Penetration Test
Penetration Test
Application penetration test, code review, reverse engineering and APT test against cyber threats
Proactively protect your web shop, internet banking platform, mobile app, ICS (SCADA / DCS), IoT device or IT infrastructure via penetration test, code review, reverse engineering or APT test by our certified penetration testers and security researchers.
ISO 27001 Security Audit
ISO 27001 Security Audit
ISO-compliant assessment of your information security landscape
Analyze and benchmark your information security level based on international standards (ISO 27001, ISO 27002, SANS 20, IEC 62443, NERC CIP, etc.) to plan your IT budget for security mitigation measures.
Incident Response & IT Forensics
Incident Response & IT Forensics
Fast, professional reaction to cyber attacks and unwanted digital activities plus court-proof investigation
Respond appropriately and effectively to malware infection, hacker attack, fraud, data theft and other criminal or unwanted digital activities with the support of our certified IT security and forensics experts.

Oneconsult AG is a renowned Swiss cyber security consulting company with approx. 30 employees, offices in Switzerland and Germany, a customer base of 300+ organizations and 1200+ completed security projects worldwide. We are your trustworthy partner for a holistic cyber security approach against external and internal threats such as APT, hacker attacks, malware infection, digital fraud and data leakage. Our core services are penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics. To protect your organization and mitigate specific information security risks, Oneconsult also offers practical security consulting, security training and virtual security officer services. We have dedicated IT security researchers and a  large team of certified penetration testers (OPST, OSCP, etc.), digital forensics experts (GCFE, GREM) and ISO security auditors (ISO 27001 Lead Auditor).


16.05.2017: Hacking Day 2017 (Digicomp, Zurich) - Oneconsult presentations

At Hacking Day 2017, Oneconsult employees Fabian Gonzalez und Yves Kraft will present three interesting, hands-on topics: “Auswirkungen von physischen Angriffen – DirectMemory-Attacken”, “Switzerland’s next Bug Bounty Hacker «Hands-On»” and “Das Grundrauschen in unserer Umgebung – Reverse Engineering von Funksignalen mit Software Defined Radio”.

Smart TV Hacking (Video: Oneconsult Talk at EBU Media Cyber Security Seminar)

In this presentation at the Media Cyber Security Seminar of the European Broadcasting Union (EBU), Rafael Scheel (Senior Penetration Tester & Security Researcher at Oneconsult AG) gives an introduction to IoT cyber security and shows in a live hacking demo an attack which allows to remotely takeover bulks of smart TVs over the TV stream signal. [more]

News & Advisories Spionage im Wohnzimmer: Smart-TV sicher nutzen

by Simon Gröflin (PCtipp)

Article with Oneconsult’s practical security tips, how users can protect their Smart TV from unwanted activities. So einfach lassen sich Passwörter cracken

by Jens Stark (Computerworld)

Article on Immanuel Willi’s (Oneconsult AG) workshop: “SIGS (Basel) – Systematic password cracking: smart approaches easily explained”.

Pen Tester's Diary

Falsch gesetzte User-Berechtigungen: Hacker's Paradise

by Marco Wohler

There are different strategies and means to protect a server or client against attacks from inside or outside. This article in German deals with file and folder rights, since these are often neglected. [more]

Trau schau wem – (Un)Sicherheit von signierter Software unter Windows

by Jan Alsenz & Rafael Scheel

This article in German demonstrates how a design security flaw discovered by Oneconsult can be abused in the Microsoft UAC mechanism to allow any scripts and programs to fake a supposedly genuine Microsoft signature.

Our customers value our expertise and vast project experience of over


Penetration test projects, over 850 of which OSSTMM-compliant


Application penetration test projects of banking solutions, online shops, mobile apps, ICS (SCADA/DCS), IoT devices, ERP and CRM solutions, CMS, VoIP systems, etc.


Security auditse.g. according to ISO 27001, ISO 27002, industry specific guidelines (ISO 27015, 27019, 27799, etc.) or SANS Critical Security Controls

Methods and Standards

Our approach is customized to meet our clients’ specific needs as well as based on «best practice». In addition to our own methods, we also rely on industry-proven standards.


Oneconsult AG
Schuetzenstrasse 1
8800 Thalwil

Tel +41 43 377 22 22
Fax +41 43 377 22 77

Oneconsult AG
Baerenplatz 7
3011 Bern

Tel +41 31 327 15 15
Fax +41 31 327 15 25


Subsidiary of Oneconsult AG
Karlstrasse 35
80333 Munich

Tel +49 89 452 35 25 25
Fax +49 89 452 35 21 10