Enhance Your Security Posture

Penetration tests and red team assessments in Stockholm

Order a Test

About Us

At CyberStrike, we provide penetration tests and red team assessments that help organizations understand their security posture and address weaknesses before they can be exploited. Our approach combines thorough testing methodologies with clear communication, ensuring that you receive actionable insights tailored to your specific needs and allowing you to enhance your cybersecurity measures effectively!

CyberStrike Logo

Core Services

We offer two core services, Red Teaming and Penetration Testing. While both are designed to identify vulnerabilities, they differ in approach and scope. A pentest is typically limited to a narrow scope where the objective is to find technical vulnerabilities within that limited scope. Conversely, a red team assessment focuses on a broad scope where the objective is to simulate a real world attack. As such, red teaming focuses not only on the exploitation of technical vulnerabilities but also on avoiding detection and exploiting employees’ behaviors. Ideally, organizations should perform both types of tests.

Red Teaming

Red teaming involves simulating realistic attack scenarios to assess the effectiveness of an organization’s blue team and defensive capabilities. The blue team is typically not informed that a red team exercise is being performed to ensure that their performance is representative and accurate.

The two most common red team scenarios are full-scope and assumed breach. In a full-scope scenario, the red team typically assumes the position of an external adversary where no access has been provided. The goal is then to break into the organization through the external perimeter and compromise a certain objective, typically a domain administrator. In the assumed breach scenario, the red team is provided with some type of initial access, such as a compromised employee’s user account/workstation.

By exposing your organization to red team exercises, you can evaluate how well your defenses would withstand real-world attacks. In addition, red team exercises are also commonly required for compliance with regulatory frameworks such as DORA.

A security professional performing red teaming activities in front of a computer.

Penetration Testing

In a pentest, there is typically a narrow scope, such as a set of servers in an infrastructure test. The objective is to minimize the probability and impact of technical security issues within this scope. Determining the appropriate scope is essential for ensuring regulatory compliance and optimizing the security enhancements derived from the assessment.

Pentests are often required for compliance with regulatory frameworks such as NIS2 or PCI-DSS for companies handling card data and payments. They are also commonly conducted to obtain or maintain an ISO 27001 certification and/or to comply with Article 32 of the GDPR.

Below are examples of popular scopes for pentests that we perform. Note that it is relatively common to combine two of the below examples into one assessment. For example, it is possible to order a test of the office infrastructure together with a WiFi test. It is not uncommon to combine tests as this can ensure that the tester can continue to provide value when blockers arise. Feel free to reach out to us if you need help with scoping.

Web Application & API

In this type of test, we focus on finding vulnerabilities in the backend and frontend components of web applications. Examples of vulnerabilities found include SQL Injection, XSS and Command Injection.

A monitor containing the backend code of a web application.

Mobile Application

When testing mobile applications, we typically test the backend APIs of the mobile app by emulating the app in a controlled environment. Upon request, we can also test the frontend for issues such as insecure data storage, insufficient encryption and deeplink vulnerabilities.

A person using their mobile phone with an overlay of security-related icons.

Infrastructure

Infrastructure testing evaluates the security of internal and/or external network-connected devices. Common vulnerabilities include broken authentication, service misconfiguration and excessive permissions.

A futuristic and minimalist illustration of infrastructure components.

Cloud

A cloud assessment evaluates the security of a cloud infrastructure by identifying issues like configuration errors, insecure storage and broken authorization. Common cloud environments are AWS, Azure and GCP.

Servers with cloud symbols on top and interconnecting lines.

Active Directory

An AD test typically uncovers issues such as excessive privileges, misconfigured group policies and insecure service accounts. Mitigating AD vulnerabilities prevents issues such as privilege escalation, lateral movement and data leaks.

A top down image of a laptop with an overlay of interconnected account icons.

WiFI

In a WiFi pentest, we test your WiFi network for a variety of attacks. For example, this includes checking for vulnerabilities related to password cracking, Pixie-Dust and rogue access points.

A WiFI icon.

Process

Our tests are performed as follows:
Initial contact or intro meeting – A client requests a service.
Scope meeting – A discussion is held with the client to determine the exact scope.
Startup Meeting – A meeting is held during the first day of the testing period.
Testing Activities – The consultant performs the pentest or red team exercise.
Debriefing – Identified vulnerabilities are presented.
Report Delivery – The report is encrypted and sent over email.

Deliverable

Our report is our final product for you. Besides a description of what has been tested, it also contains a list of all identified vulnerabilities. For each vulnerability, we provide a technical background, a description and recommended mitigation steps.

Example Report

Certifications

To ensure the highest quality in our work, we are committed to continuously learning new technologies and attack methods as they evolve. This dedication is reflected in the certifications held by our consultants.

Offensive Security Certified Expert 3
Offensive Security Web Expert
Offensive Security Experienced Pentester
Offensive Security Exploit Developer
Offensive Security Certified Professional
Offensive Security Wireless Professional
Amazon Web Services Certified Security Speciality
Amazon Web Services Certified Cloud Practitioner
Microsoft Certified: Azure Security Engineer Associate

Contact Us

If you are interested in our services or need guidance, feel free to email, call or submit a message using the form below. We will get back to you as soon as possible.

Email

info@cyberstrike.se

Phone

070-764 77 81, Thomas Peterson

Address

Kolonnvägen 2, 16975, Solna

Contact Form

First Name
Email
Message
The form has been submitted successfully!
There has been some error while submitting the form. Please verify all form fields again.

CyberStrike

Test What Matters

Scroll to Top