What we offer

Clear focus, greatest know-how and a cooperative partnership on a trustful foundation.

Web Applications
External Infrastructures
Phishing Simulations

Pentest of Microsoft Active Directory

The Active Directory is the backbone of every company. Our goal with a pentest? To become a domain administrator and gain the highest possible permissions in your environment.

Sample Report Active Directory
Icon

Scenario

One phishing email and a moment of carelessness, and an attacker gets into your internal environment and causes a lot of damage! Our Active Directory pentests reflect the scenario of an attacker who has taken over a computer in the domain.
Icon

Preparation

We need a domain user with no special permissions, a computer in your domain on which we are the local administrator and a list of networks we are allowed to check.
Icon

Checklist

We check the permissions and configurations of your Active Directory with regard to users, groups, policies and installed roles and functions. We search your client and server networks for known vulnerabilities and network shares with content worth protecting.
Icon

Scope

For an Active Directory pentest, around 8-12 person days are to be calculated, each €1.400 per person day. We prefer to carry out the pentest on site, but are happy to offer the option of remote testing as an alternative.

Pentest of a Web Application

Does your web application process sensitive data or is it business-critical? It does not matter whether it's a proprietary application, a standard CMS or a REST interface: We put your web application to the test!

Sample Report
Web Application
Icon

Scenario

The public accessibility, anonymity and low inhibition threshold makes it particularly attractive for attackers to attack web applications. When pentesting a web application, we reflect the scenario of an attacker who has access to a user account and can make full use of the web application.
Icon

Preparation

We need user access with different authorisation levels. For more reliable testing, it is best to exclude us from dynamic security systems such as web application firewalls.
Icon

Checklist

We look at the following points: Analysis of the web application to determine the attack surface, control of authentication and authorisation, validation of input, examination of the application logic and checking the web server for configuration errors and known vulnerabilities.
Icon

Scope

For smaller websites, we reckon with a cost of 3-5 person days. If it becomes more complex, it is more likely to be 8-10. One person day costs €1.400.

Pentest of External
Infrastructure

What do a web server, a mail server and a VPN gateway have in common? These services are accessible via the internet and the probability of an attack is high. Our goal with external pentests is to find vulnerabilities that real attackers worldwide could also exploit at any time.

Sample Report
External Infrastructure
Icon

Scenario

External IT infrastructures are accessible via the internet and thus an attractive target for attack. In a pentest, we mirror the scenario of a remote attacker who wants to take over company systems from the internet.
Icon

Preparation

We need a list of externally accessible systems that we are allowed to check. For efficient operation, you should also exempt us from dynamic security systems such as web application firewalls.
Icon

Checklist

We start with comprehensive information gathering about the systems using active and passive methods. Based on this information, we check the infrastructure for configuration errors and known vulnerabilities.
Icon

Scope

The effort required depends on the number of systems and the services provided on them. In most cases, around 5-7 person days should be factored in. One person day costs €1.400.

Simulation of a Phishing Attack

Passwords, account data or personal information are often the result of a successful phishing attack. With our simulations, we create sustainable security awareness so that it doesn't even get that far!

Sample Report PhishingMehr erfahren
Icon

Scenario

The human factor is a key factor for a successful IT security strategy of a company. Many phishing attacks are now difficult to detect due to their professional implementation. In a phishing simulation, we test the security awareness of your employees and help them to convict even complex attacks.
Icon

Preparation

We need a list of recipients that we are allowed to attack in the course of the simulation. For smooth processing, you should also exempt us from technical measures, e.g. to block unwanted e-mails.
Icon

Checklist

In a short conversation, you present us with the desired scenario and determine which target group we should consider within the framework of the simulation. We design a customised and realistic campaign and execute it for the defined target group. Key figures and findings are then documented in a report.
Icon

Scope

We cover the expenses with a lump sum. The costs are usually around €4.900€. In the case of a particularly large number of recipients or more complex scenarios, they can sometimes be higher.
6 steps to your pentest

This is how we proceed

1

We gather your requirements

In the course of a scoping call, we define the desired scope and general conditions of the pentest. We agree on what should and should not be tested.

2

We prepare an offer

After we have collected your requirements and requests, we will tailor an offer for you. You will receive it in no time. That's a promise!

3

We clarify all prerequisites

You have chosen Syslifters as your professional pentesting partner? We are very pleased and thank you for your trust! In the course of a kick-off we clarify all preconditions for the execution of the pentest.

4

We provide the best pentest for you

We keep our word and deliver the best pentest. During the test, we stay in constant contact with you and inform you about critical findings, for example. After completion of the tests, we will send you the report in PDF format in a secure format as soon as possible.

5

We discuss the findings

A pentest report can be very comprehensive. We are available to you at any time, even after the test has been carried out, and will be happy to discuss the results with you in detail.

6

We retest for free

It is very important to us that you also work with our report and derive improvement measures from it. That's why we will re-test for you any vulnerabilities that have been remedied, free of charge, if they are remedied within eight weeks!

More about our procedure