Penetration Test

Application penetration test, code review, reverse engineering, ethical hacking and APT test against cyber threats

Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.

ISO 27001 Security Audit

ISO-compliant assessment of your information security landscape

Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.

Incident Response & IT Forensics

Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation

Respond appropriately and effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified IT security and forensics experts.

Security consulting

Security training

Security Officer Services

Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany and 1500+ completed security projects worldwide. Get expert advice from an owner-managed and vendor-independent consultancy with 35+ highly qualified cyber security experts, including certified penetration testers (OPST, OPSA, OSCP, OSCE, GXPN), digital forensics specialists (GCFA, GCFE, GREM), ISO security auditors (ISO 27001 Lead Auditor, ISO 27005 Risk Manager) and dedicated IT security researchers to solve even your most demanding information security challenges. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests / ethical hacking, real-life APT tests and ISO 27001 security audits. In case of emergency, Oneconsult’s incident response & IT forensics team supports you with around-the-clock expert assistance (24 h x 365 days).

Events

11-May-18

18-06-18 / Hacking Day 2018 Digicomp

«Bypass all the things – effective application whitelisting»

Speech by Branch Manager Bern and Senior Penetration Tester Yves Kraft on Hacking Day 2018 at Digicomp Zurich was recorded and will be published in Oeconsult’s youtube channel

11-May-18

14-06-2018 / ZHAW / Data Protection and Data Security Compliance

Data protection – top topic in many board meetings!
Data protection and data security – the topics are not only since GDPR in every mouth. Digitalization and technical developments require a new understanding of data handling. [more information about the event in German]

News & Advisories

18-Apr-18

Advantages of the OSSTMM

OSSTMM – or in words – Open Source Security Testing Methodology Manual
Your advantages when using a de-facto standard for IT security assessments: OSSTMM trainer Yves Kraft’s (Oneconsult Bern) presentation on this topic
[more]

02-Mar-18

Practical questions and answers concerning the GDPR

A report from the sales point of view by Philipp Hauenstein

Oneconsult is a cyber security consulting company. In the last months questions have repeatedly been asked in meetings and telephone conversations about the consequences of the General Data Protection Regulation (GDPR), which applies on May 25, 2018. Is this a report like many others that deal with fear?

No. If you read on here, you’ll find just some questions of our interlocutors and matching answers, that the Oneconsult team can provide at the moment (as of March 2018). [read the German article]

Pen Tester's Diary

15-Jun-18

PowerShell III - Script collections for post-exploitation

by Frank Ully

This is the third article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces publicly available script collections with offensive PowerShell scripts for post-exploitation. [read the German article]

01-Jun-18

PowerShell II - Malicious use of PowerShell

by Frank Ully

This is the second article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article looks at the features that make PowerShell so popular as an attack tool. [read the German article]

Our customers value our expertise and vast project experience of over

Penetration test projects, over 850 of which OSSTMM-compliant

Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.

Security audits, e.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Incident response & IT forensics projects

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.

OSSTMM – Open Source Security Testing Methodology Manual

OWASP – Open Web Application Security Project

ISO 27001 – Information Management Security Systems

Holding

Oneconsult International AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

Tel +41 43 377 22 66
Fax +41 43 377 22 77
info@oneconsult.com

Switzerland

Headquarters
Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil
Switzerland

Tel +41 43 377 22 22
Fax +41 43 377 22 77
info@oneconsult.com

Oneconsult AG
Baerenplatz 7
3011 Bern
Switzerland

Tel +41 31 327 15 15
Fax +41 31 327 15 25
info@oneconsult.com

Germany

Oneconsult Deutschland GmbH
Agnes-Pockels-Bogen 1
80992 Munich
Germany

Tel +49 89 248820 600
Fax +49 89 248820 677
info@oneconsult.com