BackServices/ Red Teaming

Red Teaming

With red teaming we put all your security measures and your security team to the test. The aim is to simulate real-life scenarios in order to activate the efficiency and effectiveness of your security measures and monitoring, but also the reaction of your employees and your security team, in order to learn and improve.

You and our team define the concrete goals, scope and conditions for the test and design a form of red teaming that suits your needs, with a strong focus on specifically identifying the points most important to you in testing and/or training.

Red Teaming with Simulation of a Threat Actor
With traditional red teaming we define the predominantly relevant threat actors from your risk and threat intelligence analysis and simulate those in one or more red team scenarios. Our basis for a standardised documentation and description of the planned activities is the MITRE ATT&CK framework. 

Specialised Red Teaming Engagements

If you have experienced specific security incidents already or you are well prepared for advanced standard scenarios, we will work on new and unknown scenarios in our most specialized red team engagements to push your security team to its limits. Because there is always something new to learn. 
Because of their duration and complexity, these specialised assessments are carried out according to the EU TIBER framework, which has been especially developed for complex red team assessments within the banking environment.

365 Red Teaming

If you want to stay up to date throughout the year, we suggest our 365 red teaming service. We monitor your systems 24/7 and either get active when new vulnerabilities become known or train your security measures regularly every year for newly discovered threat actors and scenarios.

Full-Scope Red Teaming
Red team engagements are not limited to IT systems. In full-scope red team engagements we will simulate full industrial espionage attacks involving IT security, physical security and social engineering. This is an ultimate endurance test for all your company's security measures in view of detection possibilities and the applying of fitting counter-reactions in attack situations.

We visit DefCon 31

We were very happy to visit DEFCON in Las Vegas, NV, USA in August 2023 for the first time! DEFCON is an annual event which attracts up 30,000 attendees interested in the fields of Physical Secur...

Read more

Welcome to our new team members

Our team has grown and we are happy to welcome three new employees to our pentesting team. With their help, it is easier for us to respond to the many project requests we’ve had and we hope to be able...

Read more

Thomas at Treasury on Tour in Cologne

Treasury on Tour is an event by Schwabe, Ley & Greiner to bring together the leading heads of treasury with high-grade lectures, discussions and the possibility to network. HACKNER Security Intell...

Read more

See all news

References & Case Studies


This Application Test had us at the Edge of our Seats!


For a global corporation, we tested a web application and a rich client used for software development. Additionally, an agent application played an important role, which could be connected from the web and the rich client. A complex system with many components - and possibilities for security holes!

Sometimes it pays off to test an application over a longer time frame to comb through every small corner. Because during the last days of the project, we identified a vulnerability that could be exploited to run arbitrary commands on the agent software. Furthermore, it was possible to spawn and stop customer server instances in the customer's environment.


Custom-Made EDR Detections Through Purple Teaming


A large energy company ordered a purple team assessment. Objectives were initial access, detection tests on known attack strategies, execution of an implant during active EDR,  testing the detection possibilities through EDR or monitoring solutions, as well as, execution of TTPs for lateral movement or persistence.

During the assessment, the blue team was able to develop custom-made detections in the EDR console to detect attack behaviour the EDR would not expose on its own.   


Phishing and Incorrect Certificate Service Configurations


For a phishing assessment, we used a MS Teams message to request login credentials. With the data obtained, a VPN connection was possible, which also enabled internal network access. Due to incorrect configurations in the certificate services, our testers were able to perform privilege escalation to domain admin permissions.