Penetration Test

Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats

Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.

ISO 27001 Security Audit

ISO-compliant assessment of your information security landscape

Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.

Incident Response & IT Forensics

Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation

Respond appropriately and effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified IT security and forensics experts.

Security consulting

Security training

Security Officer Services

Oneconsult AG is your renowned Swiss cyber security consulting partner with offices in Switzerland and Germany and 1200+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 30+ highly qualified experts, including certified penetration testers (OPST, OPSA, OSCP, GXPN), digital forensics specialists (GCFA, GCFE, GREM), ISO security auditors (ISO 27001 Lead Auditor) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s incident response & IT forensics team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

24-May-17

Das Grundrauschen in unserer Umgebung – Reverse Engineering von Funksignalen mit Software Defined Radio (SDR) (Video Oneconsult Vortrag)

In this talk in German also held at the Digicomp Hacking Day 2017, Yves Kraft (Branch Manager Bern, Senior Penetration Tester & Security Consultant at Oneconsult AG) illustrates how radio signals of everyday objects are analyzed. [more]

12-Apr-17

16.05.2017: Hacking Day 2017 (Digicomp, Zurich) - Oneconsult presentations

At Hacking Day 2017, Oneconsult employees Fabian Gonzalez und Yves Kraft will present three interesting, hands-on topics: “Auswirkungen von physischen Angriffen – DirectMemory-Attacken”, “Switzerland’s next Bug Bounty Hacker «Hands-On»” and “Das Grundrauschen in unserer Umgebung – Reverse Engineering von Funksignalen mit Software Defined Radio”.

News & Advisories

28-Jun-17

NotPetya – So verhalten Sie sich richtig

von Severin Wischmann, Gregor Wegberg & Fabian Gonzalez

This Oneconsult Security Advisory provides hands-on advice on how to behave properly after a NotPetya infection and which security measures can protect you against similar cyber attacks.
[more]

28-Jun-17

Petya Ransomware: Incident Response Support

Since yesterday, the Oneconsult 24/7 incident response & IT forensics team has been helping various clients successfully tackle the current ransomware Petya. Oneconsult’s specialists have analyzed and reverse engineered the malware and its behavior. Please contact our main number +41 43 377 22 22 for first-hand information / tips for immediate action and support.

Pen Tester's Diary

13-Apr-17

Falsch gesetzte User-Berechtigungen: Hacker's Paradise

by Marco Wohler

There are different strategies and means to protect a server or client against attacks from inside or outside. This article in German deals with file and folder rights, since these are often neglected. [more]

21-Dec-16

Trau schau wem – (Un)Sicherheit von signierter Software unter Windows

by Jan Alsenz & Rafael Scheel

This article in German demonstrates how a design security flaw discovered by Oneconsult can be abused in the Microsoft UAC mechanism to allow any scripts and programs to fake a supposedly genuine Microsoft signature.
[more]

Our customers value our expertise and vast project experience of over

Penetration test projects, over 850 of which OSSTMM-compliant

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Incident response & IT forensics projects

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

OSSTMM – Open Source Security Testing Methodology Manual

OWASP – Open Web Application Security Project

ISO 27001 – Information Management Security Systems