AWS, Azure, Microsoft 365 & Co. - including identity & access management checks, API security and config review.
Is a phishing simulation GDPR-compliant?
Yes, we carry out all tests in compliance with the GDPR. The evaluation is carried out anonymously, without drawing conclusions about individual employees, and in close consultation with the data protection officer.